I was trying trying to implement an ISTIO authorization policy where I have a requirement to allow a request if a value in claim matches in any part of particular string.
Example: The Rule looks something like this:
rules: - to: - operation: methods: ["GET"] hosts: ["sample.com"] when: - key: request.auth.claims[TEST_STRING] values: ["SUBSTR" , "*SUBSTR" , "*SUBSTR*" , "SUBSTR*"]
Everything works fine if the value ‘SUBSTR’ contains as a prefix or suffix in claims, But if the string SUBSTR is in a middle the claim the condition failing. Is there any solution where the request is allowed if the values contains a substr in the middle.In my case the condition
“[* SUBSTR *]”
Check for the contains