open-consul/agent/xds/testdata/rbac/default-deny-kitchen-sink.golden

{
  "name": "envoy.filters.network.rbac",
  "config": {
      "rules": {
            "policies": {
                  "consul-intentions-layer4": {
                        "permissions": [
                              {
                                    "any": true
                                  }
                            ],
                        "principals": [
                              {
                                    "authenticated": {
                                          "principal_name": {
                                                "safe_regex": {
                                                      "google_re2": {
                                                          },
                                                      "regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/cron$"
                                                    }
                                              }
                                        }
                                  },
                              {
                                    "authenticated": {
                                          "principal_name": {
                                                "safe_regex": {
                                                      "google_re2": {
                                                          },
                                                      "regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/web$"
                                                    }
                                              }
                                        }
                                  },
                              {
                                    "and_ids": {
                                          "ids": [
                                                {
                                                      "authenticated": {
                                                            "principal_name": {
                                                                  "safe_regex": {
                                                                        "google_re2": {
                                                                            },
                                                                        "regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/[^/]+$"
                                                                      }
                                                                }
                                                          }
                                                    },
                                                {
                                                      "not_id": {
                                                            "authenticated": {
                                                                  "principal_name": {
                                                                        "safe_regex": {
                                                                              "google_re2": {
                                                                                  },
                                                                              "regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/web$"
                                                                            }
                                                                      }
                                                                }
                                                          }
                                                    },
                                                {
                                                      "not_id": {
                                                            "authenticated": {
                                                                  "principal_name": {
                                                                        "safe_regex": {
                                                                              "google_re2": {
                                                                                  },
                                                                              "regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/unsafe$"
                                                                            }
                                                                      }
                                                                }
                                                          }
                                                    },
                                                {
                                                      "not_id": {
                                                            "authenticated": {
                                                                  "principal_name": {
                                                                        "safe_regex": {
                                                                              "google_re2": {
                                                                                  },
                                                                              "regex": "^spiffe://[^/]+/ns/default/dc/[^/]+/svc/cron$"
                                                                            }
                                                                      }
                                                                }
                                                          }
                                                    }
                                              ]
                                        }
                                  }
                            ]
                      }
                }
          },
      "stat_prefix": "connect_authz"
    }
}