Policy Decision Point (PDP) Commands
This collection of commands aims to improve the experience of working with the PDPs (Permit PDP or Open Policy Agent).
permit pdp run
Use this command to run a Permit PDP Docker container configured with your Permit.io account details. The command will start the container in detached mode and display the container ID and name.
Arguments (Optional):
--api-key <string>
- use a specific API key instead of the stored one--opa <number>
- expose the OPA instance running in the PDP--dry-run
- print the Docker command without executing it
Examples:
Run the PDP container
$ permit pdp run
Run the PDP container with OPA exposed on port 8181
$ permit pdp run --opa 8181
Print the Docker command without running the container:
$ permit pdp run --dry-run
Run the PDP with a specific API key:
$ permit pdp run --api-key your_api_key
permit pdp check
Use this command to perform an authorization check against the PDP. The command will take the user, action, and resource (and some other enrichment arguments) as options and return the decision.
Arguments (Required):
--user <string>
- the user ID to check the authorization for--action <string>
- the action to check the authorization for--resource <string>
- the resource to check the authorization for
Arguments (Optional):
--tenant <string>
- the tenant to check the authorization for (default: default
)--pdpurl <string>
- the PDP URL to check the authorization against (default: http://localhost:7676
)--user-attributes
- additional user attributes to enrich the authorization check in the format:key1=value1,key2=value2
-resource-attributes
- additional resource attributes to enrich the authorization check in the formatkey1=value1,key2=value2
Example:
$ permit pdp check --user eventHandler --action update --resource Widget:dashboard-1-widget
permit pdp stats
Use this command to view statistics about your PDP's performance and usage. This is useful for monitoring and debugging your PDP instance.
Arguments (Optional):
--project-key <string>
- The project key--environment-key <string>
- the environment key--stats-url <string>
- the URL of the PDP service. Default to the cloud PDP--api-key <string>
- the API key for the Permit env, project, or Workspace--top
- run stats in top mode (default: false
)
Example:
$ permit pdp stats
permit pdp check-url
Check if a user has permission to access a specific URL. The command verifies URL-based permissions against the PDP using the Permit.io URL authorization API.
Arguments (Required):
--user <string>
- the user id to check permissions for (Required)--url <string>
- the URL to check permissions for (Required)
Arguments (Optional):
--method <string>
- the HTTP method to check permissions for (default:GET
)--tenant <string>
- the tenant to check permissions for (default:default
)--user-attributes <string>
- additional user attributes to enrich the authorization check in the formatkey1:value1,key2:value2
. Can be specified multiple times.--pdp-url <string>
- the PDP URL to check authorization against (default: Cloud PDP)--api-key <string>
- the API key for the Permit env, project or Workspace
Examples:
Basic URL permission check:
$ permit pdp check-url --user john@example.com --url https://api.example.com/orders
Check with specific HTTP method and tenant:
$ permit pdp check-url --user john@example.com --url https://api.example.com/orders --method POST --tenant acme-corp
Check with user attributes:
$ permit pdp check-url --user john@example.com --url https://api.example.com/orders --user-attributes role:admin --user-attributes department:sales
Check against local PDP:
$ permit pdp check-url --user john@example.com --url https://api.example.com/orders --pdp-url http://localhost:7766