apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: deny-transactions-authorizationpolicy
namespace: default
spec:
selector:
matchLabels:
app: transactions
action: ALLOW
rules:
- from:
- source:
principals: ["cluster.local/ns/default/checking-account"]
to:
- operation:
methods: ["GET"]
paths: ["/*"]
it denies checking-account to access transaction workload.
If I change action to DENY. it allows checking-account to access transaction workload.
Can someone help me why allow is denying and deny is allowing?
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: deny-transactions-authorizationpolicy
namespace: default
spec:
selector:
matchLabels:
app: transactions
action: DENY
rules:
- from:
- source:
principals: ["cluster.local/ns/default/checking-account"]
- to:
- operation:
methods: ["GET"]
paths: ["/*"]
I needed to put - in front of to:
That fixed the issue.