/
envoy.istio
/
istio
GigaCode
beta
ОбзорЦентр заботыВойти

istio

Форк
0
Ветки: 75Коммиты: 22559Теги: 336
istio
/pilot
/pkg
/security
/authz
/builder
/testdata
/http
/
extended-allow-full-rule-out.yaml 
1019 строк · 36.5 Кб
1
name: envoy.filters.http.rbac
2
typedConfig:
3
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4
  rules:
5
    policies:
6
      ns[foo]-policy[httpbin-1]-rule[0]:
7
        permissions:
8
        - andRules:
9
            rules:
10
            - orRules:
11
                rules:
12
                - header:
13
                    name: :authority
14
                    stringMatch:
15
                      exact: exact.com
16
                      ignoreCase: true
17
                - header:
18
                    name: :authority
19
                    stringMatch:
20
                      ignoreCase: true
21
                      suffix: .suffix.com
22
                - header:
23
                    name: :authority
24
                    stringMatch:
25
                      ignoreCase: true
26
                      prefix: prefix.
27
                - header:
28
                    name: :authority
29
                    presentMatch: true
30
            - notRule:
31
                orRules:
32
                  rules:
33
                  - header:
34
                      name: :authority
35
                      stringMatch:
36
                        exact: not-exact.com
37
                        ignoreCase: true
38
                  - header:
39
                      name: :authority
40
                      stringMatch:
41
                        ignoreCase: true
42
                        suffix: .not-suffix.com
43
                  - header:
44
                      name: :authority
45
                      stringMatch:
46
                        ignoreCase: true
47
                        prefix: not-prefix.
48
                  - header:
49
                      name: :authority
50
                      presentMatch: true
51
            - orRules:
52
                rules:
53
                - header:
54
                    name: :method
55
                    stringMatch:
56
                      exact: method
57
                - header:
58
                    name: :method
59
                    stringMatch:
60
                      prefix: method-prefix-
61
                - header:
62
                    name: :method
63
                    stringMatch:
64
                      suffix: -suffix-method
65
                - header:
66
                    name: :method
67
                    presentMatch: true
68
            - notRule:
69
                orRules:
70
                  rules:
71
                  - header:
72
                      name: :method
73
                      stringMatch:
74
                        exact: not-method
75
                  - header:
76
                      name: :method
77
                      stringMatch:
78
                        prefix: not-method-prefix-
79
                  - header:
80
                      name: :method
81
                      stringMatch:
82
                        suffix: -not-suffix-method
83
                  - header:
84
                      name: :method
85
                      presentMatch: true
86
            - orRules:
87
                rules:
88
                - urlPath:
89
                    path:
90
                      exact: /exact
91
                - urlPath:
92
                    path:
93
                      prefix: /prefix/
94
                - urlPath:
95
                    path:
96
                      suffix: /suffix
97
                - urlPath:
98
                    path:
99
                      safeRegex:
100
                        regex: .+
101
            - notRule:
102
                orRules:
103
                  rules:
104
                  - urlPath:
105
                      path:
106
                        exact: /not-exact
107
                  - urlPath:
108
                      path:
109
                        prefix: /not-prefix/
110
                  - urlPath:
111
                      path:
112
                        suffix: /not-suffix
113
                  - urlPath:
114
                      path:
115
                        safeRegex:
116
                          regex: .+
117
            - orRules:
118
                rules:
119
                - destinationPort: 80
120
                - destinationPort: 90
121
            - notRule:
122
                orRules:
123
                  rules:
124
                  - destinationPort: 8000
125
                  - destinationPort: 9000
126
            - orRules:
127
                rules:
128
                - destinationIp:
129
                    addressPrefix: 10.10.10.10
130
                    prefixLen: 32
131
                - destinationIp:
132
                    addressPrefix: 192.168.10.0
133
                    prefixLen: 24
134
            - notRule:
135
                orRules:
136
                  rules:
137
                  - destinationIp:
138
                      addressPrefix: 90.10.10.10
139
                      prefixLen: 32
140
                  - destinationIp:
141
                      addressPrefix: 90.168.10.0
142
                      prefixLen: 24
143
            - orRules:
144
                rules:
145
                - destinationPort: 91
146
                - destinationPort: 92
147
            - notRule:
148
                orRules:
149
                  rules:
150
                  - destinationPort: 9001
151
                  - destinationPort: 9002
152
            - orRules:
153
                rules:
154
                - requestedServerName:
155
                    exact: exact.com
156
                - requestedServerName:
157
                    suffix: .suffix.com
158
                - requestedServerName:
159
                    prefix: prefix.
