Policy
Summary
The policy
block inside a route
definition defines the authorization policy applied to a route. Policies are defined using Pomerium Policy Language (PPL), a yaml-based markup designed to be easier to read and implement compared to current alternatives.
See Pomerium Policy Language for a full explanation of how to write policies in PPL.
How to configure
- Core
- Enterprise
- Kubernetes
YAML/JSON setting | Type | Usage |
---|---|---|
policy | string | optional |
Build a Policy in the Console:
Create a policy:
Add actions and rules in the Policy Builder:
Edit your policy:
Name | Type | Usage |
---|---|---|
policy | string | optional |
See Kubernetes Ingress for more information
Examples
routes:
- from: https://verify.localhost.pomerium.io
to: http://verify:8000
policy:
- allow:
and:
- domain:
is: pomerium.com
- user:
is: user
# ingress
ingress.pomerium.io/policy: |
allow:
and:
- domain:
is: pomerium.com
- user:
is: user