2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"filters": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"name": "envoy.filters.network.rbac",
|
|
|
|
"typedConfig": {
|
|
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
|
|
|
|
"rules": {
|
|
|
|
"action": "DENY",
|
|
|
|
"policies": {
|
|
|
|
"consul-intentions-layer4": {
|
|
|
|
"permissions": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"any": true
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
],
|
2023-10-05 21:54:23 +00:00
|
|
|
"principals": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"authenticated": {
|
|
|
|
"principalName": {
|
|
|
|
"safeRegex": {
|
|
|
|
"googleRe2": {},
|
|
|
|
"regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/db$"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"authenticated": {
|
|
|
|
"principalName": {
|
|
|
|
"safeRegex": {
|
|
|
|
"googleRe2": {},
|
|
|
|
"regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
2023-10-05 21:54:23 +00:00
|
|
|
"statPrefix": "connect_authz"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"name": "envoy.filters.network.rbac",
|
|
|
|
"typedConfig": {
|
|
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
|
|
|
|
"rules": {
|
|
|
|
"policies": {
|
|
|
|
"consul-intentions-layer4-0": {
|
|
|
|
"permissions": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"any": true
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
],
|
2023-10-05 21:54:23 +00:00
|
|
|
"principals": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"authenticated": {
|
|
|
|
"principalName": {
|
|
|
|
"safeRegex": {
|
|
|
|
"googleRe2": {},
|
|
|
|
"regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/api$"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"andIds": {
|
|
|
|
"ids": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"authenticated": {
|
|
|
|
"principalName": {
|
|
|
|
"safeRegex": {
|
|
|
|
"googleRe2": {},
|
|
|
|
"regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"notId": {
|
|
|
|
"authenticated": {
|
|
|
|
"principalName": {
|
|
|
|
"safeRegex": {
|
|
|
|
"googleRe2": {},
|
|
|
|
"regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
2023-10-05 21:54:23 +00:00
|
|
|
"consul-intentions-layer4-1": {
|
|
|
|
"permissions": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"any": true
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
],
|
2023-10-05 21:54:23 +00:00
|
|
|
"principals": [
|
2023-09-13 13:03:42 +00:00
|
|
|
{
|
2023-10-05 21:54:23 +00:00
|
|
|
"authenticated": {
|
|
|
|
"principalName": {
|
|
|
|
"safeRegex": {
|
|
|
|
"googleRe2": {},
|
|
|
|
"regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
2023-10-05 21:54:23 +00:00
|
|
|
"statPrefix": "connect_authz"
|
2023-09-13 13:03:42 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|