Automated Policies
Use automated policies to enforce security and logging requirements by applying the same policies to all APIs running in Mule. With policy automation, you can quickly design, build, and deploy secure and consistent APIs.
Automated policies enable you to deploy APIs with confidence because the target environment automatically enforces critical policies, resulting in reduced errors. An administrator no longer needs to remember to insert a policy to enforce common standards manually.
You can configure all included policies and custom policies as automated policies and apply them to the APIs running in an environment.
Automated Policies in Mule
The following rules apply to automated policies in Mule runtime engine (Mule):
-
Automated policies are available only for Mule 4 APIs using a MuleSoft-hosted control plane.
-
Automated policies support all runtime deployment targets (CloudHub, Runtime Fabric, and hybrid).
-
Automated policies have priority over the same types of policies already applied to a specific API proxy.
For example, if an API proxy running Mule 4.1.2 has an IP Allowlist policy to allow only the IP range 192.168.100.0/22 (from 192.168.100.0 to 192.168.103.255), and a new IP Allowlist automated policy is created to only allow the IP range 192.168.100.14/24 (from 192.168.100.0 to 192.168.100.255) and is applied to all supported Mule versions (4.1.1 and above), then this latter automated policy prevails.
Note that in the above example, the IP range changed when the automated policy was applied.
Additionally, if there is an automated policy already applied, you cannot apply that specific type of policy as a provided policy in a specific API proxy.
-
As an administrator, you can apply policies specific to external identity providers (IdPs, such as OpenID) if the environment to which you want to apply policies includes them.
The policy is then enforced only on those APIs that have the same IdPs configured. For example, if you apply the PingFederate Access Token Enforcement policy, the policy is enforced on only those APIs that are configured to use PingFederate as the IdP.
Alerts cannot be added to API instances protected by automated policies. |