istio

extended-td-aliases-source-principal-out.yaml

37 строк · 1.2 Кб

Перенос по словам

1
name: envoy.filters.http.rbac
2
typedConfig:
3
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4
  rules:
5
    policies:
6
      ns[foo]-policy[httpbin]-rule[0]:
7
        permissions:
8
        - andRules:
9
            rules:
10
            - any: true
11
        principals:
12
        - andIds:
13
            ids:
14
            - orIds:
15
                ids:
16
                - authenticated:
17
                    principalName:
18
                      safeRegex:
19
                        regex: .*/ns/istio-system/.*
20
            - orIds:
21
                ids:
22
                - authenticated:
23
                    principalName:
24
                      safeRegex:
25
                        regex: .+
26
                - authenticated:
27
                    principalName:
28
                      safeRegex:
29
                        regex: spiffe://.*/ns/foo/sa/all-td
30
                - authenticated:
31
                    principalName:
32
                      safeRegex:
33
                        regex: spiffe://.*-td/ns/foo/sa/prefix-td
34
                - authenticated:
35
                    principalName:
36
                      exact: spiffe://some-trustdomain/ns/foo/sa/prefix-td
37
  shadowRulesStatPrefix: istio_dry_run_allow_
38

istio

Использование cookies