Post
/api/2.0/building-blocks/{envId}/validation
Validate Building Blocks.
Notice
Accessing the Policy Management APIs is through a dedicated domain/URL, according to your PlainID Tenant Locationhttps://api.us1.plainid.iohttps://api.ca1.plainid.iohttps://api.eu1.plainid.ioUsing HTML Encoded Special Characters
Use HTML encoded patterns when working with values that contain special characters like spaces, dashes, etc. Refer to this HTML URL Encoding Reference for a full list.
Important note about headers
Refer to the headers below to modify your cURL sample. Check if the following headers are in the sample, if not, ensure you add it to your cURL sample before pasting into your API tool.
Headers
*Required
| Header | Value | cURL Line |
|---|---|---|
| Content-Type | text/plain;language=rego | -H "Content-Type:text/plain;language=rego" |
cURL Sample Guidelines
In order for the relevant parameters to appear in the cURL sample, you can input the values in the interactive API console on the right in the Try It or Code Sample tabs. You can then copy the cURL sample from the Code Sample tab in the correct format.
Security
HTTP
Type bearer
For more details about Administration API Authentication, check out the Authentication APIs documentation
Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123
Path parameters
envId
string (uuid) Required
The Environment ID can be found under the Details Tab in the Environment Settings.
Query parameters
filter[authWsId]
string (uuid)
Authorization Workspace ID. This can be found in your Authorization Workspace Settings under Workspace ID. *Required if identityWsId is not provided.
filter[identityWsId]
string (uuid)
Identity Workspace ID. *Required if authWsId is not provided.
extendedSchema
boolean
Toggle to enable or disable additional metadata in the response, like the Building Block id and description.
Defaulttrue
Body parameters
Dynamic Groups
package building_blocks
import rego.v1
# METADATA
# custom:
# plainid:
# kind: DynamicGroup
# name: dg1
# id: f28c17c2-caeb-4cf2-a549-02bf03fe4e17
# description: dg1
dynamic_group(identity) if {
identity.template == "idWs1"
identity["idAttr1"] == "test"
identity["idAttr1"] != "prod"
}
# METADATA
# custom:
# plainid:
# kind: DynamicGroup
# name: dg2
# id: 0a738db8-b669-4e33-a8db-97eee5d856d1
# description: dg2
dynamic_group(identity) if {
identity.template == "idWs1"
contains(identity["idAttr1"], "admin")
}
# METADATA
# custom:
# plainid:
# kind: DynamicGroup
# name: dg3
# id: 2539fb2b-c238-49cd-b6f0-65cf1aa65feb
# description: dg3
dynamic_group(identity) if {
identity.template == "idWs1"
identity["idAttr1"] != "stage"
}
# METADATA
# custom:
# plainid:
# kind: DynamicGroup
# name: idWs1 All Users
# id: 6de6071c-4d30-4a77-9e40-106dded2194e
# description: default dg
dynamic_group(identity) if {
identity.template == "idWs1"
}
RuleSets and Conditions
package building_blocks
import rego.v1
# METADATA
# custom:
# plainid:
# kind: Ruleset
# name: All Assets
# id: 69fedeb9-1a36-4e57-bd6c-3d22ccff1d06
# description: "Predefined Ruleset. All Assets contains all created assets defined in the Asset Type"
ruleset(asset, identity, requestParams, action) if {
asset.template == "at1"
}
# METADATA
# custom:
# plainid:
# kind: Ruleset
# name: rs1
# id: e9bc705a-cbdc-4f6f-9e4d-d7063bf9a791
# description: "RuleSet 1"
ruleset(asset, identity, requestParams, action) if {
asset.template == "at1"
asset["attr1"] == "doc"
}
# METADATA
# custom:
# plainid:
# kind: Ruleset
# name: rs2
# id: 43129fab-da16-423e-a267-9385a8610f51
# description: "Rule Set 2"
ruleset(asset, identity, requestParams, action) if {
asset.template == "at1"
identity.template == "idWs1"
contains(asset["attr1"], identity["idAttr1"])
}
# METADATA
# custom:
# plainid:
# kind: Ruleset
# name: rs3
# id: 5969938d-d579-409b-bae8-467281db8545
# description: "RuleSet 3"
ruleset(asset, identity, requestParams, action) if {
asset.template == "at1"
asset["attr1"] == "foo3"
}