160
                - requestedServerName:
161
                    safeRegex:
162
                      regex: .+
163
            - notRule:
164
                orRules:
165
                  rules:
166
                  - requestedServerName:
167
                      exact: not-exact.com
168
                  - requestedServerName:
169
                      suffix: .not-suffix.com
170
                  - requestedServerName:
171
                      prefix: not-prefix.
172
                  - requestedServerName:
173
                      safeRegex:
174
                        regex: .+
175
            - metadata:
176
                filter: envoy.filters.a.b
177
                path:
178
                - key: c
179
                value:
180
                  orMatch:
181
                    valueMatchers:
182
                    - stringMatch:
183
                        exact: exact
184
                    - stringMatch:
185
                        prefix: prefix-
186
                    - stringMatch:
187
                        suffix: -suffix
188
                    - stringMatch:
189
                        safeRegex:
190
                          regex: .+
191
            - notRule:
192
                metadata:
193
                  filter: envoy.filters.a.b
194
                  path:
195
                  - key: c
196
                  value:
197
                    orMatch:
198
                      valueMatchers:
199
                      - stringMatch:
200
                          exact: not-exact
201
                      - stringMatch:
202
                          prefix: not-prefix-
203
                      - stringMatch:
204
                          suffix: -not-suffix
205
                      - stringMatch:
206
                          safeRegex:
207
                            regex: .+
208
        principals:
209
        - andIds:
210
            ids:
211
            - orIds:
212
                ids:
213
                - authenticated:
214
                    principalName:
215
                      exact: spiffe://principal
216
                - authenticated:
217
                    principalName:
218
                      prefix: spiffe://principal-prefix-
219
                - authenticated:
220
                    principalName:
221
                      safeRegex:
222
                        regex: spiffe://.*-suffix-principal
223
                - authenticated:
224
                    principalName:
225
                      safeRegex:
226
                        regex: .+
227
            - notId:
228
                orIds:
229
                  ids:
230
                  - authenticated:
231
                      principalName:
232
                        exact: spiffe://not-principal
233
                  - authenticated:
234
                      principalName:
235
                        prefix: spiffe://not-principal-prefix-
236
                  - authenticated:
237
                      principalName:
238
                        safeRegex:
239
                          regex: spiffe://.*-not-suffix-principal
240
                  - authenticated:
241
                      principalName:
242
                        safeRegex:
243
                          regex: .+
244
            - orIds:
245
                ids:
246
                - andIds:
247
                    ids:
248
                    - metadata:
249
                        filter: envoy.filters.http.jwt_authn
250
                        path:
251
                        - key: payload
252
                        - key: iss
253
                        value:
254
                          stringMatch:
255
                            exact: requestPrincipals
256
                    - metadata:
257
                        filter: envoy.filters.http.jwt_authn
258
                        path:
259
                        - key: payload
260
                        - key: sub
261
                        value:
262
                          stringMatch:
263
                            exact: ""
264
                - andIds:
265
                    ids:
266
                    - metadata:
267
                        filter: envoy.filters.http.jwt_authn
268
                        path:
269
                        - key: payload
270
                        - key: iss
271
                        value:
272
                          stringMatch:
273
                            prefix: requestPrincipals-prefix-
274
                    - metadata:
275
                        filter: envoy.filters.http.jwt_authn
276
                        path:
277
                        - key: payload
278
                        - key: sub
279
                        value:
280
                          stringMatch:
281
                            safeRegex:
282
                              regex: .+
283
                - andIds:
284
                    ids:
285
                    - metadata:
286
                        filter: envoy.filters.http.jwt_authn
287
                        path:
288
                        - key: payload
289
                        - key: iss
290
                        value:
291
                          stringMatch:
292
                            safeRegex:
293
                              regex: .+
294
                    - metadata:
295
                        filter: envoy.filters.http.jwt_authn
296
                        path:
297
                        - key: payload
298
                        - key: sub
299
                        value:
300
                          stringMatch:
301
                            suffix: -suffix-requestPrincipals
302
                - andIds:
303
                    ids:
304
                    - metadata:
305
                        filter: envoy.filters.http.jwt_authn
306
                        path:
307
                        - key: payload
308
                        - key: iss
309
