more rbac
This commit is contained in:
John Lancaster
16
envoy.yaml
16
envoy.yaml
@@ -64,18 +64,30 @@ static_resources:
|
|||||||
rules:
|
rules:
|
||||||
action: ALLOW
|
action: ALLOW
|
||||||
policies:
|
policies:
|
||||||
"test_policy":
|
"ubuntu-policy":
|
||||||
permissions:
|
permissions:
|
||||||
- and_rules:
|
- and_rules:
|
||||||
rules:
|
rules:
|
||||||
- header:
|
- header:
|
||||||
name: ":path"
|
name: ":path"
|
||||||
string_match:
|
string_match:
|
||||||
prefix: "/dev-test"
|
prefix: "/john-ubuntu"
|
||||||
principals:
|
principals:
|
||||||
- authenticated:
|
- authenticated:
|
||||||
principal_name:
|
principal_name:
|
||||||
exact: "spiffe://john-stream.com/ubuntu"
|
exact: "spiffe://john-stream.com/ubuntu"
|
||||||
|
"p14-policy":
|
||||||
|
permissions:
|
||||||
|
- and_rules:
|
||||||
|
rules:
|
||||||
|
- header:
|
||||||
|
name: ":path"
|
||||||
|
string_match:
|
||||||
|
prefix: "/john-p14s"
|
||||||
|
principals:
|
||||||
|
- authenticated:
|
||||||
|
principal_name:
|
||||||
|
exact: "spiffe://john-stream.com/john-p14s"
|
||||||
# --8<-- [end:rbac]
|
# --8<-- [end:rbac]
|
||||||
- name: envoy.filters.http.router
|
- name: envoy.filters.http.router
|
||||||
typed_config:
|
typed_config:
|
||||||
|
|||||||
Reference in New Issue
Block a user