# METADATA
# custom:
# plainid:
# kind: Condition IP
# name: c1
# id: fdee702c-2406-4608-bf58-a6d0791b6ed3
# description: "Cond 1"
condition_ip(env) if {
net.cidr_contains("10.0.0.0/10", env.sourceIp)
}
# METADATA
# custom:
# plainid:
# kind: Condition Identity
# name: c2
# id: 133875fb-bff2-46b1-b9ea-a6c25225ba6f
# description: "Cond 2"
condition_identity(identity) if {
identity.template == "idWs1"
startswith(identity["idAttr1"], "qa")
}
# METADATA
# custom:
# plainid:
# kind: Condition Request
# name: c3
# id: 2b37e468-a7ea-4039-ac35-5195da9f0b8a
# description: "Cond 3"
condition_request(requestParams, identity) if {
identity.template == "idWs1"
requestParams["role"] == identity["idAttr1"]
}
Generic Conditions
package building_blocks
import rego.v1
# METADATA
# custom:
# plainid:
# kind: Condition
# subKind: Country Codes
# name: Albania_Austria_Australia
condition(requestParams) if {
requestParams["CountryCode"] in ["Albania", "Austria", "Australia"]
}
# METADATA
# custom:
# plainid:
# kind: Condition
# subKind: Platforms
# name: Windows Only
condition(requestParams) if {
requestParams["Platform"] == "Windows"
}
string
Building Blocks as Rego code
Responses
200
successful operation
Headers
x-request-id
string
Valid
{
"data": {
"code": "package building_blocks\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: DynamicGroup\n# name: dg1\ndynamic_group(identity) if {\n identity.template == \"idWs1\"\n identity[\"idAttr1\"] == \"test\"\n}\n",
"validationErrors": null
}
}Valid with Generic Conditions
{
"data": {
"code": "package building_blocks\nimport rego.v1\n\n# METADATA\n# custom:\n# plainid:\n# kind: Condition\n# subKind: Country Codes\n# name: Albania_Austria_Australia\ncondition(requestParams) if {\n requestParams[\"CountryCode\"] in [\"Albania\", \"Austria\", \"Australia\"]\n}\n",
"validationErrors": null
}
}Invalid
{
"data": {
"validationErrors": [
{
"code": "PACV-001",
"id": "ERHCQC",
"name": "TemplateNotFound",
"message": "Template: [at1] not found in Environment: [ceef5853-1491-4d1c-ae52-2f2a1729b3a4], Hint: did yo mean [Claims]?",
"args": {
"0": "at1",
"1": "ceef5853-1491-4d1c-ae52-2f2a1729b3a4",
"2": "Claims"
},
"line": 1
}
]
}
}Invalid Generic Condition Errors
Invalid response with generic condition validation errors
{
"data": {
"validationErrors": [
{
"code": "PACV-064",
"id": "E1D4P1",
"name": "InvalidSubKindForApplication",
"message": "Invalid subKind [Invalid Condition Type] for application [2cb43115-a6c7-493a-86eb-427f5cff254f] given in rule annotation, Hint: valid subkind: [Country Codes]",
"args": {
"0": "Invalid Condition Type",
"1": "2cb43115-a6c7-493a-86eb-427f5cff254f",
"2": "Country Codes"
},
"line": 10
},
{
"code": "PACV-068",
"id": "ENJ1VJ",
"name": "ConditionKeyNotFoundInSchema",
"message": "Unable to identify [invalidKey]. Hint: Did you mean [CountryCode]?",
"args": {
"0": "invalidKey",
"1": "CountryCode"
},
"line": 13
}
]
}
}No SAAS Application for Generic Conditions
Error when workspace has no SAAS applications but Rego contains generic conditions
{
"errors": [
{
"code": "PACV-075",
"args": {
"0": "c5167aaf-c023-46a2-8262-3a5b103d69df"
},
"id": "EG7K2P",
"status": 400,
"name": "NoSaasApplicationForGenericConditions",
"message": "No SAAS applications found in workspace [c5167aaf-c023-46a2-8262-3a5b103d69df]; cannot process generic conditions in building blocks"
}
]
}object
data
object
code
string
Code
validationErrors
Array of object | null
object
code
string
id
string
name
string
message
string
line
integer
401
Unauthorized
Headers
x-request-id
string
422
Validation Failed - Invalid UUID
Headers
x-request-id
string
Invalid ID Format
{
"errors": [
{
"code": "V-032",
"args": {
"0": "ed252aa5-9d0c-4193-838-60bf20b13109",
"1": "uuid"
},
"id": "EEJQMA",
"status": 422,
"name": "UnprocessableEntityError",
"message": "$: test is an invalid uuid"
}
]
}object
errors
Array of object (Error)
object
code
string
id
string
status
integer
name
string
message
string
args
object
path
string