2 # Copyright © 2023 Nordix Foundation
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 {{ include "common.authorizationPolicy" . }}
19 {{- $dot := default . .dot -}}
20 {{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
21 {{- $authorizedPrincipalsSdnHosts := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsSdnHosts -}}
22 {{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
23 {{- $relName := include "common.release" . -}}
24 {{- if (include "common.useAuthorizationPolicies" .) }}
25 apiVersion: security.istio.io/v1beta1
26 kind: AuthorizationPolicy
28 name: sdnhost-{{ include "common.servicename" . }}-authz
29 namespace: {{ include "common.namespace" . }}
33 app: sdnhost-{{ include "common.name" . }}
36 {{- if $authorizedPrincipalsSdnHosts }}
37 {{- range $principal := $authorizedPrincipalsSdnHosts }}
41 {{- $namespace := default "onap" $principal.namespace -}}
42 {{- if eq "onap" $namespace }}
43 - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
45 - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
50 {{- if $principal.allowedOperationMethods }}
51 {{- range $method := $principal.allowedOperationMethods }}
55 {{- range $method := $defaultOperationMethods }}