mirror of https://github.com/istio/istio.io.git
127 lines
3.2 KiB
Bash
127 lines
3.2 KiB
Bash
#!/bin/bash
|
|
# shellcheck disable=SC2034,SC2153,SC2155,SC2164
|
|
|
|
# Copyright Istio Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
####################################################################################################
|
|
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
|
|
# docs/tasks/security/authorization/authz-http/index.md
|
|
####################################################################################################
|
|
|
|
snip_configure_access_control_for_workloads_using_http_traffic_1() {
|
|
kubectl apply -f - <<EOF
|
|
apiVersion: security.istio.io/v1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: allow-nothing
|
|
namespace: default
|
|
spec:
|
|
{}
|
|
EOF
|
|
}
|
|
|
|
snip_configure_access_control_for_workloads_using_http_traffic_2() {
|
|
kubectl apply -f - <<EOF
|
|
apiVersion: security.istio.io/v1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: "productpage-viewer"
|
|
namespace: default
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: productpage
|
|
action: ALLOW
|
|
rules:
|
|
- to:
|
|
- operation:
|
|
methods: ["GET"]
|
|
EOF
|
|
}
|
|
|
|
snip_configure_access_control_for_workloads_using_http_traffic_3() {
|
|
kubectl apply -f - <<EOF
|
|
apiVersion: security.istio.io/v1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: "details-viewer"
|
|
namespace: default
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: details
|
|
action: ALLOW
|
|
rules:
|
|
- from:
|
|
- source:
|
|
principals: ["cluster.local/ns/default/sa/bookinfo-productpage"]
|
|
to:
|
|
- operation:
|
|
methods: ["GET"]
|
|
EOF
|
|
}
|
|
|
|
snip_configure_access_control_for_workloads_using_http_traffic_4() {
|
|
kubectl apply -f - <<EOF
|
|
apiVersion: security.istio.io/v1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: "reviews-viewer"
|
|
namespace: default
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: reviews
|
|
action: ALLOW
|
|
rules:
|
|
- from:
|
|
- source:
|
|
principals: ["cluster.local/ns/default/sa/bookinfo-productpage"]
|
|
to:
|
|
- operation:
|
|
methods: ["GET"]
|
|
EOF
|
|
}
|
|
|
|
snip_configure_access_control_for_workloads_using_http_traffic_5() {
|
|
kubectl apply -f - <<EOF
|
|
apiVersion: security.istio.io/v1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: "ratings-viewer"
|
|
namespace: default
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: ratings
|
|
action: ALLOW
|
|
rules:
|
|
- from:
|
|
- source:
|
|
principals: ["cluster.local/ns/default/sa/bookinfo-reviews"]
|
|
to:
|
|
- operation:
|
|
methods: ["GET"]
|
|
EOF
|
|
}
|
|
|
|
snip_clean_up_1() {
|
|
kubectl delete authorizationpolicy.security.istio.io/allow-nothing
|
|
kubectl delete authorizationpolicy.security.istio.io/productpage-viewer
|
|
kubectl delete authorizationpolicy.security.istio.io/details-viewer
|
|
kubectl delete authorizationpolicy.security.istio.io/reviews-viewer
|
|
kubectl delete authorizationpolicy.security.istio.io/ratings-viewer
|
|
}
|