istio
63 строки · 1.6 Кб
1name: envoy.filters.http.ext_authz
2typedConfig:
3'@type': type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
4allowedHeaders:
5patterns:
6- exact: x-custom-id
7ignoreCase: true
8- ignoreCase: true
9prefix: x-prefix-
10- ignoreCase: true
11suffix: -suffix
12failureModeAllow: true
13filterEnabledMetadata:
14filter: envoy.filters.http.rbac
15path:
16- key: istio_ext_authz_shadow_effective_policy_id
17value:
18stringMatch:
19prefix: istio-ext-authz
20httpService:
21authorizationRequest:
22headersToAdd:
23- key: x-header-1
24value: value-1
25- key: x-header-2
26value: value-2
27authorizationResponse:
28allowedClientHeaders:
29patterns:
30- exact: Set-cookie
31ignoreCase: true
32- ignoreCase: true
33prefix: x-prefix-
34- ignoreCase: true
35suffix: -suffix
36allowedClientHeadersOnSuccess:
37patterns:
38- exact: Set-cookie
39ignoreCase: true
40- ignoreCase: true
41prefix: x-prefix-
42- ignoreCase: true
43suffix: -suffix
44allowedUpstreamHeaders:
45patterns:
46- exact: Authorization
47ignoreCase: true
48- ignoreCase: true
49prefix: x-prefix-
50- ignoreCase: true
51suffix: -suffix
52pathPrefix: /check
53serverUri:
54cluster: outbound|9000||my-custom-ext-authz.foo.svc.cluster.local
55timeout: 10s
56uri: http://my-custom-ext-authz.foo.svc.cluster.local
57statusOnError:
58code: Forbidden
59transportApiVersion: V3
60withRequestBody:
61allowPartialMessage: true
62maxRequestBytes: 2048
63packAsBytes: true
64