From 0d0c02ffe336a91a69845aca05c322535d98767c Mon Sep 17 00:00:00 2001
From: komakkar <komakkar@microsoft.com>
Date: Mon, 2 Nov 2020 16:09:29 +0530
Subject: [PATCH] added authz yaml
---
devops/azure/README.md | 2 +-
devops/azure/chart/templates/auth.yaml | 32 ++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 1 deletion(-)
create mode 100644 devops/azure/chart/templates/auth.yaml
diff --git a/devops/azure/README.md b/devops/azure/README.md
index 61354c850..ff6411ce3 100644
--- a/devops/azure/README.md
+++ b/devops/azure/README.md
@@ -1,7 +1,7 @@
# Pipeline Support Commands
```bash
-AZURE_SERVICE="storage"
+AZURE_SERVICE="register"
REPO_BRANCH="master"
TAG="latest"
PARTIAL=${REPO_BRANCH/\//-}
diff --git a/devops/azure/chart/templates/auth.yaml b/devops/azure/chart/templates/auth.yaml
new file mode 100644
index 000000000..ff31f9f7e
--- /dev/null
+++ b/devops/azure/chart/templates/auth.yaml
@@ -0,0 +1,32 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: register-jwt-auth
+ namespace: osdu
+spec:
+ selector:
+ matchLabels:
+ app: register
+ action: DENY
+ rules:
+ - from:
+ - source:
+ notRequestPrincipals: ["*"]
+ to:
+ - operation:
+ notPaths: ["/","*/swagger-resources","*/swagger",
+ "/api/register/v1/swagger-resources/*","*/swagger-ui.html","*/actuator/health"]
\ No newline at end of file
--
GitLab