open-consul/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms.golden
R.B. Boyer 35c4efd220
connect: support defining intentions using layer 7 criteria (#8839)
Extend Consul’s intentions model to allow for request-based access control enforcement for HTTP-like protocols in addition to the existing connection-based enforcement for unspecified protocols (e.g. tcp).
2020-10-06 17:09:13 -05:00

31 lines
1.1 KiB
Plaintext

{
"name": "envoy.filters.network.rbac",
"config": {
"rules": {
"action": "DENY",
"policies": {
"consul-intentions-layer4": {
"permissions": [
{
"any": true
}
],
"principals": [
{
"authenticated": {
"principal_name": {
"safe_regex": {
"google_re2": {
},
"regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/web$"
}
}
}
}
]
}
}
},
"stat_prefix": "connect_authz"
}
}