104 lines
2.8 KiB
Plaintext
104 lines
2.8 KiB
Plaintext
{
|
|
"name": "envoy.filters.network.rbac",
|
|
"typedConfig": {
|
|
"@type": "type.googleapis.com/envoy.config.filter.network.rbac.v2.RBAC",
|
|
"rules": {
|
|
"policies": {
|
|
"consul-intentions-layer4": {
|
|
"permissions": [
|
|
{
|
|
"any": true
|
|
}
|
|
],
|
|
"principals": [
|
|
{
|
|
"authenticated": {
|
|
"principalName": {
|
|
"safeRegex": {
|
|
"googleRe2": {
|
|
|
|
},
|
|
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/cron$"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"authenticated": {
|
|
"principalName": {
|
|
"safeRegex": {
|
|
"googleRe2": {
|
|
|
|
},
|
|
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/web$"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"andIds": {
|
|
"ids": [
|
|
{
|
|
"authenticated": {
|
|
"principalName": {
|
|
"safeRegex": {
|
|
"googleRe2": {
|
|
|
|
},
|
|
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/[^/]+$"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"notId": {
|
|
"authenticated": {
|
|
"principalName": {
|
|
"safeRegex": {
|
|
"googleRe2": {
|
|
|
|
},
|
|
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/web$"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"notId": {
|
|
"authenticated": {
|
|
"principalName": {
|
|
"safeRegex": {
|
|
"googleRe2": {
|
|
|
|
},
|
|
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/unsafe$"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"notId": {
|
|
"authenticated": {
|
|
"principalName": {
|
|
"safeRegex": {
|
|
"googleRe2": {
|
|
|
|
},
|
|
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/cron$"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"statPrefix": "connect_authz"
|
|
}
|
|
} |