tests/integration/security/testdata/authz/v1beta1-audit.yaml.tmpl - dubbo-go-pixiu - Git at Google

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-{{ .b }}-audit
   namespace: "{{ .Namespace }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .b }}"
   action: AUDIT
   rules:
   - to:
     - operation:
         paths: ["/audit"]
 ---

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-{{ .b }}-allow
   namespace: "{{ .Namespace }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .b }}"
   action: ALLOW
   rules:
   - to:
     - operation:
         paths: ["/allow"]
 ---

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-{{ .c }}-audit
   namespace: "{{ .Namespace }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .c }}"
   action: AUDIT
   rules:
   - to:
     - operation:
         paths: ["/audit"]
 ---

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-{{ .c }}-deny
   namespace: "{{ .Namespace }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .c }}"
   action: DENY
   rules:
   - to:
     - operation:
         paths: ["/deny"]
 ---

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-{{ .d }}-audit
   namespace: "{{ .Namespace }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .d }}"
   action: AUDIT
   rules:
   - to:
     - operation:
         paths: ["/audit"]
	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-{{ .b }}-audit
	namespace: "{{ .Namespace }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .b }}"
	action: AUDIT
	rules:
	- to:
	- operation:
	paths: ["/audit"]
	---

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-{{ .b }}-allow
	namespace: "{{ .Namespace }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .b }}"
	action: ALLOW
	rules:
	- to:
	- operation:
	paths: ["/allow"]
	---

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-{{ .c }}-audit
	namespace: "{{ .Namespace }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .c }}"
	action: AUDIT
	rules:
	- to:
	- operation:
	paths: ["/audit"]
	---

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-{{ .c }}-deny
	namespace: "{{ .Namespace }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .c }}"
	action: DENY
	rules:
	- to:
	- operation:
	paths: ["/deny"]
	---

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-{{ .d }}-audit
	namespace: "{{ .Namespace }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .d }}"
	action: AUDIT
	rules:
	- to:
	- operation:
	paths: ["/audit"]