OptionalapiAPI version of the policy.
OptionaldescriptionDescription of the policy.
OptionaldisabledWhether the policy is ignored by the Cerbos engine.
A set of exported variables.
OptionalmetadataMetadata about the policy.
OptionalvariablesVariable expressions defined for the policy.
Each variable is evaluated before any rule condition. A variable expression can contain anything that condition expression can have.
Define variables within the policy body instead, provided the Cerbos policy decision point server is at least v0.29 (DerivedRolesBody.variables, PrincipalPolicyBody.variables, or ResourcePolicyBody.variables).
A set of exported variables to be reused in other policies.
Remarks
Requires the Cerbos policy decision point server to be at least v0.29.