tests/integration/pilot/testdata/authz-b.yaml - dubbo-go-pixiu - Git at Google

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: allow-policy
 spec:
   action: ALLOW
   selector:
     matchLabels:
       "istio": "ingressgateway"
   rules:
   - to:
     - operation:
         notPorts: ["100"]
 ---
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: deny-policy
 spec:
   action: DENY
   selector:
     matchLabels:
       "istio": "ingressgateway"
   rules:
   - to:
     - operation:
         ports: ["100"]
   - to:
     - operation:
         ports: ["100"]
 ---
 # Make sure listener has a least one listener, otherwise there may be no policies
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
 metadata:
   name: gateway
 spec:
   selector:
     istio: ingressgateway
   servers:
   - port:
       number: 18080
       name: http
       protocol: HTTP
     hosts:
     - "foo.bar"
	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: allow-policy
	spec:
	action: ALLOW
	selector:
	matchLabels:
	"istio": "ingressgateway"
	rules:
	- to:
	- operation:
	notPorts: ["100"]
	---
	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: deny-policy
	spec:
	action: DENY
	selector:
	matchLabels:
	"istio": "ingressgateway"
	rules:
	- to:
	- operation:
	ports: ["100"]
	- to:
	- operation:
	ports: ["100"]
	---
	# Make sure listener has a least one listener, otherwise there may be no policies
	apiVersion: networking.istio.io/v1alpha3
	kind: Gateway
	metadata:
	name: gateway
	spec:
	selector:
	istio: ingressgateway
	servers:
	- port:
	number: 18080
	name: http
	protocol: HTTP
	hosts:
	- "foo.bar"