open-consul/agent/xds/testdata/rbac/default-deny-kitchen-sink.v...

104 lines
2.8 KiB
Plaintext

{
"name": "envoy.filters.network.rbac",
"typedConfig": {
"@type": "type.googleapis.com/envoy.config.filter.network.rbac.v2.RBAC",
"rules": {
"policies": {
"consul-intentions-layer4": {
"permissions": [
{
"any": true
}
],
"principals": [
{
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {
},
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/cron$"
}
}
}
},
{
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {
},
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/web$"
}
}
}
},
{
"andIds": {
"ids": [
{
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {
},
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/[^/]+$"
}
}
}
},
{
"notId": {
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {
},
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/web$"
}
}
}
}
},
{
"notId": {
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {
},
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/unsafe$"
}
}
}
}
},
{
"notId": {
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {
},
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/cron$"
}
}
}
}
}
]
}
}
]
}
}
},
"statPrefix": "connect_authz"
}
}