Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@nrjpoddar

nrjpoddar/test-authz.yaml

Last active April 2, 2021 10:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nrjpoddar/daa0e74f59695fed891affacd40c17ab to your computer and use it in GitHub Desktop.
Save nrjpoddar/daa0e74f59695fed891affacd40c17ab to your computer and use it in GitHub Desktop.
Download ZIP
Test AuthZ policies applied with bookinfo-gateway.yaml applied
Raw
test-authz.yaml
apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
name: block-admin-access-1
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:
- to:
- operation:
paths: ["/admin"]
ports: [ "8080" ]
---
apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
name: block-admin-access-2
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:
- from:
- source:
namespaces: ["dev"]
---
apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
name: block-admin-access-3
namespace: istio-system
spec:
selector:
matchLabels:
istio: wrong-ingressgateway
action: DENY
rules:
- to:
- operation:
paths: ["/admin"]
ports: [ "80" ]
---
apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
name: block-admin-access-4
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:
- to:
- operation:
paths: ["/admin"]
ports: [ "8443" ]
---
apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
name: block-admin-access-5
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:
- to:
- operation:
paths: ["/admin"]
ports: [ "8080" ]
- to:
- operation:
paths: ["/admin"]
ports: [ "8443" ]
---
apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
name: block-admin-access-6
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:
- to:
- operation:
paths: ["/admin"]
ports: [ "8443" ]
- to:
- operation:
paths: ["/admin"]
ports: [ "8080" ]
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment