blob: 4b8d53dc87513f3ac643e3f89a7eca43a7a5ca91 [file] [log] [blame]
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-{{ .b }}-audit
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "{{ .b }}"
action: AUDIT
rules:
- to:
- operation:
paths: ["/audit"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-{{ .b }}-allow
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "{{ .b }}"
action: ALLOW
rules:
- to:
- operation:
paths: ["/allow"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-{{ .c }}-audit
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "{{ .c }}"
action: AUDIT
rules:
- to:
- operation:
paths: ["/audit"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-{{ .c }}-deny
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "{{ .c }}"
action: DENY
rules:
- to:
- operation:
paths: ["/deny"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-{{ .d }}-audit
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "{{ .d }}"
action: AUDIT
rules:
- to:
- operation:
paths: ["/audit"]