Authorizaion Policy Logs

Rajesh · April 27, 2023, 3:19pm

Hi ,
Here I’m using the wrong serviceaccount name in the authorization policy. When i check the istio logs.It doesnt show the name of the authorizationpolicy have wrong configuration it just mention the enforced denied in the logs.
Is there any way to find out the logs which we had the wrong configurations of authorization policy.
Here im adding the configuration and logs below.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: test-policy
namespace: testing
spec:
selector:
matchLabels:
app: fronted
action: ALLOW
rules:

from:
- source:
  principals: [“cluster.local/ns/istio-system/sa/WRONG-SERVICEACCOUNT-NAME”]
to:
- operation:
  methods: [“*”]

Logs: ‘x-forwarded-client-cert’, ‘By=spiffe://gto-anthos-poc.svc.id.goog/ns/scrtui/sa/default;Hash=4932672d68f40123f5589cb6cc1218e11fe002d411d98284b2be13809c47d770;Subject=“OU=istio_v1_cloud_workload,O=Google LLC,L=Mountain View,ST=California,C=US”;URI=spiffe://gto-anthos-poc.svc.id.goog/ns/istio-system/sa/istio-ingressgateway-service-account’
, dynamicMetadata:
2023-04-27T15:18:42.243354Z debug envoy rbac enforced denied, matched policy none

Topic		Replies	Views
Istio 1.5 AuthorizationPolicy using JWT Security	4	968	July 28, 2020
Istio Authorization Policy not triggering checks - rbac_access_denied_matched_policy[default-deny-all-due-to-bad-CUSTOM-action] Security security	0	3440	September 13, 2022
Ingress gateway IP whitelist with AuthorizationPolicy	7	3431	March 11, 2020
Security - Authorization Policy - 503 Security	6	1514	May 18, 2020
AuthorizationPolicy not Enforced Security security	2	875	October 8, 2020

Authorizaion Policy Logs

Related Topics