istio

1
name: envoy.filters.http.rbac
2
typedConfig:
3
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4
  rules:
5
    policies:
6
      ns[foo]-policy[httpbin]-rule[0]:
7
        permissions:
8
        - andRules:
9
            rules:
10
            - any: true
11
        principals:
12
        - andIds:
13
            ids:
14
            - orIds:
15
                ids:
16
                - authenticated:
17
                    principalName:
18
                      safeRegex:
19
                        regex: .+
20
        - andIds:
21
            ids:
22
            - orIds:
23
                ids:
24
                - authenticated:
25
                    principalName:
26
                      safeRegex:
27
                        regex: spiffe://.*/ns/foo/sa/rule[0]-from[1]-principal[0]
28
                - authenticated:
29
                    principalName:
30
                      exact: spiffe://td1/ns/foo/sa/rule[0]-from[1]-principal[1]
31
                - authenticated:
32
                    principalName:
33
                      safeRegex:
34
                        regex: spiffe://.*bar/ns/foo/sa/rule[0]-from[1]-principal[1]
35
  shadowRulesStatPrefix: istio_dry_run_allow_
36