action property

String? action

Can be one of ALLOW, DENY, CUSTOM.

When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order:

1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. 2. If there are any DENY policies that match the request, the request is denied. 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.

Required. Possible string values are:

• "AUTHZ_ACTION_UNSPECIFIED" : Unspecified action.
• "ALLOW" : Allow request to pass through to the backend.
• "DENY" : Deny the request and return a HTTP 404 to the client.
• "CUSTOM" : Delegate the authorization decision to an external authorization engine.

Implementation

core.String? action;