Allow rules configuration
Configuration of allow rules

Allow rules are configured using section apps[].mappings[].allow_rules[]. For details on all available options, please refer to the DSL reference.

  • There are three types of allow rules:
  • -
    built-in: allow rule with name "Allow all" is built-in. If it is enabled (which is the default setting), all traffic is accepted.
  • -
    defined on mapping template: allow rules may be defined on a mapping template and be referenced by name. This is, for example, the case when using the Airlock IAM mapping template.
  • -
    custom: custom allow rules may be defined using the DSL.

Using predefined allow rules

The following example demonstrates usage of predefined allow rules. The built-in allow rule "Allow all" is disabled. Instead, three allow rules defined by the Airlock IAM mapping template are enabled:

  apps:
  - mappings:
      - name: test
        allow_rules:
          # --- built-in default allow rule ---
          - name: "Allow all" 
            enabled: false
          # --- Provided by Airlock IAM mapping template ---
          - name: "Self-Service Functionality" 
            enabled: true
          - name: "OAuth 2.0 Authorization Server Functionality" 
            enabled: true
          - name: "REST API"
            enabled: true         

Using custom allow rules

The following example demostrates configuration of a custom allow rule. The built-in allow rule "Allow all" is disabled. Then, a custom allow rule for JSON content on path /api and methods GET, PUT or POST is defined.

  apps:
  - mappings:
      - name: test
        allow_rules:
          # --- built-in default allow rule ---
          - name: "Allow all" 
            enabled: false
          # --- Custom allow rule ---
          - name: "Allow JSON on API" 
            enabled: true
            path:
              pattern: "^/api"
            method:
              pattern: "^(GET|PUT|POST)$"
            content_type:
              pattern: "application/json"

Currently, DSL settings for custom allow rules support only path, HTTP method, and content type. Allow rules defined on mapping templates support parameter names and values as well.