Trying to apply authorization policy with when condition for request.headers.
Request header ‘ssogroup’ Has comma separated values
format of request header:
“ssogroup”: “abc,def,xyz,mnp”
istio authorization policy applied:
apiVersion: “security.istio.io/v1beta1”
kind: “AuthorizationPolicy”
metadata:
name: reqauthz-ingress-policy-grp-authorization-1
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:
- to:
- operation:
methods: [“GET”]
hosts: [“sample.com”]
when: - key: request.headers[ssogroup]
notValues: [“def”,“xyz”]
- operation:
but this doesnt work, "notValues: [“def”,“xyz”]
notValues: [“abc,def,xyz,mnp”] works for complete match
What is the format of request header with multiple values to match this policy