3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-10 23:03:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

ppl: add support for http_path and http_method (#2813)

Browse source 
* ppl: add support for http_path and http_method

* fix import ordering
This commit is contained in:
Caleb Doxsey 2021-12-10 07:28:51 -07:00 committed by GitHub
parent 54ec88fb93
commit 2d04106e6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 257 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/docs/topics/ppl.md
View file

@ -83,6 +83,8 @@ PPL supports many different criteria:
| `domain` | String Matcher | Returns true if the logged-in user's email address domain (the part after `@`) matches the given value. |
| `email` | String Matcher | Returns true if the logged-in user's email address matches the given value. |
| `groups` | List Matcher | Returns true if the logged-in user is a member of the given group. |
| `http_method` | String Matcher | Returns true if the HTTP method matches the given value. |
| `http_path` | String Matcher | Returns true if the HTTP path matches the given value. |
| `invalid_client_certificate` | Anything. Typically `true`. | Returns true if the incoming request has an invalid client certificate. A default `deny` rule using this criterion is added to all Pomerium policies when an mTLS [client certificate authority] is set. |
| `pomerium_routes` | Anything. Typically `true`. | Returns true if the incoming request is for the special `.pomerium` routes. A default `allow` rule using this criterion is added to all Pomerium policies. |
| `reject` | Anything. Typically `true`. | Always returns false. The opposite of `accept`. |