Expressions
Expressions are configured in the parameter exec_if_expr, which is located one level above config { }. These parameter used to configure logic defining if a valve should be executed or not based on runtime data, such as request parameter values.
Example
{
"name": "DumpState",
"exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",
"config": {}
}REQUEST
Example - Exec if request param equals with OR.
"exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",ITEM
Example - Exec if no items exist
"exec_if_expr": "state.items == null || state.items.isEmpty()"ITEM PROPERTY
Example - Exec if the item property iam_role exist, but the value is empty
"exec_if_expr": "items.length > 0 && items[0].iam_role == ''"Example - Exec if the item property iam_role exist with the value Admin
"exec_if_expr": "items.length > 0 && items[0].iam_role == 'Admin'"Example - Exec if the item property pwdLastSet exist
"exec_if_expr": "items[0].pwdLastSet"Example - Exec if the item property pwdLastSet is missing
"exec_if_expr": "!items[0].pwdLastSet"Example - Include items memberOf a specific group
"item_include_expr": "mv.containsAny(item.memberOf, 'CN=Group1,OU=Groups,DC=company,DC=local', true)",Combinations
Example - Exec if no items exist, the request property used_auth has the value frejaEidPlus and the request property co does not have the value SE.
"exec_if_expr": "items.length == 0 && request.used_auth == ('frejaEidPlus') && request.co != ('SE')"More details are found here
Last updated