Org - Expressions

Expressions are configured in the parameter exec_if_expr, which is located one level above config { }. These parameter used to configure logic defining if a valve should be executed or not based on runtime data, such as request parameter values.

Example

{
    "name": "DumpState",
    "exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",
    "config": {}
}

REQUEST

Example - Exec if request param equals with OR.

"exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",

ITEM

Example - Exec if no items exist

"exec_if_expr": "state.items == null || state.items.isEmpty()"

ITEM PROPERTY

Example - Exec if the item property iam_role exist, but the value is empty

"exec_if_expr": "items.length > 0 && items[0].iam_role == ''"

Example - Exec if the item property iam_role exist with the value Admin

"exec_if_expr": "items.length > 0 && items[0].iam_role == 'Admin'"

Example - Exec if the item property pwdLastSet exist

"exec_if_expr": "items[0].pwdLastSet"

Example - Exec if the item property pwdLastSet is missing

"exec_if_expr": "!items[0].pwdLastSet"

Example - Include items memberOf a specific group

"item_include_expr": "mv.containsAny(item.memberOf, 'CN=Group1,OU=Groups,DC=company,DC=local', true)",

Combinations

Example - Exec if no items exist, the request property used_auth has the value frejaEidPlus and the request property co does not have the value SE.

"exec_if_expr": "items.length == 0 && request.used_auth == ('frejaEidPlus') && request.co != ('SE')"

More details are found here

Expressions

PreviousItems to included (item_include_expr)NextDependency-Track - protect with eID MFA and SSO

Last updated 8 months ago

hashtagREQUEST

hashtagITEM

hashtagITEM PROPERTY

hashtagCombinations

hashtagMore details are found here

REQUEST

ITEM

ITEM PROPERTY

Combinations

More details are found here