I have below two policy in my Values.yaml file. By default in policy one(USER_POLICY) I am allowing all the end point so i have just defined my context root(/v2/trans/brokerage/external) and allowed all http method. but out of it i just want exclude the endpoint(/v2/trans/brokerage/external/conditions) which comes under my SUPPORT_POLICY. how to exclude the endpoints specified in one policy with another Policy.
rules:
action: ALLOW
policies:
USER_POLICY:
principals:
- header: { name: "roles", contains_match: "ADMIN_ACCOUNT" }
permissions:
- and_rules:
rules:
- header: { name: ":path", prefix_match: "/v2/trans/brokerage/external" }
- or_rules:
rules:
- header: { name: ":method", exact_match: "GET" }
- header: { name: ":method", exact_match: "POST" }
- header: { name: ":method", exact_match: "PATCH" }
- header: { name: ":method", exact_match: "DELETE" }
Some syntax to exclude : /v2/trans/brk/ext/conditions
SUPPORT_POLICY:
principals:
- header: { name: "roles", contains_match: "SUPPORT" }
permissions:
- and_rules:
rules:
- url_path: { path: { prefix: "/v2/trans/brk/ext/conditions" } }
- or_rules:
rules:
- header: { name: ":method", exact_match: "GET" }
- header: { name: ":method", exact_match: "POST" }
