Expressions
Expressions are configured in the parameter exec_if_expr, which is located one level above config { }. These parameter used to configure logic defining if a valve should be executed or not based on runtime data, such as request parameter values.
Example
{
"name": "DumpState",
"exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",
"config": {}
}
REQUEST
Example - Exec if request param equals with OR.
"exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",
ITEM
Example - Exec if no items exist
"exec_if_expr": "state.items == null || state.items.isEmpty()"
ITEM PROPERTY
Example - Exec if the item property iam_role exist, but the value is empty
"exec_if_expr": "items.length > 0 && items[0].iam_role == ''"
Example - Exec if the item property iam_role exist with the value Admin
"exec_if_expr": "items.length > 0 && items[0].iam_role == 'Admin'"
Example - Exec if the item property pwdLastSet exist
"exec_if_expr": "items[0].pwdLastSet"
Example - Exec if the item property pwdLastSet is missing
"exec_if_expr": "!items[0].pwdLastSet"
Example - Include items memberOf a specific group
"item_include_expr": "mv.containsAny(item.memberOf, 'CN=Group1,OU=Groups,DC=company,DC=local', true)",
Combinations
Example - Exec if no items exist, the request property used_auth
has the value frejaEidPlus
and the request property co
does not have the value SE
.
"exec_if_expr": "items.length == 0 && request.used_auth == ('frejaEidPlus') && request.co != ('SE')"
More details are found here
Last updated