1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
12
requestPrincipals: ["id-1"]
23
requestPrincipals: ["id-1"]
34
requestPrincipals: ["id-1"]
41
requestPrincipals: ["id-1"]
50
requestPrincipals: ["id-1"]
64
- key: "request.headers[:method]"
68
- key: "destination.port"
73
principals: ["principal", "*principal-suffix", "principal-prefix*", "*"]
74
requestPrincipals: ["requestPrincipals"]
75
namespaces: ["ns", "*ns-suffix", "ns-prefix*", "*"]
77
remoteIpBlocks: ["172.18.4.0/22"]
78
notPrincipals: ["not-principal", "*not-principal-suffix", "not-principal-prefix*", "*"]
79
notRequestPrincipals: ["not-requestPrincipals"]
80
notNamespaces: ["not-ns", "*not-ns-suffix", "not-ns-prefix*", "*"]
81
notIpBlocks: ["9.0.0.1"]
82
notRemoteIpBlocks: ["192.168.244.139"]
89
notMethods: ["not-method"]
90
notHosts: ["not-exact.com"]
92
notPaths: ["/not-exact"]
94
- key: "request.headers[X-header]"
96
notValues: ["not-header"]
98
values: ["10.10.10.10"]
99
notValues: ["90.10.10.10"]
101
values: ["192.168.3.3"]
102
notValues: ["172.19.31.3"]
103
- key: "source.namespace"
104
values: ["ns", "*ns-suffix", "ns-prefix*", "*"]
105
notValues: ["not-ns", "*not-ns-suffix", "not-ns-prefix*", "*"]
106
- key: "source.principal"
107
values: ["principal", "*principal-suffix", "principal-prefix*", "*"]
108
notValues: ["not-principal", "*not-principal-suffix", "not-principal-prefix*", "*"]
109
- key: "request.auth.principal"
110
values: ["requestPrincipals"]
111
notValues: ["not-requestPrincipals"]
112
- key: "request.auth.audiences"
113
values: ["audiences"]
114
notValues: ["not-audiences"]
115
- key: "request.auth.presenter"
116
values: ["presenter"]
117
notValues: ["not-presenter"]
118
- key: "request.auth.claims[iss]"
120
notValues: ["not-iss"]
121
- key: "destination.ip"
122
values: ["10.10.10.10"]
123
notValues: ["90.10.10.10"]
124
- key: "destination.port"
127
- key: "connection.sni"
128
values: ["exact.com"]
129
notValues: ["not-exact.com"]
130
- key: "experimental.envoy.filters.a.b[c]"
132
notValues: ["not-exact"]