pilot/pkg/security/authz/builder/testdata/http/single-policy-in.yaml - dubbo-go-pixiu - Git at Google

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: httpbin
   namespace: foo
 spec:
   selector:
     matchLabels:
       app: httpbin
       version: v1
   rules:
     - from:
         - source:
             principals: ["rule[0]-from[0]-principal[1]", "rule[0]-from[0]-principal[2]"]
             requestPrincipals: ["rule[0]-from[0]-requestPrincipal[1]", "rule[0]-from[0]-requestPrincipal[2]"]
             namespaces: ["rule[0]-from[0]-ns[1]", "rule[0]-from[0]-ns[2]"]
             ipBlocks: ["10.0.0.1", "10.0.0.2"]
             remoteIpBlocks: ["172.16.10.10"]
         - source:
             principals: ["rule[0]-from[1]-principal[1]", "rule[0]-from[1]-principal[2]"]
             requestPrincipals: ["rule[0]-from[1]-requestPrincipal[1]", "rule[0]-from[1]-requestPrincipal[2]"]
             namespaces: ["rule[0]-from[1]-ns[1]", "rule[0]-from[1]-ns[2]"]
             ipBlocks: ["10.0.1.1", "192.0.1.2"]
             remoteIpBlocks: ["172.17.8.0/24", "172.17.9.4"]
       to:
         - operation:
             methods: ["rule[0]-to[0]-method[1]", "rule[0]-to[0]-method[2]"]
             hosts: ["rule[0]-to[0]-host[1]", "rule[0]-to[0]-host[2]"]
             ports: ["9001", "9002"]
             paths: ["rule[0]-to[0]-path[1]", "rule[0]-to[0]-path[2]"]
         - operation:
             methods: ["rule[0]-to[1]-method[1]", "rule[0]-to[1]-method[2]"]
             hosts: ["rule[0]-to[1]-host[1]", "rule[0]-to[1]-host[2]"]
             ports: ["9011", "9012"]
             paths: ["rule[0]-to[1]-path[1]", "rule[0]-to[1]-path[2]"]
       when:
         - key: "request.headers[X-header]"
           values: ["header", "header-prefix-*", "*-suffix-header", "*"]
         - key: "destination.ip"
           values: ["10.10.10.10", "192.168.10.0/24"]
         - key: "remote.ip"
           values: ["10.99.10.8", "10.80.64.0/18"]
     - from:
         - source:
             principals: ["rule[1]-from[0]-principal[1]", "rule[1]-from[0]-principal[2]"]
             requestPrincipals: ["rule[1]-from[0]-requestPrincipal[1]", "rule[1]-from[0]-requestPrincipal[2]"]
             namespaces: ["rule[1]-from[0]-ns[1]", "rule[1]-from[0]-ns[2]"]
             ipBlocks: ["10.1.0.1", "10.1.0.2"]
             remoteIpBlocks: ["172.22.2.0/23", "172.21.234.254"]
         - source:
             principals: ["rule[1]-from[1]-principal[1]", "rule[1]-from[1]-principal[2]"]
             requestPrincipals: ["rule[1]-from[1]-requestPrincipal[1]", "rule[1]-from[1]-requestPrincipal[2]"]
             namespaces: ["rule[1]-from[1]-ns[1]", "rule[1]-from[1]-ns[2]"]
             ipBlocks: ["10.1.1.1", "192.1.1.2"]
             remoteIpBlocks: ["192.168.4.0/24", "192.168.7.8"]
       to:
         - operation:
             methods: ["rule[1]-to[0]-method[1]", "rule[1]-to[0]-method[2]"]
             hosts: ["rule[1]-to[0]-host[1]", "rule[1]-to[0]-host[2]"]
             ports: ["9101", "9102"]
