Policy Condition
Table of contents
PolicyCondition represents an entity that applies defined operation over provided Policy Variables and returns a Boolean or null. Boolean is returned if input variables are valid and compliant with selected operation and if operation is run successfully.
It is defined by IPolicyCondition interface, which has the following fields:
| field | type | cardinality | description |
|---|---|---|---|
| negateResult | Boolean | optional | Flag that indicates if the result of the Condition should be negated (true becomes false and false becomes true). If result is null, negation is not applied. Default value is false |
IPolicyCondition interface implements IManaged interface. The IPolicyCondition interface has three implementations:
PolicyConditionAtomic
This entity represents atomic Policy condition in the Policy engine. It runs selected operation over provided input variables and returns result
| field | type | cardinality | description |
|---|---|---|---|
| operation | OperationEnum | mandatory | Logical operation in condition |
| args | IPolicyVariableRefOrValue[] | mandatory | List of input PolicyVariables |
| stringIgnoreCase | Boolean | optional | Flag that determines should String operations ignore case. Default value is false |
| fieldsStrictCheck | Boolean | optional | Flag that determines should Object operations* do a strict field check by setting CompareMode.JSON_OBJECT_NON_EXTENSIBLE and CompareMode.JSON_ARRAY_NON_EXTENSIBLE flags. Default value is false |
| arrayOrderStrictCheck | Boolean | optional | should Array operations* do a strict item position check by setting CompareMode.JSON_ARRAY_STRICT_ORDER flag. Default value is false |
- Object and Array JSON operations are executed using JSON Compare library
check() method of PolicyConditionAtomic entity returns Boolean result or null. If PolicyConditionAtomic is managed, then result of operation will be cached. If any input parameter is not resolved, method will return null as a result. If any input parameter is not compliant with selected operation, method will return null as a result.
Supported PolicyConditionAtomic operations
| operation | first parameter | second parameter | description |
|---|---|---|---|
| Equals | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal * Boolean * JSON * JsonArray * JsonObject * Array | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal * Boolean * JSON * JsonArray * JsonObject * Array | Compares parameters to check if first parameter is equal to the second parameter. Smart cast is applied on the second parameter. Unknown and null runtime values are not supported. JSON, JsonObject, JsonArray and Array (cast to JsonArray using options provided Jackson mapper valueToTree() method) are compared using JSON Compare library. |
| GreaterThan | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | Compares parameters to check if first parameter is greater than the second parameter. Smart cast is applied on the second parameter. |
| GreaterThanEqual | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | Compares parameters to check if first parameter is greater or equal to the second parameter. Smart cast is applied on the second parameter. |
| LessThan | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | Compares parameters to check if first parameter is lesser than the second parameter. Smart cast is applied on the second parameter. |
| LessThanEqual | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | * String * Date * DateTime * Time * Period * Duration * Long * Int * Double * Float * BigDecimal | Compares parameters to check if first parameter is lesser or equal to the second parameter. Smart cast is applied on the second parameter. |
| IsNull | * Any | X | Checks if runtime value is null |
| IsNotNull | * Any | X | Checks if runtime value is not null |
| IsBlank | * String | X | Checks if String is blank |
| IsNotBlank | * String | X | Checks if String is not blank |
| IsEmpty | * String * JSON * JsonArray * Array | X | Checks if String or Array is empty |
| IsNotEmpty | * String * JSON * JsonArray * Array | X | Checks if String or Array is not empty |
| StartsWith | * String * JsonArray * Array | * Any | Checks if String or Array starts with specific string or item. In case of an array, first item is compared with second argument using Equals operation. Smart cast to String is applied on the second parameter if first parameter is String. |
| EndsWith | * String * JsonArray * Array | * Any | Checks if String or Array ends with specific string or item. In case of an array, last item is compared with second argument using Equals operation. Smart cast to String is applied on the second parameter if first parameter is String. |
| Contains | * String * JsonArray * Array | * Any | Checks if String or Array contains specific string or item. In case of an array, any() kotlin method is applied to check if there is at least one item that is Equal to second argument. Smart cast to String is applied on the second parameter if first parameter is String. |
| IsIn | * Any | * String * JsonArray * Array | Checks if String or item is in another string or array. This method under the hood invokes Contains method logic, but with switched parameters. In case of an array, any() kotlin method is applied to check if there is at least one item that is Equal to first argument. Smart cast to String is applied on the first parameter if second parameter is String. |
| IsPositive | * Int * Long * Double * Float * BigDecimal * Period * Duration | X | Checks if numerical or duration value is positive. |
| IsNegative | * Int * Long * Double * Float * BigDecimal * Period * Duration | X | Checks if numerical or duration value is negative. |
| IsZero | * Int * Long * Double * Float * BigDecimal * Period * Duration | X | Checks if numerical or duration value is equal to 0. |
