istio

audit-both-http-tcp-in.yaml
71 строка · 2.1 Кб
Перенос по словам
1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
3
metadata:
4
  name: httpbin-audit
5
  namespace: foo
6
spec:
7
  action: AUDIT
8
  rules:
9
  # rule[0] `from`: all fields, `to`: all fields, `when`: all fields.
10
  - from:
11
    - source:
12
        principals: ["principal"]
13
        requestPrincipals: ["requestPrincipals"]
14
        namespaces: ["ns"]
15
        ipBlocks: ["1.2.3.4"]
16
        remoteIpBlocks: ["10.250.90.4"]
17
        notPrincipals: ["not-principal"]
18
        notRequestPrincipals: ["not-requestPrincipals"]
19
        notNamespaces: ["not-ns"]
20
        notIpBlocks: ["9.0.0.1"]
21
        notRemoteIpBlocks: ["10.133.154.65"]
22
    to:
23
    - operation:
24
        methods: ["method"]
25
        hosts: ["exact.com"]
26
        ports: ["80"]
27
        paths: ["/exact"]
28
        notMethods: ["not-method"]
29
        notHosts: ["not-exact.com"]
30
        notPorts: ["8000"]
31
        notPaths: ["/not-exact"]
32
    when:
33
      - key: "request.headers[X-header]"
34
        values: ["header"]
35
        notValues: ["not-header"]
36
      - key: "source.ip"
37
        values: ["10.10.10.10"]
38
        notValues: ["90.10.10.10"]
39
      - key: "remote.ip"
40
        values: ["192.168.7.7"]
41
        notValues: ["192.168.10.9"]
42
      - key: "source.namespace"
43
        values: ["ns"]
44
        notValues: ["not-ns"]
45
      - key: "source.principal"
46
        values: ["principal"]
47
        notValues: ["not-principal"]
48
      - key: "request.auth.principal"
49
        values: ["requestPrincipals"]
50
        notValues: ["not-requestPrincipals"]
51
      - key: "request.auth.audiences"
52
        values: ["audiences"]
53
        notValues: ["not-audiences"]
54
      - key: "request.auth.presenter"
55
        values: ["presenter"]
56
        notValues: ["not-presenter"]
57
      - key: "request.auth.claims[iss]"
58
        values: ["iss"]
59
        notValues: ["not-iss"]
60
      - key: "destination.ip"
61
        values: ["10.10.10.10"]
62
        notValues: ["90.10.10.10"]
63
      - key: "destination.port"
64
        values: ["91"]
65
        notValues: ["9001"]
66
      - key: "connection.sni"
67
        values: ["exact.com"]
68
        notValues: ["not-exact.com"]
69
      - key: "experimental.envoy.filters.a.b[c]"
70
        values: ["exact"]
71
        notValues: ["not-exact"]
72
istio

Использование cookies
