Authorization Policies Defined
istio.authorization-policies-defined
Requires at least one AuthorizationPolicy in the mesh. mTLS authenticates workloads but does not authorize them — without an AuthorizationPolicy every authenticated workload can call every other. Establishes a zero-trust authz baseline.
Compatible Integrations
This guardrail works with the following integrations. Click to see how to use Authorization Policies Defined with each collector.
Enable This Guardrail
Add the parent policy to your lunar-config.yml to enable this guardrail.
policies:
- uses: github://earthly/lunar-lib/policies/istio@v1.0.5
include: [authorization-policies-defined]
# with: ...
How This Guardrail Works
This guardrail is part of the Istio Guardrails policy. It evaluates data collected by integrations and produces a pass/fail check with actionable feedback.
When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement of your engineering standards.
Learn How Lunar Works →Configuration Options
These inputs can be configured in your lunar-config.yml to customize
how the parent policy (and this guardrail) behaves.
| Input | Required | Default | Description |
|---|---|---|---|
required_mtls_mode
|
Optional |
STRICT
|
Required mesh-wide mTLS mode for the mtls-strict check (STRICT or PERMISSIVE) |
Istio Guardrails
This guardrail is part of the Istio Guardrails policy, which includes 7 guardrails for deployment and infrastructure.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 200+ built-in guardrails.