                        value:
310
                          stringMatch:
311
                            safeRegex:
312
                              regex: .+
313
                    - metadata:
314
                        filter: envoy.filters.http.jwt_authn
315
                        path:
316
                        - key: payload
317
                        - key: sub
318
                        value:
319
                          stringMatch:
320
                            safeRegex:
321
                              regex: .+
322
            - notId:
323
                orIds:
324
                  ids:
325
                  - andIds:
326
                      ids:
327
                      - metadata:
328
                          filter: envoy.filters.http.jwt_authn
329
                          path:
330
                          - key: payload
331
                          - key: iss
332
                          value:
333
                            stringMatch:
334
                              exact: not-requestPrincipals
335
                      - metadata:
336
                          filter: envoy.filters.http.jwt_authn
337
                          path:
338
                          - key: payload
339
                          - key: sub
340
                          value:
341
                            stringMatch:
342
                              exact: ""
343
                  - andIds:
344
                      ids:
345
                      - metadata:
346
                          filter: envoy.filters.http.jwt_authn
347
                          path:
348
                          - key: payload
349
                          - key: iss
350
                          value:
351
                            stringMatch:
352
                              prefix: not-requestPrincipals-prefix-
353
                      - metadata:
354
                          filter: envoy.filters.http.jwt_authn
355
                          path:
356
                          - key: payload
357
                          - key: sub
358
                          value:
359
                            stringMatch:
360
                              safeRegex:
361
                                regex: .+
362
                  - andIds:
363
                      ids:
364
                      - metadata:
365
                          filter: envoy.filters.http.jwt_authn
366
                          path:
367
                          - key: payload
368
                          - key: iss
369
                          value:
370
                            stringMatch:
371
                              safeRegex:
372
                                regex: .+
373
                      - metadata:
374
                          filter: envoy.filters.http.jwt_authn
375
                          path:
376
                          - key: payload
377
                          - key: sub
378
                          value:
379
                            stringMatch:
380
                              suffix: -not-suffix-requestPrincipals
381
                  - andIds:
382
                      ids:
383
                      - metadata:
384
                          filter: envoy.filters.http.jwt_authn
385
                          path:
386
                          - key: payload
387
                          - key: iss
388
                          value:
389
                            stringMatch:
390
                              safeRegex:
391
                                regex: .+
392
                      - metadata:
393
                          filter: envoy.filters.http.jwt_authn
394
                          path:
395
                          - key: payload
396
                          - key: sub
397
                          value:
398
                            stringMatch:
399
                              safeRegex:
400
                                regex: .+
401
            - orIds:
402
                ids:
403
                - authenticated:
404
                    principalName:
405
                      safeRegex:
406
                        regex: .*/ns/ns/.*
407
                - authenticated:
408
                    principalName:
409
                      safeRegex:
410
                        regex: .*/ns/ns-prefix-.*/.*
411
                - authenticated:
412
                    principalName:
413
                      safeRegex:
414
                        regex: .*/ns/.*-ns-suffix/.*
415
                - authenticated:
416
                    principalName:
417
                      safeRegex:
418
                        regex: .*/ns/.*/.*
419
            - notId:
420
                orIds:
421
                  ids:
422
                  - authenticated:
423
                      principalName:
424
                        safeRegex:
425
                          regex: .*/ns/not-ns/.*
426
                  - authenticated:
427
                      principalName:
428
                        safeRegex:
429
                          regex: .*/ns/not-ns-prefix-.*/.*
430
                  - authenticated:
431
                      principalName:
432
                        safeRegex:
433
                          regex: .*/ns/.*-not-ns-suffix/.*
434
                  - authenticated:
435
                      principalName:
436
                        safeRegex:
437
                          regex: .*/ns/.*/.*
438
            - orIds:
439
                ids:
440
                - remoteIp:
441
                    addressPrefix: 1.2.3.4
442
                    prefixLen: 32
443
                - remoteIp:
444
                    addressPrefix: 5.6.0.0
445
                    prefixLen: 16
446
            - notId:
447
                orIds:
448
                  ids:
449
                  - remoteIp:
450
                      addressPrefix: 9.0.0.1
451
                      prefixLen: 32
452
