istio

extended-simple-policy-multiple-td-aliases-out.yaml
53 строки · 2.0 Кб
Перенос по словам
1
name: envoy.filters.http.rbac
2
typedConfig:
3
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4
  rules:
5
    policies:
6
      ns[foo]-policy[httpbin]-rule[0]:
7
        permissions:
8
        - andRules:
9
            rules:
10
            - any: true
11
        principals:
12
        - andIds:
13
            ids:
14
            - orIds:
15
                ids:
16
                - authenticated:
17
                    principalName:
18
                      exact: spiffe://td1/ns/rule[0]/sa/from[0]-principal[0]
19
                - authenticated:
20
                    principalName:
21
                      exact: spiffe://cluster.local/ns/rule[0]/sa/from[0]-principal[0]
22
                - authenticated:
23
                    principalName:
24
                      exact: spiffe://some-td/ns/rule[0]/sa/from[0]-principal[0]
25
        - andIds:
26
            ids:
27
            - orIds:
28
                ids:
29
                - authenticated:
30
                    principalName:
31
                      exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[0]
32
                - authenticated:
33
                    principalName:
34
                      exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[0]
35
                - authenticated:
36
                    principalName:
37
                      exact: spiffe://some-td/ns/rule[0]/sa/from[1]-principal[0]
38
                - authenticated:
39
                    principalName:
40
                      exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[1]
41
                - authenticated:
42
                    principalName:
43
                      exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[1]
44
                - authenticated:
45
                    principalName:
46
                      exact: spiffe://some-td/ns/rule[0]/sa/from[1]-principal[1]
47
            - orIds:
48
                ids:
49
                - authenticated:
50
                    principalName:
51
                      safeRegex:
52
                        regex: .*/ns/rule[0]-from[1]-ns[0]/.*
53
  shadowRulesStatPrefix: istio_dry_run_allow_
54
istio

Использование cookies
