azure-istio-auth-policy.yaml 1.3 KB
Newer Older
Daniel Scholl's avatar
Daniel Scholl committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#  Copyright © Microsoft Corporation
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: {{ .Chart.Name }}-jwt-authz
  namespace: osdu
spec:
  selector:
    matchLabels:
      app: {{ .Chart.Name }}
  action: DENY
  rules:
    - from:
        - source:
            notRequestPrincipals: ["*"]
      to:
        - operation:
            notPaths: ["/","*/index.html",
                       "*/v2/api-docs",
                       "*/swagger","*/swagger-resources","*/swagger-ui.html",
                       "*/actuator/health", "*/health",
                       "*/configuration/ui","*/configuration/security",
                       "/api/{{ .Chart.Name }}/v2/swagger-resources/*",
                       "/api/{{ .Chart.Name }}/v2/webjars/*"]