                  - remoteIp:
453
                      addressPrefix: 9.2.0.0
454
                      prefixLen: 16
455
            - orIds:
456
                ids:
457
                - directRemoteIp:
458
                    addressPrefix: 1.2.3.4
459
                    prefixLen: 32
460
                - directRemoteIp:
461
                    addressPrefix: 5.6.0.0
462
                    prefixLen: 16
463
            - notId:
464
                orIds:
465
                  ids:
466
                  - directRemoteIp:
467
                      addressPrefix: 9.0.0.1
468
                      prefixLen: 32
469
                  - directRemoteIp:
470
                      addressPrefix: 9.2.0.0
471
                      prefixLen: 16
472
            - orIds:
473
                ids:
474
                - header:
475
                    name: X-header
476
                    stringMatch:
477
                      exact: header
478
                - header:
479
                    name: X-header
480
                    stringMatch:
481
                      prefix: header-prefix-
482
                - header:
483
                    name: X-header
484
                    stringMatch:
485
                      suffix: -suffix-header
486
                - header:
487
                    name: X-header
488
                    presentMatch: true
489
            - notId:
490
                orIds:
491
                  ids:
492
                  - header:
493
                      name: X-header
494
                      stringMatch:
495
                        exact: not-header
496
                  - header:
497
                      name: X-header
498
                      stringMatch:
499
                        prefix: not-header-prefix-
500
                  - header:
501
                      name: X-header
502
                      stringMatch:
503
                        suffix: -not-suffix-header
504
                  - header:
505
                      name: X-header
506
                      presentMatch: true
507
            - orIds:
508
                ids:
509
                - directRemoteIp:
510
                    addressPrefix: 10.10.10.10
511
                    prefixLen: 32
512
                - directRemoteIp:
513
                    addressPrefix: 192.168.10.0
514
                    prefixLen: 24
515
            - notId:
516
                orIds:
517
                  ids:
518
                  - directRemoteIp:
519
                      addressPrefix: 90.10.10.10
520
                      prefixLen: 32
521
                  - directRemoteIp:
522
                      addressPrefix: 90.168.10.0
523
                      prefixLen: 24
524
            - orIds:
525
                ids:
526
                - remoteIp:
527
                    addressPrefix: 10.10.10.10
528
                    prefixLen: 32
529
                - remoteIp:
530
                    addressPrefix: 192.168.10.0
531
                    prefixLen: 24
532
            - notId:
533
                orIds:
534
                  ids:
535
                  - remoteIp:
536
                      addressPrefix: 90.10.10.10
537
                      prefixLen: 32
538
                  - remoteIp:
539
                      addressPrefix: 90.168.10.0
540
                      prefixLen: 24
541
            - orIds:
542
                ids:
543
                - authenticated:
544
                    principalName:
545
                      safeRegex:
546
                        regex: .*/ns/ns/.*
547
                - authenticated:
548
                    principalName:
549
                      safeRegex:
550
                        regex: .*/ns/ns-prefix-.*/.*
551
                - authenticated:
552
                    principalName:
553
                      safeRegex:
554
                        regex: .*/ns/.*-ns-suffix/.*
555
                - authenticated:
556
                    principalName:
557
                      safeRegex:
558
                        regex: .*/ns/.*/.*
559
            - notId:
560
                orIds:
561
                  ids:
562
                  - authenticated:
563
                      principalName:
564
                        safeRegex:
565
                          regex: .*/ns/not-ns/.*
566
                  - authenticated:
567
                      principalName:
568
                        safeRegex:
569
                          regex: .*/ns/not-ns-prefix-.*/.*
570
                  - authenticated:
571
                      principalName:
572
                        safeRegex:
573
                          regex: .*/ns/.*-not-ns-suffix/.*
574
                  - authenticated:
575
                      principalName:
576
                        safeRegex:
577
                          regex: .*/ns/.*/.*
578
            - orIds:
579
                ids:
580
                - authenticated:
581
                    principalName:
582
                      exact: spiffe://principal
583
                - authenticated:
584
                    principalName:
585
                      prefix: spiffe://principal-prefix-
586
                - authenticated:
587
                    principalName:
588
                      safeRegex:
589
                        regex: spiffe://.*-suffix-principal
590
                - authenticated:
591
                    principalName:
592
                      safeRegex:
593
                        regex: .+
594
            - notId:
595
                orIds:
596
                  ids:
597
                  - authenticated:
598
                      principalName:
599
                        exact: spiffe://not-principal
600
                  - authenticated:
601
                      principalName:
602
                        prefix: spiffe://not-principal-prefix-
603
                  - authenticated:
604
                      principalName:
605
                        safeRegex:
606
