Contents x
    Validate Policy
    • 12 Dec 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Validate Policy

    • Updated on 12 Dec 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Post
    /api/1.0/policies/{envId}/validation

    This API allows you to validate the structured Rego Policy before you create it.

    Notice

    Accessing the Policy Management APIs is through a dedicated domain/URL according to your PlainID Tenant Location:
    https://api.{REGION}.plainid.io

    United States (US) - https://api.us1.plainid.io
    Canada (US) - https://api.ca1.plainid.io
    Europe (US) - https://api.eu1.plainid.io

    Replace{REGION} with your PlainID Tenant region (e.g. us1, eu1, ca1, etc.).


    Security
    Http
    Type bearer
    For more details about Management API Authentication, check out the Management APIs Authentication Article
    Provide your bearer token in the Authorization header when making requests to protected resources.
    Example: `Authorization: Bearer 123`
    Path parameters
    envId
    stringRequired

    The Environment ID can be found under the Details tab in the Environment Settings.

    Body parameters
    Valid Request Structure
    {
  "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
  "language": "rego",
  "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
}
    Single Validation Error - `identity.template` does not exist
    {
  "policyCode": "# METADATA\n# custom:\n#   plainid:\n#     policyId: PaC1\n#     name: Manage consumers accounts in branch\n#     description: Tellers, Senior Tellers, Branch Managers can manage private consumer accounts in their own branch only during business hours\n#     accessType: Allow\npackage policy\nimport future.keywords\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: BranchManager\ndynamic_group(identity){\n\tidentity.template == \"Usr\"\n\tidentity[\"User_Type\"] == \"internal\"\n\tidentity[\"title\"] == \"branch manager\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: SeniorTeller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"title\"] == \"Senior Teller\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: DynamicGroup\n#     name: Teller\ndynamic_group(identity){\n\tidentity.template == \"User\"\n\tidentity[\"User_Type\"] == \"Internal\"\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Ruleset\n#     name: Private consumer bank accounts managed in the user branch\nruleset(asset, identity){\n\tasset.template == \"Bank Accounts\"\n\tidentity.template == \"User\"\n\tasset[\"account_type\"] == \"private\"\n\tasset[\"account_branch\"] == identity[\"User_Branch\"]\n}\n\n# METADATA\n# custom:\n#   plainid:\n#     kind: Action\naction(asset){\n\tasset.template == \"Bank Accounts\"\n\tasset.action in [\"Manage\",\"View\"]\n}",
  "language": "rego",
  "authWsId": "57fd3c41-fada-41a9-b5ab-fad1133f1e63"
}
    object
    policyCode
    string Required

    Policy Rego Code - Structured Rego

    language
    string Required

    Policy Language

    authWsId
    string Required

    The Authorization Workspace ID. Workspace id can be found in Workspace Settings > Details tab

    Responses
    200

    Success

    Headers
    x-request-id
    string
    Validation Success - No Errors Found
    {
  "data": {
    "policyId": "PaC1",
    "action": "UPDATE",
    "validationErrors": null,
    "isPolicyCompleted": true
  }
}
    Validation Success - Errors Identified
    {
  "data": {
    "policyId": "PaC1",
    "action": "UPDATE",
    "validationErrors": [
      {
        "code": "PACV-009",
        "id": "E1D4P1",
        "name": "RulesetAttributeKeyNotDefinedInTemplate",
        "message": "Unable to identify Attribute Key [tile] in the Template rule [User]. Hint: Did you mean [uid,department,Userid,groups,title,User_Type,User_Branch,Membership_Type,First_Name,Last_Name]?",
        "line": 17
      },
      {
        "code": "PACV-012",
        "id": "ENJ1VJ",
        "name": "DynamicGroupRuleAttributeOperatorDoesNotCorrespondToAttributeSettings",
        "message": "Operator [EQUALS] used in rule expression is not valid for Attribute settings. Hint: Attribute type is set as [].",
        "line": 17
      }
    ],
    "isPolicyCompleted": true
  }
}
    Expand All
    object
    data
    object
    policyId
    string
    action
    string
    validationErrors
    Array of object
    object
    code
    string
    id
    string
    name
    string
    message
    string
    line
    integer
    isPolicyCompleted
    boolean
    401

    Unauthorized

    Headers
    x-request-id
    string
    422

    Validation Failed - Invalid UUID

    Headers
    x-request-id
    string
    Invalid ID Format
    {
  "errors": [
    {
      "code": "V-032",
      "args": {
        "0": "ed252aa5-9d0c-4193-838-60bf20b13109",
        "1": "uuid"
      },
      "id": "EEJQMA",
      "status": 422,
      "name": "UnprocessableEntityError",
      "message": "$: ed252aa5-9d0c-4193-838-60bf20b13109 is an invalid uuid"
    }
  ]
}
    Expand All
    object
    errors
    Array of object
    object
    code
    string
    args
    object
    0
    string
    1
    string
    id
    string
    status
    integer
    name
    string
    message
    string
    Was this article helpful?
    What's Next