AuthorizationPolicy for gRPC Istio Ingress

I’ve successfully used AuthorizationPolicy with HTTP services behind Istio’s ingress gateway to limit requests heading for a particular Host header.

However, it seems that gRPC doesn’t have the Host header, and I can’t see how to allow requests to a gRPC service without enumerating every single method in the service. Any ideas?

kind: AuthorizationPolicy
  name: my-service
  namespace: istio-system
      app: ingressgateway
  action: ALLOW
  - {}
  # This doesn't work for gRPC...Not sure how else we can deal with this
  # - to:
  #   - operation:
  #       hosts: [""]

Could you try to use the request.headers[:authority] attribute in the when section? The value might be in a bit different format, something like outbound|9000||someservice.default.svc.cluster.local if the request is sent from proxy in the mesh, I haven’t tried this on ingress gateway though.