403 - "rbac_access_denied_matched_policy[istio-ext-authz-ns[default]-policy[ext-authz]-rule[0]-deny-due-to-bad-CUSTOM-action

[bvamshidhar]

I'm trying to get this running on my Azure Kubernetes cluster K8 version: 1.28.5, Istio: 1.20.3, OPA: 0.64.1
https://github.com/open-policy-agent/opa-envoy-plugin/blob/main/examples/istio/quick_start.yaml

I was able to get it working locally using docker desktop. K8 version: 1.27.2, OPA: 0.64.1, Istio: 1.20.6

I modified the opa-policy configmap to use only this code:

apiVersion: v1
kind: ConfigMap
metadata:
name: opa-policy
data:
policy.rego: |
package istio.authz

import input.attributes.request.http as http_request
import input.parsed_path

default allow = true

I have the bookinfo service running and I get this error when I hit the endpoint:
Example: curl -i http://public_IP/productpage

istio-proxy container logs:
403 - "rbac_access_denied_matched_policy[istio-ext-authz-ns[default]-policy[ext-authz]-rule[0]-deny-due-to-bad-CUSTOM-action