                          regex: spiffe://.*-not-suffix-principal
607
                  - authenticated:
608
                      principalName:
609
                        safeRegex:
610
                          regex: .+
611
            - orIds:
612
                ids:
613
                - andIds:
614
                    ids:
615
                    - metadata:
616
                        filter: envoy.filters.http.jwt_authn
617
                        path:
618
                        - key: payload
619
                        - key: iss
620
                        value:
621
                          stringMatch:
622
                            exact: requestPrincipals
623
                    - metadata:
624
                        filter: envoy.filters.http.jwt_authn
625
                        path:
626
                        - key: payload
627
                        - key: sub
628
                        value:
629
                          stringMatch:
630
                            exact: ""
631
                - andIds:
632
                    ids:
633
                    - metadata:
634
                        filter: envoy.filters.http.jwt_authn
635
                        path:
636
                        - key: payload
637
                        - key: iss
638
                        value:
639
                          stringMatch:
640
                            prefix: requestPrincipals-prefix-
641
                    - metadata:
642
                        filter: envoy.filters.http.jwt_authn
643
                        path:
644
                        - key: payload
645
                        - key: sub
646
                        value:
647
                          stringMatch:
648
                            safeRegex:
649
                              regex: .+
650
                - andIds:
651
                    ids:
652
                    - metadata:
653
                        filter: envoy.filters.http.jwt_authn
654
                        path:
655
                        - key: payload
656
                        - key: iss
657
                        value:
658
                          stringMatch:
659
                            safeRegex:
660
                              regex: .+
661
                    - metadata:
662
                        filter: envoy.filters.http.jwt_authn
663
                        path:
664
                        - key: payload
665
                        - key: sub
666
                        value:
667
                          stringMatch:
668
                            suffix: -suffix-requestPrincipals
669
                - andIds:
670
                    ids:
671
                    - metadata:
672
                        filter: envoy.filters.http.jwt_authn
673
                        path:
674
                        - key: payload
675
                        - key: iss
676
                        value:
677
                          stringMatch:
678
                            safeRegex:
679
                              regex: .+
680
                    - metadata:
681
                        filter: envoy.filters.http.jwt_authn
682
                        path:
683
                        - key: payload
684
                        - key: sub
685
                        value:
686
                          stringMatch:
687
                            safeRegex:
688
                              regex: .+
689
                - andIds:
690
                    ids:
691
                    - metadata:
692
                        filter: envoy.filters.http.jwt_authn
693
                        path:
694
                        - key: payload
695
                        - key: iss
696
                        value:
697
                          stringMatch:
698
                            exact: https://example.com
699
                    - metadata:
700
                        filter: envoy.filters.http.jwt_authn
701
                        path:
702
                        - key: payload
703
                        - key: sub
704
                        value:
705
                          stringMatch:
706
                            safeRegex:
707
                              regex: .+
708
            - notId:
709
                orIds:
710
                  ids:
711
                  - andIds:
712
                      ids:
713
                      - metadata:
714
                          filter: envoy.filters.http.jwt_authn
715
                          path:
716
                          - key: payload
717
                          - key: iss
718
                          value:
719
                            stringMatch:
720
                              exact: not-requestPrincipals
721
                      - metadata:
722
                          filter: envoy.filters.http.jwt_authn
723
                          path:
724
                          - key: payload
725
                          - key: sub
726
                          value:
727
                            stringMatch:
728
                              exact: ""
729
                  - andIds:
730
                      ids:
731
                      - metadata:
732
                          filter: envoy.filters.http.jwt_authn
733
                          path:
734
                          - key: payload
735
                          - key: iss
736
                          value:
737
                            stringMatch:
738
                              prefix: not-requestPrincipals-prefix-
739
                      - metadata:
740
                          filter: envoy.filters.http.jwt_authn
741
                          path:
742
                          - key: payload
743
                          - key: sub
744
                          value:
745
                            stringMatch:
746
                              safeRegex:
747
                                regex: .+