| IsFuture | * DateTime * Date * Time | X | Checks if temporal value is in the future. Comparison is done with currentDateTime, currentDate and currentTime environment store values or from provided options clock parameter. |
| IsPast | * DateTime * Date * Time | X | Checks if temporal value is in the past. Comparison is done with currentDateTime, currentDate and currentTime environment store values or from provided options clock parameter. |
| RegexpMatch | * Any | * String | Checks if first parameter is matching Regex provided in second parameter. First value is cast to String. |
| SchemaMatch | * Any | * String * JsonObject | Checks if first parameter is matching JSONSchema provided in second parameter. First value is cast to String. Schema matching is executed using Vert.x Json Schema library |
| IsUnique | * JsonArray * Array | X | Checks if Array has unique elements. Comparison is done by comparing size of provided Array and same Array with distinct parameters. |
| HasKey | * JsonObject | * String | Checks Object provided in first argument contains key provided in second argument. |
Examples
Minimal PolicyConditionAtomic
{
"operation": "GreaterThan",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
},
{
"type": "int",
"value": 42
}
]
}
Minimal PolicyConditionAtomic with unary operation
{
"operation": "IsBlank",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
}
]
}
PolicyConditionAtomic with params
{
"operation": "Equals",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
},
{
"type": "string",
"value": "fooBar"
}
],
"stringIgnoreCase": true
}
Managed PolicyConditionAtomic
{
"id": "polCond1",
"version": "1.2.3",
"description": "This is a managed PolicyConditionAtomic",
"labels": [
"label1"
],
"operation": "Equals",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
},
{
"type": "string",
"value": "fooBar"
}
],
"stringIgnoreCase": true
}
Smart casting
Engine can cast second argument to the type of first argument if they are compliant with following rules:
| target type | sourceType |
|---|---|
| String | * Boolean * Date - using options.dateFormatter * DateTime - using options.dateTimeFormatter * Time - using options.timeFormatter * Period * Duration * Long * Int * Double * Float * BigDecimal * JSON - using options.objectMapper * JsonObject - using options.objectMapper * JsonArray - using options.objectMapper * Array - using options.objectMapper |
| Date | * String - using options.dateFormatter * DateTime - using kotlin toLocaldate() method * JSON - using options.objectMapper and then options.dateFormatter |
| DateTime | * String - using options.dateTimeFormatter * Date - using kotlin OffsetDateTime().atStartOfDay().atZone(options.zoneId) method * JSON - using options.objectMapper and then options.dateTimeFormatter |
| Time | * String - using options.timeFormatter * DateTime - using kotlin OffsetDateTime().toLocalTime() method * JSON - using options.objectMapper and then options.timeFormatter |
| Period | * String - using Period.parse() * Duration - using Period.ofDays($duration.toDays().toInt()) * JSON - using options.objectMapper and then Period.parse() |
| Duration | * String - using Duration.parse() * JSON - using options.objectMapper and then Duration.parse() |
| Long | * String * Int * Double * Float * BigDecimal * JSON - using options.objectMapper |
| Int | * String * Long * Double * Float * BigDecimal * JSON - using options.objectMapper |
| Double | * String * Long * Int * Float * BigDecimal * JSON - using options.objectMapper |
| Float | * String * Long * Int * Double * BigDecimal * JSON - using options.objectMapper |
| BigDecimal | * String * Long * Int * Double * Float * JSON - using options.objectMapper |
| Boolean | * String * JSON - using options.objectMapper |
| JSON | * JsonObject * JsonArray * Null - cast to NullNode() |
| JsonObject | * String - only if it is valid JSON Object * JSON - only if it is valid JSON Object |
| JsonArray | * String - only if it is valid JSON Array * JSON - only if it is valid JSON Array * Array - only if it is valid JSON Array |
PolicyConditionComposite
This entity represents combination of other Policy Conditions (atomic, composite or references). It calculates result based on condition combination logic.
| field | type | cardinality | description |
|---|---|---|---|
| conditionCombinationLogic | ConditionCombinationLogicEnum | mandatory | Combination operation in composite PolicyCondition |
| conditions | IPolicyConditionRefOrValue[] | mandatory | List of PolicyConditions (embedded), PolicyConditionRefs (managed) or DefaultPolicyConditions |
| minimumConditions | Int | optional* | Minimal number of conditions in nOf ConditionCombinationlogic that must resolve to true. Mandatory parameter only in that case, ignored in other cases. |
| optimizeNOfRun | Boolean | optional | should nOf calculation run through all conditions in case when result true cannot be achieved. For example, if there are 5 conditions in a list, minimumConditions is set to 3 and first three conditions resolve to combination of 2 false and 1 null result. Result true thus cannot be achieved, even if other conditions resolve to true. Optimized run will stop on 3rd execution and return null. Non optimized run will check all 5 conditions and return either null or false, depending on all results. In some cases, optimized run could return null instead of false. Default value is false |
| strictCheck | Boolean | optional | should allOf and anyOf return null if there is at least one null result and no positive results. Default value is true. |
check() method of PolicyConditionComposite entity returns Boolean result or null. If PolicyConditionComposite is managed, then result of operation will be cached. List of conditions must contain at least one condition. In case of not logic, number of conditions must be exactly 1.
