Pipeline Directives
Control flow for pipeline execution
Pipeline directives control how a pipeline block executes. The directive can be explicitly requested using the standalone actions:
Or they can be used as parameters in these actions:
first
Stops on first accept or reject and returns that. If no accept or reject is
encountered, ignore is returned.
Example
When you want the first non-ignoring action to provide a result to make the decision
first {
backend "PRIMARY_AUTH"; # ignores if does not find user
backend "FALLBACK_AUTH";
}
any
Stop on first accept. If no accept is encountered, return the last reject or ignore.
Example
When calling multile backends or methods where any success is sufficient
any {
pap;
chap;
}
while - Default
Stop on reject. Return the last accept or ignore.
NOTE: This is not a loop.
This the default behavior for pipelines. There is really no need to use the
standalone while action but it can be used for clarity in the with action.
It should noted that if a policy handler returns ignore as the last action it
will still reject the request.
Example
All must accept or ignore
while {
backend "USER_EXISTS";
script "CHECK_BUSINESS_HOURS";
}
or since this is the default behavior, you can simply write:
backend "USER_EXISTS";
script "CHECK_BUSINESS_HOURS";
all
All actions must accept. If any action returns ignore or reject, that is returned immediately.
Example
All verifications must succeed
all {
backend "VALIDATE_USER";
backend "CHECK_PERMISSIONS";
backend "VERIFY_LICENSE";
}
none
🚨 None is known to be buggy. Do not use for now.
All actions must return reject, then returns accept. If any action returns accept or ignore then reject is returned immediately.
none {
backend "BLACKLIST_CHECK";
backend "BANNED_USERS";
backend "SUSPICIOUS_PATTERNS";
}
each
Return the result of the last action.
Note that this does not capture errors. If you need to catch errors, use the try action.
Example
each {
# does not matter if these reject or ignore
backend "STORE_ANALYTICS";
backend "LOG_ACCESS";
# this result is returned
backend "PRIMARY_AUTH";
}
/live and /ready end points
Architecture Overview
Basic Installation
Comparison Operators
Configuration Editor
Data Types
Duration Units
Execution Context
Execution Pipelines
Filters
High availability identifiers
HTTP Basic Authentication
Introduction
Log storage and formatting
Management API privilege levels
Password Hashing
Pipeline Directives
Probabilistic Sampling
Prometheus scraping
PROXY Protocol Support
Radiator server health and boot up logic
Radiator sizing
Radiator software releases
Template Rendering CLI
Tools radiator-client
TOTP/HOTP Authentication
What is Radiator?