istio
53 строки · 2.0 Кб
1name: envoy.filters.http.rbac2typedConfig:3'@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC4rules:5policies:6ns[foo]-policy[httpbin]-rule[0]:7permissions:8- andRules:9rules:10- any: true11principals:12- andIds:13ids:14- orIds:15ids:16- authenticated:17principalName:18exact: spiffe://td1/ns/rule[0]/sa/from[0]-principal[0]19- authenticated:20principalName:21exact: spiffe://cluster.local/ns/rule[0]/sa/from[0]-principal[0]22- authenticated:23principalName:24exact: spiffe://some-td/ns/rule[0]/sa/from[0]-principal[0]25- andIds:26ids:27- orIds:28ids:29- authenticated:30principalName:31exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[0]32- authenticated:33principalName:34exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[0]35- authenticated:36principalName:37exact: spiffe://some-td/ns/rule[0]/sa/from[1]-principal[0]38- authenticated:39principalName:40exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[1]41- authenticated:42principalName:43exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[1]44- authenticated:45principalName:46exact: spiffe://some-td/ns/rule[0]/sa/from[1]-principal[1]47- orIds:48ids:49- authenticated:50principalName:51safeRegex:52regex: .*/ns/rule[0]-from[1]-ns[0]/.*53shadowRulesStatPrefix: istio_dry_run_allow_54