Google Git
Sign in
apache / dubbo-go-pixiu / de9f1befd6a6e38513ea5e704a5488ed608df7d5 / . / tests / integration / security / testdata / authz / v1beta1-custom.yaml.tmpl
blob: 28dcac05071f8f99c4bf0b5ceafbfb40a58f7c3f [file] [log] [blame]
# The following policy applies the CUSTOM action with the ext-authz-http provider on workload b for path /custom.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-b
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "b"
action: CUSTOM
provider:
name: ext-authz-http
rules:
- to:
- operation:
paths: ["/custom"]
---
# The following policy applies the CUSTOM action with the ext-authz-grpc provider on workload c for path /custom.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-c
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "c"
action: CUSTOM
provider:
name: ext-authz-grpc
rules:
- to:
- operation:
paths: ["/custom"]
---
# The following policy applies the CUSTOM action with the ext-authz-http-local provider on workload d for path /custom.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-d
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "d"
action: CUSTOM
provider:
name: ext-authz-http-local
rules:
- to:
- operation:
paths: ["/custom"]
---
# The following policy applies the CUSTOM action with the ext-authz-grpc-local provider on workload e for path /custom.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-e
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "e"
action: CUSTOM
provider:
name: ext-authz-grpc-local
rules:
- to:
- operation:
paths: ["/custom"]
---
# The following policy applies the CUSTOM action with the ext-authz-tcp provider on workload f for port 8092.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-f-tcp
namespace: "{{ .Namespace }}"
spec:
selector:
matchLabels:
"app": "f"
action: CUSTOM
provider:
name: ext-authz-grpc
rules:
- to:
- operation:
ports: ["8092"]
---
# The following policy applies the CUSTOM action with the ext-authz-http provider on ingress gateway for path /custom.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: policy-ingress-http
namespace: "{{ .RootNamespace }}"
spec:
selector:
matchLabels:
"app": "istio-ingressgateway"
action: CUSTOM
provider:
name: ext-authz-http
rules:
- to:
- operation:
paths: ["/custom"]
---
# Define the service entry for the local ext-authz service on port 8000.
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext-authz-http
namespace: "{{ .Namespace }}"
spec:
hosts:
- "ext-authz-http.local"
endpoints:
- address: "127.0.0.1"
ports:
- name: http
number: 8000
protocol: HTTP
resolution: STATIC
---
# Define the service entry for the local ext-authz service on port 9000.
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext-authz-grpc
namespace: "{{ .Namespace }}"
spec:
hosts:
- "ext-authz-grpc.local"
endpoints:
- address: "127.0.0.1"
ports:
- name: grpc
number: 9000
protocol: GRPC
resolution: STATIC
---
# The following gateway allows request to "*.company.com"
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: test-ingress
namespace: {{ .Namespace }}
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*.company.com"
---
# The following virtual service routes requests to workload x
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: test-vs
namespace: {{ .Namespace }}
spec:
hosts:
- "*.company.com"
gateways:
- test-ingress
http:
- route:
- destination:
host: x
port:
number: 80