Validate Building Blocks.
Notice
Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Locationhttps://api.us1.plainid.iohttps://api.ca1.plainid.iohttps://api.eu1.plainid.ioUsing HTML Encoded Special Characters
Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.
Important note about headers
Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.
Headers
*Required
| Header | Value | cURL Line |
|---|---|---|
| Content-Type | text/plain;language=rego | -H "Content-Type:text/plain;language=rego" |
cURL Sample Guidelines
In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right. They will then appear in the cURL sample on the bottom of the page in the correct format.
For more details about Administration API Authentication, check out the Authentication APIs documentation. Provide your bearer token in the Authorization header when making requests to protected resources. Example: Authorization: Bearer 123
The Environment ID can be found under the Details tab in the Environment Settings.
Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID. *Required if identityWsId is not provided.
Identity Workspace ID. *Required if authWsId is not provided.
Toggle to enable or disable additional metadata in the response, like the Building Block id and description.
"package building_blocks\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg1\n# id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17\n# description: dg1\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] == \"test\"\n identity[\"idAttr1\"] != \"prod\"\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg2\n# id: 0a738db8-b669-4e33-a8db-97eee5d856d1\n# description: dg2\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n contains(identity[\"idAttr1\"], \"admin\")\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg3\n# id: 2539fb2b-c238-49cd-b6f0-65cf1aa65feb\n# description: dg3\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] != \"stage\"\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: idWs1 All Users\n# id: 6de6071c-4d30-4a77-9e40-106dded2194e\n# description: default dg\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n}\n""package building_blocks\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: Ruleset\n# name: All Assets\n# id: 69fedeb9-1a36-4e57-bd6c-3d22ccff1d06\n# description: \"Predefined Ruleset. All Assets contains all created assets defined in the Asset Type\"\nruleset(asset, identity, requestParams, action) if {\n asset.template == \"at1\"\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: Ruleset\n# name: rs1\n# id: e9bc705a-cbdc-4f6f-9e4d-d7063bf9a791\n# description: \"RuleSet 1\"\nruleset(asset, identity, requestParams, action) if {\n asset.template == \"at1\"\n asset[\"attr1\"] == \"doc\"\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: Ruleset\n# name: rs2\n# id: 43129fab-da16-423e-a267-9385a8610f51\n# description: \"Rule Set 2\"\nruleset(asset, identity, requestParams, action) if {\n asset.template == \"at1\"\n identity.template == \"idWs1\"\n contains(asset[\"attr1\"], identity[\"idAttr1\"])\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: Ruleset\n# name: rs3\n# id: 5969938d-d579-409b-bae8-467281db8545\n# description: \"RuleSet 3\"\nruleset(asset, identity, requestParams, action) if {\n asset.template == \"at1\"\n asset[\"attr1\"] == \"foo3\"\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: Condition IP\n# name: c1\n# id: fdee702c-2406-4608-bf58-a6d0791b6ed3\n# description: \"Cond 1\"\ncondition_ip(env) if {\n net.cidr_contains(\"10.0.0.0/10\", env.sourceIp)\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: Condition Identity\n# name: c2\n# id: 133875fb-bff2-46b1-b9ea-a6c25225ba6f\n# description: \"Cond 2\"\ncondition_identity(identity) if {\n identity.template == \"idWs1\"\n startswith(identity[\"idAttr1\"], \"qa\")\n}\n\n# METADATA\n# custom:\n# plainid:\n# kind: Condition Request\n# name: c3\n# id: 2b37e468-a7ea-4039-ac35-5195da9f0b8a\n# description: \"Cond 3\"\ncondition_request(requestParams, identity) if {\n identity.template == \"idWs1\"\n requestParams[\"role\"] == identity[\"idAttr1\"]\n}\n"Building Blocks as Rego code
successful operation
{
"data": {
"code": "package building_blocks\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg1\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] == \"test\"\n}\n",
"validationErrors": null
}
}{
"data": {
"validationErrors": [
{
"code": "PACV-001",
"id": "ERHCQC",
"name": "TemplateNotFound",
"message": "Template: [at1] not found in Environment: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4], Hint: did yo mean [Claims]?",
"args": {
"0": "at1",
"1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4",
"2": "Claims"
},
"line": 1
}
]
}
}Code
Unauthorized
Validation Failed - Invalid UUID
{
"errors": [
{
"code": "V-032",
"args": {
"0": "ed252aa5-9d0c-4193-838-60bf20b13109",
"1": "uuid"
},
"id": "EEJQMA",
"status": 422,
"name": "UnprocessableEntityError",
"message": "$: test is an invalid uuid"
}
]
}