Expressions

Expressions are configured in the parameter exec_if_expr, which is located one level above config { }. These parameter used to configure logic defining if a valve should be executed or not based on runtime data, such as request parameter values.

Example

{
    "name": "DumpState",
    "exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",
    "config": {}
}

REQUEST

Example - Exec if request param equals with OR.

"exec_if_expr": "request.used_auth == ('unpw') || request.used_auth == ('otp')",

ITEM

Example - Exec if no items exist

"exec_if_expr": "state.items == null || state.items.isEmpty()"

ITEM PROPERTY

Example - Exec if the item property iam_role exist, but the value is empty

"exec_if_expr": "items.length > 0 && items[0].iam_role == ''"

Example - Exec if the item property iam_role exist with the value Admin

"exec_if_expr": "items.length > 0 && items[0].iam_role == 'Admin'"

Example - Exec if the item property pwdLastSet exist

"exec_if_expr": "items[0].pwdLastSet"

Example - Exec if the item property pwdLastSet is missing

"exec_if_expr": "!items[0].pwdLastSet"

Example - Include items memberOf a specific group

"item_include_expr": "mv.containsAny(item.memberOf, 'CN=Group1,OU=Groups,DC=company,DC=local', true)",

More details are found here