Allow a request only if it matches the rules.

Audit a request if it matches any of the rules.

The CUSTOM action allows an extension to handle the user request if the matching rules evaluate to true.

Deny a request if it matches any of the rules.

Connection is not tunneled.

Connection can be either plaintext or mTLS tunnel.

Connection is an mTLS tunnel (TLS with client cert must be presented).

Inherit from parent, if has one.

AuthorizationPolicy enables access control on workloads.

Action specifies the operation to take.

Specifies detailed configuration of the CUSTOM action.

This message specifies the detail for copying claim to header.

Condition specifies additional required attributes.

This message specifies a header location to extract JWT token.

JSON Web Token (JWT) token format for authentication as defined by [RFC 7519](https://tools.ietf.org/html/rfc7519).

Operation specifies the operations of a request.

PeerAuthentication defines mutual TLS (mTLS) requirements for incoming connections.

Mutual TLS settings.

RequestAuthentication defines what request authentication methods are supported by a workload.

Rule matches requests from a list of sources that perform a list of operations subject to a list of conditions.

From includes a list of sources.

To includes a list of operations.

Source specifies the source identities of a request.