"Fossies" - the Fresh Open Source Software Archive

Member "istio-1.6.5/pilot/pkg/security/authz/builder/testdata/action-deny-HTTP-for-TCP-filter-out.yaml" (8 Jul 2020, 6533 Bytes) of package /linux/misc/istio-1.6.5.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Ansible YAML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 name: envoy.filters.network.rbac
    2 typedConfig:
    3   '@type': type.googleapis.com/envoy.config.filter.network.rbac.v2.RBAC
    4   rules:
    5     action: DENY
    6     policies:
    7       ns[foo]-policy[httpbin-deny]-rule[0]:
    8         permissions:
    9         - andRules:
   10             rules:
   11             - any: true
   12         principals:
   13         - andIds:
   14             ids:
   15             - any: true
   16       ns[foo]-policy[httpbin-deny]-rule[1]:
   17         permissions:
   18         - andRules:
   19             rules:
   20             - any: true
   21         principals:
   22         - andIds:
   23             ids:
   24             - any: true
   25       ns[foo]-policy[httpbin-deny]-rule[2]:
   26         permissions:
   27         - andRules:
   28             rules:
   29             - any: true
   30         principals:
   31         - andIds:
   32             ids:
   33             - any: true
   34       ns[foo]-policy[httpbin-deny]-rule[3]:
   35         permissions:
   36         - andRules:
   37             rules:
   38             - any: true
   39         principals:
   40         - andIds:
   41             ids:
   42             - orIds:
   43                 ids:
   44                 - authenticated:
   45                     principalName:
   46                       safeRegex:
   47                         googleRe2: {}
   48                         regex: .*/ns/ns-1/.*
   49       ns[foo]-policy[httpbin-deny]-rule[4]:
   50         permissions:
   51         - andRules:
   52             rules:
   53             - orRules:
   54                 rules:
   55                 - destinationPort: 80
   56         principals:
   57         - andIds:
   58             ids:
   59             - any: true
   60       ns[foo]-policy[httpbin-deny]-rule[5]:
   61         permissions:
   62         - andRules:
   63             rules:
   64             - orRules:
   65                 rules:
   66                 - destinationPort: 80
   67         principals:
   68         - andIds:
   69             ids:
   70             - orIds:
   71                 ids:
   72                 - authenticated:
   73                     principalName:
   74                       safeRegex:
   75                         googleRe2: {}
   76                         regex: .*/ns/ns-1/.*
   77       ns[foo]-policy[httpbin-deny]-rule[6]:
   78         permissions:
   79         - andRules:
   80             rules:
   81             - any: true
   82         principals:
   83         - andIds:
   84             ids:
   85             - any: true
   86       ns[foo]-policy[httpbin-deny]-rule[7]:
   87         permissions:
   88         - andRules:
   89             rules:
   90             - orRules:
   91                 rules:
   92                 - destinationPort: 80
   93         principals:
   94         - andIds:
   95             ids:
   96             - any: true
   97       ns[foo]-policy[httpbin-deny]-rule[8]:
   98         permissions:
   99         - andRules:
  100             rules:
  101             - orRules:
  102                 rules:
  103                 - destinationPort: 80
  104             - notRule:
  105                 orRules:
  106                   rules:
  107                   - destinationPort: 8000
  108             - orRules:
  109                 rules:
  110                 - destinationIp:
  111                     addressPrefix: 10.10.10.10
  112                     prefixLen: 32
  113             - notRule:
  114                 orRules:
  115                   rules:
  116                   - destinationIp:
  117                       addressPrefix: 90.10.10.10
  118                       prefixLen: 32
  119             - orRules:
  120                 rules:
  121                 - destinationPort: 91
  122             - notRule:
  123                 orRules:
  124                   rules:
  125                   - destinationPort: 9001
  126             - orRules:
  127                 rules:
  128                 - requestedServerName:
  129                     exact: exact.com
  130             - notRule:
  131                 orRules:
  132                   rules:
  133                   - requestedServerName:
  134                       exact: not-exact.com
  135             - orRules:
  136                 rules:
  137                 - metadata:
  138                     filter: envoy.filters.a.b
  139                     path:
  140                     - key: c
  141                     value:
  142                       stringMatch:
  143                         exact: exact
  144             - notRule:
  145                 orRules:
  146                   rules:
  147                   - metadata:
  148                       filter: envoy.filters.a.b
  149                       path:
  150                       - key: c
  151                       value:
  152                         stringMatch:
  153                           exact: not-exact
  154         principals:
  155         - andIds:
  156             ids:
  157             - orIds:
  158                 ids:
  159                 - authenticated:
  160                     principalName:
  161                       exact: spiffe://principal
  162             - notId:
  163                 orIds:
  164                   ids:
  165                   - authenticated:
  166                       principalName:
  167                         exact: spiffe://not-principal
  168             - orIds:
  169                 ids:
  170                 - authenticated:
  171                     principalName:
  172                       safeRegex:
  173                         googleRe2: {}
  174                         regex: .*/ns/ns/.*
  175             - notId:
  176                 orIds:
  177                   ids:
  178                   - authenticated:
  179                       principalName:
  180                         safeRegex:
  181                           googleRe2: {}
  182                           regex: .*/ns/not-ns/.*
  183             - orIds:
  184                 ids:
  185                 - sourceIp:
  186                     addressPrefix: 1.2.3.4
  187                     prefixLen: 32
  188             - notId:
  189                 orIds:
  190                   ids:
  191                   - sourceIp:
  192                       addressPrefix: 9.0.0.1
  193                       prefixLen: 32
  194             - orIds:
  195                 ids:
  196                 - sourceIp:
  197                     addressPrefix: 10.10.10.10
  198                     prefixLen: 32
  199             - notId:
  200                 orIds:
  201                   ids:
  202                   - sourceIp:
  203                       addressPrefix: 90.10.10.10
  204                       prefixLen: 32
  205             - orIds:
  206                 ids:
  207                 - authenticated:
  208                     principalName:
  209                       safeRegex:
  210                         googleRe2: {}
  211                         regex: .*/ns/ns/.*
  212             - notId:
  213                 orIds:
  214                   ids:
  215                   - authenticated:
  216                       principalName:
  217                         safeRegex:
  218                           googleRe2: {}
  219                           regex: .*/ns/not-ns/.*
  220             - orIds:
  221                 ids:
  222                 - authenticated:
  223                     principalName:
  224                       exact: spiffe://principal
  225             - notId:
  226                 orIds:
  227                   ids:
  228                   - authenticated:
  229                       principalName:
  230                         exact: spiffe://not-principal
  231   statPrefix: tcp.