ConditionCombinationLogic
not
It runs first (and only) condition from the conditions list and negates the result (if result is not null). Same effect can be achieved by setting negateResult flag to true in the underlying condition, but this logic is added in scenarios when that is not possible.
anyOf
Returns true if any of the conditions in the conditions list resolves to true. It will run in optimized manner, when there is first true result, it will stop processing other conditions. Conditions are processed sequentially, in order they are listed.
If there is no true result, then final result depend on strictCheck flag. If strictCheck flag is set to true, and there is at least one null result, final result will be null. If that flag is not set, final result will be false. If all conditions resolved to false, final result will be false and strictCheck flag is ignored.
allOf
Returns true if all the conditions in the conditions list resolves to true. It will run in optimized manner, when there is first false result, it will stop processing other conditions and return false. Conditions are processed sequentially, in order they are listed.
If there is no false result, then final result depend on strictCheck flag. If strictCheck flag is set to true, and there is at least one null result, final result will be null. If that flag is not set, final result will be true. If all conditions resolved to true, final result will be true and strictCheck flag is ignored.
nOf
Returns true if at least minimumConditions from the conditions list resolves to true. It will run in optimized manner, when count of positive result reaches minimumConditions value, it will stop processing other conditions and return true. Conditions are processed sequentially, in order they are listed. Number of conditions in the conditions list must be equal or higher than minimumConditions value.
If there are more false results than conditions.size() - minimumConditions, final result will be false. If there are more null results than conditions.size() - minimumConditions, final result will be null.
If optimizeNOfRun flag is set to true, and sum of null and false results is higher than conditions.size() - minimumConditions, final result will be null and processing will stop. If that flag is not set, processing will continue and final result will depend on upper rules.
Examples
PolicyConditionComposite not logic
{
"conditionCombinationLogic": "not",
"conditions": [
{
"operation": "IsBlank",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
}
]
}
]
}
PolicyConditionComposite allOf logic
{
"conditionCombinationLogic": "allOf",
"conditions": [
{
"operation": "IsBlank",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
}
]
},
{
"id": "polCond1",
"refType": "PolicyConditionRef"
}
],
"strictCheck": false
}
PolicyConditionComposite anyOf logic
{
"conditionCombinationLogic": "anyOf",
"conditions": [
{
"operation": "IsBlank",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
}
]
},
{
"id": "polCond1",
"refType": "PolicyConditionRef"
},
{
"default": true
}
]
}
PolicyConditionComposite nOf logic
{
"conditionCombinationLogic": "nOf",
"conditions": [
{
"operation": "IsBlank",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
}
]
},
{
"operation": "IsEmpty",
"args": [
{
"id": "polVar2",
"refType": "PolicyVariableRef"
}
]
},
{
"id": "polCond1",
"refType": "PolicyConditionRef"
}
],
"minimumConditions": 2,
"optimizeNOfRun": false
}
Managed PolicyConditionComposite
{
"id": "polCond1",
"version": "1.2.3",
"description": "This is a managed PolicyConditionComposite",
"labels": [
"label1"
],
"conditionCombinationLogic": "not",
"conditions": [
{
"operation": "IsBlank",
"args": [
{
"id": "polVar1",
"refType": "PolicyVariableRef"
}
]
}
]
}
PolicyConditionDefault
Represents a default policy condition that always returns a specified boolean value or null. It can be used as a fallback PolicyCondition or in tests. As result is static, it is not cached. It can be used as embedded or as a reference, where id in such reference is one of the following:
$true$false$null
| field | type | cardinality | description |
|---|---|---|---|
| default | Boolean | optional | Static Boolean result value or null. Default value is null. |
Null PolicyConditionDefault
{
"default": null
}
True PolicyConditionDefault
{
"default": true
}
False PolicyConditionDefault
{
"default": false
}
PolicyConditionRef to PolicyConditionDefault true
{
"id": "$true",
"refType": "PolicyConditionRef"
}
PolicyConditionRef
PolicyConditionRef is entity that references a PolicyCondition (atomic, composite or default). It contains following fields:
| field | type | cardinality | description |
|---|---|---|---|
| id | String | mandatory | id of the managed PolicyCondition |
| version | String | optional | SemVer of the referenced PolicyCondition. If it is left blank, latest version of a PolicyCondition will be populated |
| refType | String | mandatory | discriminator that is used when deserializing catalog from JSON file. It has constant value of PolicyConditionRef |
Policy constraints
Policy constraints are nothing more than PolicyConditions that are used to check if a Policy, PolicyRelationship and PolicyActionRelationship is applicable to a given context.
If they are resolved to true:
- Policy is evaluated
- Child Policy in PolicySet is evaluated
- PolicyAction in Policy is executed
If they are resolved to false, Policy evaluation or PolicyAction execution is skipped.
If they are resolved to null, appropriate flag is determining what should be the case. This is explained in details on Policy page.