Zuplo
Other

Composite Inbound (Group Policies) Policy

Create reusable groups of policies that can be applied together across multiple routes. This policy allows you to organize and manage collections of policies by referencing them by their name.

With this policy, you'll benefit from:

  • Simplified Management: Group related policies together for easier maintenance
  • Consistent Security: Apply the same set of policies across multiple routes
  • Reduced Configuration: Minimize repetitive policy definitions in your routes
  • Modular Design: Create logical policy groupings based on function or security level
  • Streamlined Updates: Change policy configurations in one place and apply everywhere

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

Code(json)
 
{
  "name": "my-composite-inbound-policy",
  "policyType": "composite-inbound",
  "handler": {
    "export": "CompositeInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "policies": ["policy1", "policy2"]
    }
  }
}

Policy Configuration

  • name <string> - The name of your policy instance. This is used as a reference in your routes.
  • policyType <string> - The identifier of the policy. This is used by the Zuplo UI. Value should be composite-inbound.
  • handler.export <string> - The name of the exported type. Value should be CompositeInboundPolicy.
  • handler.module <string> - The module containing the policy. Value should be $import(@zuplo/runtime).
  • handler.options <object> - The options for this policy. See Policy Options below.

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

  • policies <string[]> - The list of policy references (beware circular references).

Using the Policy

This policy allows you to create groups of other policies for easy reuse across multiple routes. Policies are referenced by their name as defined in your policies.json file.

Policy Configuration

The Composite Inbound policy requires a list of policy names to include in the group:

Code(json)
 
{
  "policies": [
    "rate-limit-policy",
    "api-key-auth-policy",
    "request-validation-policy"
  ]
}

Each policy name in the array must correspond to a valid policy defined in your policies.json file.

Usage Examples

Creating a Security Group

You can create a security policy group that combines authentication and rate limiting:

Code(json)
 
{
  "name": "security-group",
  "handler": {
    "export": "CompositeInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "policies": ["api-key-auth", "rate-limit"]
    }
  }
}

Creating a Validation Group

You can create a validation policy group that combines schema validation and custom validation logic:

Code(json)
 
{
  "name": "validation-group",
  "handler": {
    "export": "CompositeInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "policies": ["json-schema-validator", "custom-validation-policy"]
    }
  }
}

Important Considerations

  • Be careful not to create circular references, which can cause your gateway to fail
  • Policies will be executed in the order they are listed in the policies array
  • Each policy in the composite group must be properly configured in your policies.json file
  • The composite policy can be used in route definitions just like any other policy

Read more about how policies work

Last modified on
GraphQL Complexity Limit PolicyBrown Out Policy