Execution Pipelines
Executing actions
Execution pipelines in Radiator Server execute a sequence of actions against an execution context. Each action performs a specific task, for example authenticating the user, processing the request data, reading and writing data on external systems through backends, or updating the reply attributes. The execution context variables depend on the execution pipeline. For example, for a RADIUS request, it contains the request code, and the request and reply attributes.
Each action can have four possible outcomes:
- Accept: Continue execution to the next action.
- Reject: Stop execution immediately.
- Ignore: Skip the current action and continue to the next one.
- Error: Stop execution immediately.
These behaviors can be controlled using the pipeline directives.
The result of the execution pipeline is determined by the last action that was executed. The pipeline result determines the response sent to the client, which is protocol specific. For example in RADIUS Accept means Access-Accept and Reject means Access-Reject for Access-Request.
Pipeline Syntax
Execution pipelines are always defined with a block starting with @. The allowed pipelines are predefined and depend on the configuration position.
policy "POLICY" {
handler "HANDLER" {
# Pipeline executed for this handler
@execute {
backend {
name "SQL";
query "FIND_USER";
}
pap;
}
}
}
Here the pipeline is the policy handler which is executed for incoming requests. The backend action is executed first, and if it accepts, the pap action is executed to verify the user credentials. If the backend action does not find the user, it rejects and the pap action is not executed at all. If both actions accept, the request is accepted.
This example is for the Policy Handler Pipeline. See the Policy Handler reference for more details.
Control Flow
Pipelines support control flow actions that allow conditional execution and branching logic. The if action evaluates conditions against execution context variables and executes different actions based on the result:
backend {
name "SQL";
query "FIND_USER";
}
if all {
vars.account_status == "active";
} then {
pap;
} else {
reason "Account is not active";
reject;
}
For other control flow actions, see map and with.
See Also
Architecture Overview
Backend Load Balancing
Basic Installation
Comparison Operators
Configuration Editor
Configuration Import and Export
Data Types
Duration Units
Execution Context
Execution Pipelines
Filters
Health check /live and /ready
High Availability and Load Balancing
High availability identifiers
HTTP Basic Authentication
Introduction
Local AAA Backends
Log storage and formatting
Management API privilege levels
Namespaces
Password Hashing
Pipeline Directives
Probabilistic Sampling
Prometheus scraping
PROXY Protocol Support
Radiator server health and boot up logic
Radiator sizing
Radiator software releases
Rate Limiting
Rate Limiting Algorithms
Reverse Dynamic Authorization
Template Rendering CLI
Tools radiator-client
TOTP/HOTP Authentication
What is Radiator?