1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
9
# rule[0] `from`: all fields, `to`: all fields, `when`: all fields.
12
principals: ["principal"]
13
requestPrincipals: ["requestPrincipals"]
16
remoteIpBlocks: ["10.250.90.4"]
17
notPrincipals: ["not-principal"]
18
notRequestPrincipals: ["not-requestPrincipals"]
19
notNamespaces: ["not-ns"]
20
notIpBlocks: ["9.0.0.1"]
21
notRemoteIpBlocks: ["10.133.154.65"]
28
notMethods: ["not-method"]
29
notHosts: ["not-exact.com"]
31
notPaths: ["/not-exact"]
33
- key: "request.headers[X-header]"
35
notValues: ["not-header"]
37
values: ["10.10.10.10"]
38
notValues: ["90.10.10.10"]
40
values: ["192.168.7.7"]
41
notValues: ["192.168.10.9"]
42
- key: "source.namespace"
45
- key: "source.principal"
47
notValues: ["not-principal"]
48
- key: "request.auth.principal"
49
values: ["requestPrincipals"]
50
notValues: ["not-requestPrincipals"]
51
- key: "request.auth.audiences"
53
notValues: ["not-audiences"]
54
- key: "request.auth.presenter"
56
notValues: ["not-presenter"]
57
- key: "request.auth.claims[iss]"
59
notValues: ["not-iss"]
60
- key: "destination.ip"
61
values: ["10.10.10.10"]
62
notValues: ["90.10.10.10"]
63
- key: "destination.port"
66
- key: "connection.sni"
68
notValues: ["not-exact.com"]
69
- key: "experimental.envoy.filters.a.b[c]"
71
notValues: ["not-exact"]