748
                  - andIds:
749
                      ids:
750
                      - metadata:
751
                          filter: envoy.filters.http.jwt_authn
752
                          path:
753
                          - key: payload
754
                          - key: iss
755
                          value:
756
                            stringMatch:
757
                              safeRegex:
758
                                regex: .+
759
                      - metadata:
760
                          filter: envoy.filters.http.jwt_authn
761
                          path:
762
                          - key: payload
763
                          - key: sub
764
                          value:
765
                            stringMatch:
766
                              suffix: -not-suffix-requestPrincipals
767
                  - andIds:
768
                      ids:
769
                      - metadata:
770
                          filter: envoy.filters.http.jwt_authn
771
                          path:
772
                          - key: payload
773
                          - key: iss
774
                          value:
775
                            stringMatch:
776
                              safeRegex:
777
                                regex: .+
778
                      - metadata:
779
                          filter: envoy.filters.http.jwt_authn
780
                          path:
781
                          - key: payload
782
                          - key: sub
783
                          value:
784
                            stringMatch:
785
                              safeRegex:
786
                                regex: .+
787
            - metadata:
788
                filter: envoy.filters.http.jwt_authn
789
                path:
790
                - key: payload
791
                - key: aud
792
                value:
793
                  orMatch:
794
                    valueMatchers:
795
                    - stringMatch:
796
                        exact: audiences
797
                    - stringMatch:
798
                        prefix: audiences-prefix-
799
                    - stringMatch:
800
                        suffix: -suffix-audiences
801
                    - stringMatch:
802
                        safeRegex:
803
                          regex: .+
804
            - notId:
805
                metadata:
806
                  filter: envoy.filters.http.jwt_authn
807
                  path:
808
                  - key: payload
809
                  - key: aud
810
                  value:
811
                    orMatch:
812
                      valueMatchers:
813
                      - stringMatch:
814
                          exact: not-audiences
815
                      - stringMatch:
816
                          prefix: not-audiences-prefix-
817
                      - stringMatch:
818
                          suffix: -not-suffix-audiences
819
                      - stringMatch:
820
                          safeRegex:
821
                            regex: .+
822
            - metadata:
823
                filter: envoy.filters.http.jwt_authn
824
                path:
825
                - key: payload
826
                - key: azp
827
                value:
828
                  orMatch:
829
                    valueMatchers:
830
                    - listMatch:
831
                        oneOf:
832
                          orMatch:
833
                            valueMatchers:
834
                            - stringMatch:
835
                                exact: presenter
836
                            - stringMatch:
837
                                prefix: presenter-prefix-
838
                            - stringMatch:
839
                                suffix: -suffix-presenter
840
                            - stringMatch:
841
                                safeRegex:
842
                                  regex: .+
843
                    - orMatch:
844
                        valueMatchers:
845
                        - stringMatch:
846
                            exact: presenter
847
                        - stringMatch:
848
                            prefix: presenter-prefix-
849
                        - stringMatch:
850
                            suffix: -suffix-presenter
851
                        - stringMatch:
852
                            safeRegex:
853
                              regex: .+
854
            - notId:
855
                metadata:
856
                  filter: envoy.filters.http.jwt_authn
857
                  path:
858
                  - key: payload
859
                  - key: azp
860
                  value:
861
                    orMatch:
862
                      valueMatchers:
863
                      - listMatch:
864
                          oneOf:
865
                            orMatch:
866
                              valueMatchers:
867
                              - stringMatch:
868
                                  exact: not-presenter
869
                              - stringMatch:
870
                                  prefix: not-presenter-prefix-
871
                              - stringMatch:
872
                                  suffix: -not-suffix-presenter
873
                              - stringMatch:
874
                                  safeRegex:
875
                                    regex: .+
876
                      - orMatch:
877
                          valueMatchers:
878
                          - stringMatch:
879
                              exact: not-presenter
880
                          - stringMatch:
881
                              prefix: not-presenter-prefix-
882
                          - stringMatch:
883
                              suffix: -not-suffix-presenter
884
                          - stringMatch:
885
                              safeRegex:
886
                                regex: .+
887
            - metadata:
888
                filter: envoy.filters.http.jwt_authn
889
                path:
890
                - key: payload
891
                - key: iss
892
                value:
893
                  orMatch:
894
                    valueMatchers:
895
                    - listMatch:
896
                        oneOf:
897
                          orMatch:
898
                            valueMatchers:
899
                            - stringMatch:
900
                                exact: iss
901
                            - stringMatch:
902
                                prefix: iss-prefix-
903
                            - stringMatch:
904
                                suffix: -suffix-iss
905
                            - stringMatch:
906
                                safeRegex:
907
                                  regex: .+
908
                    - orMatch:
909
                        valueMatchers:
910
                        - stringMatch:
911
                            exact: iss
912
                        - stringMatch:
913
                            prefix: iss-prefix-
914
                        - stringMatch:
915
                            suffix: -suffix-iss
916
                        - stringMatch:
917
                            safeRegex:
918
                              regex: .+
919
            - notId:
920
                metadata:
921
                  filter: envoy.filters.http.jwt_authn
922
                  path:
923
                  - key: payload
924
                  - key: iss
925
                  value:
926
                    orMatch:
927
                      valueMatchers:
928
                      - listMatch:
929
                          oneOf:
930
                            orMatch:
931
                              valueMatchers:
932
                              - stringMatch:
933
                                  exact: not-iss
934
                              - stringMatch:
935
                                  prefix: not-iss-prefix-
936
                              - stringMatch:
937
                                  suffix: -not-suffix-iss
938
                              - stringMatch:
939
                                  safeRegex:
940
                                    regex: .+
941
                      - orMatch:
942
                          valueMatchers:
943
                          - stringMatch:
944
                              exact: not-iss
945
                          - stringMatch:
946
                              prefix: not-iss-prefix-
947
                          - stringMatch:
948
                              suffix: -not-suffix-iss
949
                          - stringMatch:
950
                              safeRegex:
951
                                regex: .+
952
            - metadata:
953
                filter: envoy.filters.http.jwt_authn
954
                path:
955
                - key: payload
956
                - key: nested1
957
                - key: nested2
958
                value:
959
                  orMatch:
960
                    valueMatchers:
961
                    - listMatch:
962
                        oneOf:
963
                          orMatch:
964
                            valueMatchers:
965
                            - stringMatch:
966
                                exact: nested
967
                            - stringMatch:
968
                                prefix: nested-prefix-
969
                            - stringMatch:
970
                                suffix: -suffix-nested
971
                            - stringMatch:
972
                                safeRegex:
973
                                  regex: .+
974
                    - orMatch:
975
                        valueMatchers:
976
                        - stringMatch:
977
                            exact: nested
978
                        - stringMatch:
979
                            prefix: nested-prefix-
980
                        - stringMatch:
981
                            suffix: -suffix-nested
982
                        - stringMatch:
983
                            safeRegex:
984
                              regex: .+
985
            - notId:
986
                metadata:
987
                  filter: envoy.filters.http.jwt_authn
988
                  path:
989
                  - key: payload
990
                  - key: nested1
991
                  - key: nested2
992
                  value:
993
                    orMatch:
994
                      valueMatchers:
995
                      - listMatch:
996
                          oneOf:
997
                            orMatch:
998
                              valueMatchers:
999
                              - stringMatch:
1000
                                  exact: not-nested
1001
                              - stringMatch:
1002
                                  prefix: not-nested-prefix-
1003
                              - stringMatch:
1004
                                  suffix: -not-suffix-nested
1005
                              - stringMatch:
1006
                                  safeRegex:
1007
                                    regex: .+
1008
                      - orMatch:
1009
                          valueMatchers:
1010
                          - stringMatch:
1011
                              exact: not-nested
1012
                          - stringMatch:
1013
                              prefix: not-nested-prefix-
1014
                          - stringMatch:
1015
                              suffix: -not-suffix-nested
1016
                          - stringMatch:
1017
                              safeRegex:
1018
                                regex: .+
1019
  shadowRulesStatPrefix: istio_dry_run_allow_
1020

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.