tests/integration/security/testdata/authz/v1beta1-workload-ns1.yaml.tmpl - dubbo-go-pixiu - Git at Google

 # The following policy selects workload b in namespace 1

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-ns1-{{ .b }}
   namespace: "{{ .Namespace1 }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .b }}"
   rules:
   - to:
     - operation:
         paths: ["/policy-ns1-{{ .b }}"]
 ---

 # The following policy selects workload c in namespace 1

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-ns1-{{ .c }}
   namespace: "{{ .Namespace1 }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .c }}"
   rules:
   - to:
     - operation:
         paths: ["/policy-ns1-{{ .c }}"]
 ---

 # The following policy selects a non-exist workload in namespace 1

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-ns1-x
   namespace: "{{ .Namespace1 }}"
 spec:
   selector:
     matchLabels:
       "app": "{{ .dst1 }}"
       "foo": "bla"
   rules:
   - to:
     - operation:
         paths: ["/policy-ns1-x"]
 ---

 # The following policy selects all workloads in namespace 1

 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: policy-ns1-all
   namespace: "{{ .Namespace1 }}"
 spec:
   rules:
   - to:
     - operation:
         paths: ["/policy-ns1-all"]
 ---
	# The following policy selects workload b in namespace 1

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-ns1-{{ .b }}
	namespace: "{{ .Namespace1 }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .b }}"
	rules:
	- to:
	- operation:
	paths: ["/policy-ns1-{{ .b }}"]
	---

	# The following policy selects workload c in namespace 1

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-ns1-{{ .c }}
	namespace: "{{ .Namespace1 }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .c }}"
	rules:
	- to:
	- operation:
	paths: ["/policy-ns1-{{ .c }}"]
	---

	# The following policy selects a non-exist workload in namespace 1

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-ns1-x
	namespace: "{{ .Namespace1 }}"
	spec:
	selector:
	matchLabels:
	"app": "{{ .dst1 }}"
	"foo": "bla"
	rules:
	- to:
	- operation:
	paths: ["/policy-ns1-x"]
	---

	# The following policy selects all workloads in namespace 1

	apiVersion: security.istio.io/v1beta1
	kind: AuthorizationPolicy
	metadata:
	name: policy-ns1-all
	namespace: "{{ .Namespace1 }}"
	spec:
	rules:
	- to:
	- operation:
	paths: ["/policy-ns1-all"]
	---