apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  labels:
    app: istio-pilot
    heritage: Tiller
    istio: security
    release: istio
  name: authorizationpolicies.security.istio.io
  annotations:
    helm.sh/hook: crd-install
spec:
  group: security.istio.io
  names:
    categories:
    - istio-io
    - security-istio-io
    kind: AuthorizationPolicy
    plural: authorizationpolicies
    singular: authorizationpolicy
  scope: Namespaced
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        spec:
          description: 'Configuration for access control on workloads. See more details
            at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html'
          properties:
            rules:
              description: Optional.
              items:
                properties:
                  from:
                    description: Optional.
                    items:
                      properties:
                        source:
                          description: Source specifies the source of a request.
                          properties:
                            ipBlocks:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                            namespaces:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                            principals:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                            requestPrincipals:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                          type: object
                      type: object
                    type: array
                  to:
                    description: Optional.
                    items:
                      properties:
                        operation:
                          description: Operation specifies the operation of a request.
                          properties:
                            hosts:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                            methods:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                            paths:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                            ports:
                              description: Optional.
                              items:
                                format: string
                                type: string
                              type: array
                          type: object
                      type: object
                    type: array
                  when:
                    description: Optional.
                    items:
                      properties:
                        key:
                          description: The name of an Istio attribute.
                          format: string
                          type: string
                        values:
                          description: The allowed values for the attribute.
                          items:
                            format: string
                            type: string
                          type: array
                      type: object
                    type: array
                type: object
              type: array
            selector:
              description: Optional.
              properties:
                matchLabels:
                  additionalProperties:
                    format: string
                    type: string
                  type: object
              type: object
          type: object
      type: object
  versions:
  - name: v1beta1
    served: true
    storage: true