another rbac
This commit is contained in:
John Lancaster
12
envoy.yaml
12
envoy.yaml
@@ -88,6 +88,18 @@ static_resources:
|
||||
- authenticated:
|
||||
principal_name:
|
||||
exact: "spiffe://john-stream.com/john-p14s"
|
||||
"gitea-policy":
|
||||
permissions:
|
||||
- and_rules:
|
||||
rules:
|
||||
- header:
|
||||
name: ":path"
|
||||
string_match:
|
||||
prefix: "/gitea"
|
||||
principals:
|
||||
- authenticated:
|
||||
principal_name:
|
||||
exact: "spiffe://john-stream.com/gitea"
|
||||
# --8<-- [end:rbac]
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
|
||||
Reference in New Issue
Block a user