Skip to main content

Policy Decision Point (PDP) Commands

This collection of commands aims to improve the experience of working with the PDPs (Permit PDP or Open Policy Agent).

permit pdp run

Use this command to run a Permit PDP Docker container configured with your Permit.io account details. The command will start the container in detached mode and display the container ID and name.

Arguments (Optional):

  • --api-key <string> - use a specific API key instead of the stored one
  • --opa <number> - expose the OPA instance running in the PDP
  • --dry-run - print the Docker command without executing it

Examples:

Run the PDP container

$ permit pdp run

Run the PDP container with OPA exposed on port 8181

$ permit pdp run --opa 8181

Print the Docker command without running the container:

$ permit pdp run --dry-run

Run the PDP with a specific API key:

$ permit pdp run --api-key your_api_key

permit pdp check

Use this command to perform an authorization check against the PDP. The command will take the user, action, and resource (and some other enrichment arguments) as options and return the decision.

Arguments (Required):

  • --user <string> - the user ID to check the authorization for
  • --action <string> - the action to check the authorization for
  • --resource <string> - the resource to check the authorization for

Arguments (Optional):

  • --tenant <string> - the tenant to check the authorization for (default: default)
  • --pdpurl <string> - the PDP URL to check the authorization against (default: http://localhost:7676)
  • --user-attributes - additional user attributes to enrich the authorization check in the format: key1=value1,key2=value2
  • -resource-attributes - additional resource attributes to enrich the authorization check in the format key1=value1,key2=value2

Example:

$ permit  pdp check --user eventHandler --action update --resource Widget:dashboard-1-widget

permit pdp stats

Use this command to view statistics about your PDP's performance and usage. This is useful for monitoring and debugging your PDP instance.

Arguments (Optional):

  • --project-key <string> - The project key
  • --environment-key <string> - the environment key
  • --stats-url <string> - the URL of the PDP service. Default to the cloud PDP
  • --api-key <string> - the API key for the Permit env, project, or Workspace
  • --top - run stats in top mode (default: false)

Example:

$ permit pdp stats

permit pdp check-url

Check if a user has permission to access a specific URL. The command verifies URL-based permissions against the PDP using the Permit.io URL authorization API.

Arguments (Required):

  • --user <string> - the user id to check permissions for (Required)
  • --url <string> - the URL to check permissions for (Required)

Arguments (Optional):

  • --method <string> - the HTTP method to check permissions for (default: GET)
  • --tenant <string> - the tenant to check permissions for (default: default)
  • --user-attributes <string> - additional user attributes to enrich the authorization check in the format key1:value1,key2:value2. Can be specified multiple times.
  • --pdp-url <string> - the PDP URL to check authorization against (default: Cloud PDP)
  • --api-key <string> - the API key for the Permit env, project or Workspace

Examples:

Basic URL permission check:

$ permit pdp check-url --user john@example.com --url https://api.example.com/orders

Check with specific HTTP method and tenant:

$ permit pdp check-url --user john@example.com --url https://api.example.com/orders --method POST --tenant acme-corp

Check with user attributes:

$ permit pdp check-url --user john@example.com --url https://api.example.com/orders --user-attributes role:admin --user-attributes department:sales

Check against local PDP:

$ permit pdp check-url --user john@example.com --url https://api.example.com/orders --pdp-url http://localhost:7766