AccessPolicy is used to define how a destination service is granted. Specifically it describes both how clients should be authenticated and authorized to access the service. Refer to this link for further details about cross origin resource sharing. AccessPolicies are applied at the Destination level.
specify the type of TLS policy that will be enforced on clients connecting to the destination. note that if service isolation is enabled for the workspace, this field will always be treated as ‘STRICT’.
the set of client identities that will be permitted to access the destination. Provide a single empty selector to allow access for all client identities.
allowedPaths
[]string
repeated
Optional. A list of HTTP paths or gRPC methods to allow. gRPC methods must be presented as fully-qualified name in the form of “/packageName.serviceName/methodName” and are case sensitive. Exact match, prefix match, and suffix match are supported for paths. For example, the path “/books/review” matches “/books/review” (exact match), “books/” (suffix match), or “/books” (prefix match). If not specified, allow any path.
allowedMethods
[]string
repeated
Optional. A list of HTTP methods to allow (e.g., “GET”, “POST”). It is ignored in gRPC case because the value is always “POST”. If not specified, allows any method.
TLS connection mode. Enums correspond to those defined here
Name
Number
Description
DISABLE
0
Do not originate a TLS connection to the upstream endpoint.
PERMISSIVE
1
Originate a TLS connection to the upstream endpoint.
STRICT
2
Secure connections to the upstream using mutual TLS by presenting client certificates for authentication. This mode uses certificates generated automatically by Istio for mTLS authentication. When this mode is used, all other fields in ClientTLSSettings should be empty.
