| apiVersion: security.istio.io/v1beta1 |
| kind: AuthorizationPolicy |
| metadata: |
| name: httpbin |
| namespace: foo |
| spec: |
| selector: |
| matchLabels: |
| app: httpbin |
| version: v1 |
| rules: |
| - from: |
| - source: |
| principals: ["cluster.local/ns/rule[0]/sa/from[0]-principal[0]"] |
| - source: |
| principals: ["cluster.local/ns/rule[0]/sa/from[1]-principal[0]", "cluster.local/ns/rule[0]/sa/from[1]-principal[1]"] |
| namespaces: ["rule[0]-from[1]-ns[0]"] |
| to: |
| - operation: |
| methods: ["rule[0]-to[0]-method[0]"] |
| - from: |
| - source: |
| principals: ["cluster.local/ns/rule[1]/sa/from[0]-principal[0]"] |
| to: |
| - operation: |
| methods: ["rule[1]-to[0]-method[0]"] |