             paths: ["rule[1]-to[0]-path[1]", "rule[1]-to[0]-path[2]"]
         - operation:
             methods: ["rule[1]-to[1]-method[1]", "rule[1]-to[1]-method[2]"]
             hosts: ["rule[1]-to[1]-host[1]", "rule[1]-to[1]-host[2]"]
             ports: ["9111", "9112"]
             paths: ["rule[1]-to[1]-path[1]", "rule[1]-to[1]-path[2]"]
	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: httpbin
	namespace: foo
	spec:
	selector:
	matchLabels:
	app: httpbin
	version: v1
	rules:
	- from:
	- source:
	principals: ["rule[0]-from[0]-principal[1]", "rule[0]-from[0]-principal[2]"]
	requestPrincipals: ["rule[0]-from[0]-requestPrincipal[1]", "rule[0]-from[0]-requestPrincipal[2]"]
	namespaces: ["rule[0]-from[0]-ns[1]", "rule[0]-from[0]-ns[2]"]
	ipBlocks: ["10.0.0.1", "10.0.0.2"]
	remoteIpBlocks: ["172.16.10.10"]
	- source:
	principals: ["rule[0]-from[1]-principal[1]", "rule[0]-from[1]-principal[2]"]
	requestPrincipals: ["rule[0]-from[1]-requestPrincipal[1]", "rule[0]-from[1]-requestPrincipal[2]"]
	namespaces: ["rule[0]-from[1]-ns[1]", "rule[0]-from[1]-ns[2]"]
	ipBlocks: ["10.0.1.1", "192.0.1.2"]
	remoteIpBlocks: ["172.17.8.0/24", "172.17.9.4"]
	to:
	- operation:
	methods: ["rule[0]-to[0]-method[1]", "rule[0]-to[0]-method[2]"]
	hosts: ["rule[0]-to[0]-host[1]", "rule[0]-to[0]-host[2]"]
	ports: ["9001", "9002"]
	paths: ["rule[0]-to[0]-path[1]", "rule[0]-to[0]-path[2]"]
	- operation:
	methods: ["rule[0]-to[1]-method[1]", "rule[0]-to[1]-method[2]"]
	hosts: ["rule[0]-to[1]-host[1]", "rule[0]-to[1]-host[2]"]
	ports: ["9011", "9012"]
	paths: ["rule[0]-to[1]-path[1]", "rule[0]-to[1]-path[2]"]
	when:
	- key: "request.headers[X-header]"
	values: ["header", "header-prefix-", "-suffix-header", "*"]
	- key: "destination.ip"
	values: ["10.10.10.10", "192.168.10.0/24"]
	- key: "remote.ip"
	values: ["10.99.10.8", "10.80.64.0/18"]
	- from:
	- source:
	principals: ["rule[1]-from[0]-principal[1]", "rule[1]-from[0]-principal[2]"]
	requestPrincipals: ["rule[1]-from[0]-requestPrincipal[1]", "rule[1]-from[0]-requestPrincipal[2]"]
	namespaces: ["rule[1]-from[0]-ns[1]", "rule[1]-from[0]-ns[2]"]
	ipBlocks: ["10.1.0.1", "10.1.0.2"]
	remoteIpBlocks: ["172.22.2.0/23", "172.21.234.254"]
	- source:
	principals: ["rule[1]-from[1]-principal[1]", "rule[1]-from[1]-principal[2]"]
	requestPrincipals: ["rule[1]-from[1]-requestPrincipal[1]", "rule[1]-from[1]-requestPrincipal[2]"]
	namespaces: ["rule[1]-from[1]-ns[1]", "rule[1]-from[1]-ns[2]"]
	ipBlocks: ["10.1.1.1", "192.1.1.2"]
	remoteIpBlocks: ["192.168.4.0/24", "192.168.7.8"]
	to:
	- operation:
	methods: ["rule[1]-to[0]-method[1]", "rule[1]-to[0]-method[2]"]
	hosts: ["rule[1]-to[0]-host[1]", "rule[1]-to[0]-host[2]"]
	ports: ["9101", "9102"]
	paths: ["rule[1]-to[0]-path[1]", "rule[1]-to[0]-path[2]"]
	- operation:
	methods: ["rule[1]-to[1]-method[1]", "rule[1]-to[1]-method[2]"]
	hosts: ["rule[1]-to[1]-host[1]", "rule[1]-to[1]-host[2]"]
	ports: ["9111", "9112"]
	paths: ["rule[1]-to[1]-path[1]", "rule[1]-to[1]-path[2]"]