HTTP authorization
HTTP authorization allows defining rules to allow or deny requests based on their properties, using CEL expressions.
Policies can define allow and deny rules. When evaluating a request:
- If there are no policies, the request is allowed.
- If any
denypolicy matches, the request is denied. - If any
allowpolicy matches, the request is allow. - Otherwise, the request is denied.
authorization:
rules:
- allow: 'request.path == "/authz/public"'
- deny: 'request.path == "/authz/deny"'
# legacy format; same as `allow: ...`
- 'request.headers["x-allow"] == "true"'