From 3ca2a092fd1ac1a3ce3e59c7a85f1d25bd0cb353 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Fri, 2 Jan 2026 23:11:47 -0600
Subject: [PATCH] another rbac

---
 envoy.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/envoy.yaml b/envoy.yaml
index 3374f15..d184a95 100644
--- a/envoy.yaml
+++ b/envoy.yaml
@@ -88,6 +88,18 @@ static_resources:
                       - authenticated:
                           principal_name:
                             exact: "spiffe://john-stream.com/john-p14s"
+                  "gitea-policy":
+                    permissions:
+                      - and_rules:
+                          rules:
+                            - header:
+                                name: ":path"
+                                string_match:
+                                  prefix: "/gitea"
+                    principals:
+                      - authenticated:
+                          principal_name:
+                            exact: "spiffe://john-stream.com/gitea"
           # --8<-- [end:rbac]
           - name: envoy.filters.http.router
             typed_config: