Allow rules are configured using section apps[].mappings[].allow_rules[]. For details on all available options, please refer to the DSL reference.
- There are three types of allow rules:
- -built-in: allow rule with name "Allow all" is built-in. If it is enabled (which is the default setting), all traffic is accepted.
- -defined on mapping template: allow rules may be defined on a mapping template and be referenced by name. This is, for example, the case when using the Airlock IAM mapping template.
- -custom: custom allow rules may be defined using the DSL.
Using predefined allow rules
The following example demonstrates usage of predefined allow rules. The built-in allow rule "Allow all" is disabled. Instead, three allow rules defined by the Airlock IAM mapping template are enabled:
apps:
- mappings:
- name: test
allow_rules:
# --- built-in default allow rule ---
- name: "Allow all"
enabled: false
# --- Provided by Airlock IAM mapping template ---
- name: "Self-Service Functionality"
enabled: true
- name: "OAuth 2.0 Authorization Server Functionality"
enabled: true
- name: "REST API"
enabled: true
Using custom allow rules
The following example demostrates configuration of a custom allow rule. The built-in allow rule "Allow all" is disabled. Then, a custom allow rule for JSON content on path /api and methods GET, PUT or POST is defined.
apps:
- mappings:
- name: test
allow_rules:
# --- built-in default allow rule ---
- name: "Allow all"
enabled: false
# --- Custom allow rule ---
- name: "Allow JSON on API"
enabled: true
path:
pattern: "^/api"
method:
pattern: "^(GET|PUT|POST)$"
content_type:
pattern: "application/json"
Currently, DSL settings for custom allow rules support only path, HTTP method, and content type. Allow rules defined on mapping templates support parameter names and values as well.