Concepts

Policy Structure

Expressions are used to programmatically generate dynamic values.

An expression can be any combination of literal values, contexts, or functions.

Expressions can be used anywhere in the policies and it uses Golang template syntax with delims ${, }

${ .Params.my_parameter }

See Contexts for more information

${ .Params.my_parameter | upper }

See Functions for more information

directory: ${ index (split .Params.path "/") 0 }

Condition is the main component in yapl policy and it is re-used everywhere in the policy.

Field	Type	Notes	Description
`field`	`string`	required	The json path of the field to evaluate.
`expr`	`string`	optional	Expression to evaluate. If provided condition will compare its value instead of `field`'s value.
`operator`	`string`	required	condition's operator. Available operators are here.
`value`	`any`	required	value to compare `field`'s or `expr`'s' value with.

The following example checks if field metadata.namespace is equals default or not.

field: metadata.namespace
operator: equal
value: default

To check a field in arrays you can use [<index>] to access the array index or use [*] to evaluate all items in the array

Check only first container

field: spec.containers[0].name
operator: hasPrefix
value: container-

Check all containers

field: spec.containers[*].name
operator: hasPrefix
value: container-

expr field can be used to do some changes to the value of the field before the condition evaluation. For example:

field: metadata.namespace
expr: ${ .Cond.Field.Value | upper }
operator: equal
value: DEFAUT

Logical condition combine the result of multiple conditions to produce a single result.

Logical operators and, or and not are used to define the relationship of conditions. Logical condition can has multiple levels.

  and:
  - < condition >
  - < condition >

  or:
  - < condition >
  - < condition >

  not:
    < condition >

  and:
  - < condition >
  - < condition >
  - or:
    - < condition >
    - < condition >
    - not:
        < condition >