What is the order of evaluation between features or actions specified by VirtualService objects and those specified by AuthorizationPolicy objects?
That is, does VirtualService routing happen before or after AuthorizationPolicy access checking?
For example, if a given VirtualService VS would (without the following AuthorizationPolicy) return a redirection for a given request, and a given AuthorizationPolicy AP with a DENY action would (without the preceding VirtualService) block access for that given request, then if both VS and AP are used, will Istio return a redirection (per VS) or block access (per AP) for that given request?
Relatedly, if a VirtualService that is configured to rewrite a URI path of
/b is used with an AuthorizationPolicy that is configured to block requests with path of
/a, is a request with a path of
/a routed per the VirtualService or blocked per the AuthorizationPolicy? What about with an AuthorizationPolicy configured to block