X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_serviceMesh.tpl;h=3ba945ee8b2f22b5bdd8127a54dbd1adb6cf1904;hp=fe2424cc85b24f30ef48154ccd7539b6bc68a086;hb=6f2c6c2d1cdd755470afd91768f53d9050cc4596;hpb=6356e07a0caa7caef201d64977bd9615f6837853

diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl
index fe2424cc85..3ba945ee8b 100644
--- a/kubernetes/common/common/templates/_serviceMesh.tpl
+++ b/kubernetes/common/common/templates/_serviceMesh.tpl
@@ -98,7 +98,7 @@ true
               app.kubernetes.io/name: <app-to-match>    ("app.kubernetes.io/name" corresponds to key defined in "common.labels", which is included in "common.service")
 
     If common.useAuthorizationPolicies returns false:
-      Will create an authorization policy without rules, i.e., an allow-all policy
+      Will not create an authorization policy
 */}}
 {{- define "common.authorizationPolicy" -}}
 {{-   $dot := default . .dot -}}
@@ -106,6 +106,7 @@ true
 {{-   $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}}
 {{-   $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
 {{-   $relName := include "common.release" . -}}
+{{-   if (include "common.useAuthorizationPolicies" .) }}
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
@@ -117,7 +118,6 @@ spec:
       app.kubernetes.io/name: {{ include "common.servicename" . }}
   action: ALLOW
   rules:
-{{-   if (include "common.useAuthorizationPolicies" .) }}
 {{-     if $authorizedPrincipals }}
 {{-       range $principal := $authorizedPrincipals }}
   - from:
@@ -143,7 +143,5 @@ spec:
 {{-         end }}
 {{-       end }}
 {{-     end }}
-{{-   else }}
-    - {}
 {{-   end }}
 {{- end -}}