/
envoy.istio
/
istio
GigaCode
beta
ОбзорЦентр заботыВойти

istio

Форк
0
Ветки: 75Коммиты: 22559Теги: 336
istio
/pilot
/pkg
/security
/authz
/builder
/testdata
/http
/
multiple-policies-out.yaml 
164 строки · 4.5 Кб
1
name: envoy.filters.http.rbac
2
typedConfig:
3
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4
  rules:
5
    policies:
6
      ns[foo]-policy[httpbin-1]-rule[0]:
7
        permissions:
8
        - andRules:
9
            rules:
10
            - orRules:
11
                rules:
12
                - header:
13
                    name: :method
14
                    stringMatch:
15
                      exact: GET
16
                - header:
17
                    name: :method
18
                    stringMatch:
19
                      exact: POST
20
        principals:
21
        - andIds:
22
            ids:
23
            - any: true
24
      ns[foo]-policy[httpbin-2]-rule[0]:
25
        permissions:
26
        - andRules:
27
            rules:
28
            - orRules:
29
                rules:
30
                - urlPath:
31
                    path:
32
                      exact: /v1
33
                - urlPath:
34
                    path:
35
                      exact: /v2
36
        principals:
37
        - andIds:
38
            ids:
39
            - any: true
40
      ns[foo]-policy[httpbin-3]-rule[0]:
41
        permissions:
42
        - andRules:
43
            rules:
44
            - orRules:
45
                rules:
46
                - header:
47
                    name: :authority
48
                    stringMatch:
49
                      exact: google.com
50
                      ignoreCase: true
51
                - header:
52
                    name: :authority
53
                    stringMatch:
54
                      exact: httpbin.org
55
                      ignoreCase: true
56
        principals:
57
        - andIds:
58
            ids:
59
            - any: true
60
      ns[foo]-policy[httpbin-4]-rule[0]:
61
        permissions:
62
        - andRules:
63
            rules:
64
            - orRules:
65
                rules:
66
                - destinationPort: 80
67
                - destinationPort: 90
68
        principals:
69
        - andIds:
70
            ids:
71
            - any: true
72
      ns[foo]-policy[httpbin-5]-rule[0]:
73
        permissions:
74
        - andRules:
75
            rules:
76
            - any: true
77
        principals:
78
        - andIds:
79
            ids:
80
            - orIds:
81
                ids:
82
                - authenticated:
83
                    principalName:
84
                      exact: spiffe://principals1
85
                - authenticated:
86
                    principalName:
87
                      exact: spiffe://principals2
88
      ns[foo]-policy[httpbin-6]-rule[0]:
89
        permissions:
90
        - andRules:
91
            rules:
92
            - any: true
93
        principals:
94
        - andIds:
95
            ids:
96
            - orIds:
97
                ids:
98
                - metadata:
99
                    filter: istio_authn
100
                    path:
101
                    - key: request.auth.principal
102
                    value:
103
                      stringMatch:
104
                        exact: requestPrincipals1
105
                - metadata:
106
                    filter: istio_authn
107
                    path:
108
                    - key: request.auth.principal
109
                    value:
110
                      stringMatch:
111
                        exact: requestPrincipals2
112
      ns[foo]-policy[httpbin-7]-rule[0]:
113
        permissions:
114
        - andRules:
115
            rules:
116
            - any: true
117
        principals:
118
        - andIds:
119
            ids:
120
            - orIds:
121
                ids:
122
                - authenticated:
123
                    principalName:
124
                      safeRegex:
125
                        regex: .*/ns/namespaces1/.*
126
                - authenticated:
127
                    principalName:
128
                      safeRegex:
129
                        regex: .*/ns/namespaces2/.*
130
      ns[foo]-policy[httpbin-8]-rule[0]:
131
        permissions:
132
        - andRules:
133
            rules:
134
            - any: true
135
        principals:
136
        - andIds:
137
            ids:
138
            - orIds:
139
                ids:
140
                - directRemoteIp:
141
                    addressPrefix: 1.2.3.4
142
                    prefixLen: 32
143
                - directRemoteIp:
144
                    addressPrefix: 5.6.7.0
145
                    prefixLen: 24
146
      ns[foo]-policy[httpbin-9]-rule[0]:
147
        permissions:
148
        - andRules:
149
            rules:
150
            - any: true
151
        principals:
152
        - andIds:
153
            ids:
154
            - orIds:
155
                ids:
156
                - header:
157
                    name: X-abc
158
                    stringMatch:
159
                      exact: abc1
160
                - header:
161
                    name: X-abc
162
                    stringMatch:
163
                      exact: abc2
164
  shadowRulesStatPrefix: istio_dry_run_allow_
165

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.