Allow rules are configured using section apps[].mappings[].allow_rules[]. For details on all available options, please refer to the DSL reference.
- There are three types of allow rules:
- -built-in: allow rule with name "Allow all" is built-in. If it is enabled (which is the default setting), all traffic is accepted.
- -defined on mapping template: allow rules may be defined on a mapping template and be referenced by name. This is, for example, the case when using the Airlock IAM mapping template.
- -custom: custom allow rules may be defined using the DSL.
Using predefined allow rules
The following example demonstrates usage of predefined allow rules. The built-in allow rule "Allow all" is disabled. Instead, three allow rules defined by the Airlock IAM mapping template are enabled:
apps: - mappings: - name: test allow_rules: # --- built-in default allow rule --- - name: "Allow all" enabled: false # --- Provided by Airlock IAM mapping template --- - name: "Self-Service Functionality" enabled: true - name: "OAuth 2.0 Authorization Server Functionality" enabled: true - name: "REST API" enabled: true
Using custom allow rules
The following example demostrates configuration of a custom allow rule. The built-in allow rule "Allow all" is disabled. Then, a custom allow rule for JSON content on path /api and methods GET, PUT or POST is defined.
apps: - mappings: - name: test allow_rules: # --- built-in default allow rule --- - name: "Allow all" enabled: false # --- Custom allow rule --- - name: "Allow JSON on API" enabled: true path: pattern: "^/api" method: pattern: "^(GET|PUT|POST)$" content_type: pattern: "application/json"
Currently, DSL settings for custom allow rules support only path, HTTP method, and content type. Allow rules defined on mapping templates support parameter names and values as well.