pilot/pkg/security/authz/builder/testdata/http/simple-policy-td-aliases-out.yaml - dubbo-go-pixiu - Git at Google

 name: envoy.filters.http.rbac
 typedConfig:
   '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
   rules:
     policies:
       ns[foo]-policy[httpbin]-rule[0]:
         permissions:
         - andRules:
             rules:
             - orRules:
                 rules:
                 - header:
                     exactMatch: rule[0]-to[0]-method[0]
                     name: :method
         principals:
         - andIds:
             ids:
             - orIds:
                 ids:
                 - authenticated:
                     principalName:
                       exact: spiffe://td1/ns/rule[0]/sa/from[0]-principal[0]
                 - authenticated:
                     principalName:
                       exact: spiffe://cluster.local/ns/rule[0]/sa/from[0]-principal[0]
         - andIds:
             ids:
             - orIds:
                 ids:
                 - authenticated:
                     principalName:
                       exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[0]
                 - authenticated:
                     principalName:
                       exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[0]
                 - authenticated:
                     principalName:
                       exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[1]
                 - authenticated:
                     principalName:
                       exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[1]
             - orIds:
                 ids:
                 - authenticated:
                     principalName:
                       safeRegex:
                         googleRe2: {}
                         regex: .*/ns/rule[0]-from[1]-ns[0]/.*
       ns[foo]-policy[httpbin]-rule[1]:
         permissions:
         - andRules:
             rules:
             - orRules:
                 rules:
                 - header:
                     exactMatch: rule[1]-to[0]-method[0]
                     name: :method
         principals:
         - andIds:
             ids:
             - orIds:
                 ids:
                 - authenticated:
                     principalName:
                       exact: spiffe://td1/ns/rule[1]/sa/from[0]-principal[0]
                 - authenticated:
                     principalName:
                       exact: spiffe://cluster.local/ns/rule[1]/sa/from[0]-principal[0]
   shadowRulesStatPrefix: istio_dry_run_allow_
	name: envoy.filters.http.rbac
	typedConfig:
	'@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
	rules:
	policies:
	ns[foo]-policy[httpbin]-rule[0]:
	permissions:
	- andRules:
	rules:
	- orRules:
	rules:
	- header:
	exactMatch: rule[0]-to[0]-method[0]
	name: :method
	principals:
	- andIds:
	ids:
	- orIds:
	ids:
	- authenticated:
	principalName:
	exact: spiffe://td1/ns/rule[0]/sa/from[0]-principal[0]
	- authenticated:
	principalName:
	exact: spiffe://cluster.local/ns/rule[0]/sa/from[0]-principal[0]
	- andIds:
	ids:
	- orIds:
	ids:
	- authenticated:
	principalName:
	exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[0]
	- authenticated:
	principalName:
	exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[0]
	- authenticated:
	principalName:
	exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[1]
	- authenticated:
	principalName:
	exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[1]
	- orIds:
	ids:
	- authenticated:
	principalName:
	safeRegex:
	googleRe2: {}
	regex: ./ns/rule[0]-from[1]-ns[0]/.
	ns[foo]-policy[httpbin]-rule[1]:
	permissions:
	- andRules:
	rules:
	- orRules:
	rules:
	- header:
	exactMatch: rule[1]-to[0]-method[0]
	name: :method
	principals:
	- andIds:
	ids:
	- orIds:
	ids:
	- authenticated:
	principalName:
	exact: spiffe://td1/ns/rule[1]/sa/from[0]-principal[0]
	- authenticated:
	principalName:
	exact: spiffe://cluster.local/ns/rule[1]/sa/from[0]-principal[0]
	shadowRulesStatPrefix: istio_dry_run_allow_