Policy
Summary
The policy block inside a route definition defines the authorization policy applied to a route. Policies are defined using Pomerium Policy Language (PPL), a yaml-based markup designed to be easier to read and implement compared to current alternatives.
See Pomerium Policy Language for a full explanation of how to write policies in PPL.
How to configure
- Core
- Enterprise
- Kubernetes
| YAML/JSON setting | Type | Usage |
|---|---|---|
policy | string | optional |
Examples
routes:
- from: https://verify.localhost.pomerium.io
to: http://verify:8000
policy:
- allow:
and:
- domain:
is: pomerium.com
- user:
is: user
Build a Policy in the Console:
Create a policy:
Add actions and rules in the Policy Builder:
Edit your policy:
| Annotation name | Type | Usage |
|---|---|---|
policy | string | optional |
Examples
ingress.pomerium.io/policy: |
allow:
and:
- domain:
is: pomerium.com
- user:
is: user