{{- if or (not .Values.global.excludePortals) (not (has "citizen" .Values.global.excludePortals)) (not (has "officer" .Values.global.excludePortals)) }} kind: AuthorizationPolicy apiVersion: security.istio.io/v1beta1 metadata: name: authoriz-policy-{{ .Values.name }} namespace: {{ .Release.Namespace }} spec: selector: matchLabels: app: {{ .Values.name }} rules: - from: - source: notRequestPrincipals: - '*' to: - operation: notPaths: - /actuator* - /openapi - /swagger-ui/* - /v3* action: DENY {{- end }}