Skip to main content

Associate a policy with an action

Linking a policy to an approval action

Next, let's link the newly created policy to the approval action so that when a policy is evaluated against an approval action, each condition is checked.

To do this, you'll need to send a POST request to associate the policy with the action.

In the request, you'll need to send through:

  • the approval action ID as a path parameter (e.g.,98765).
  • the policy ID in the request body (e.g., 12345).

Example request

POST - Associate policy with action
curl -L 'https://api.nullplatform.com/approval/action/98765/policy' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
  "policy_id": 12345
}'

A successful response (200 OK) confirms the association.

How policy evaluation works

How policy evaluation works Once you've linked your policy to an approval action, nullplatform evaluates it against relevant entity data. Each condition in the policy is checked against real-time metadata to determine whether the approval should proceed.

Below is an example of how this evaluation process works in practice.

Policy evaluation example
{
    "id": 12345,
    "name": "Enforce coverage, security, and scaling for deployments",
    "conditions": {
        "build.metadata.coverage": { "$gte": 80 },
        "build.metadata.security.issues": { "$lte": 4 },
        "scope.capabilities.auto_scaling": true,
        "$or": [
            { "scope.dimensions.environment": "dev" },
            { "scope.dimensions.environment": "qa" }
        ]
    },
    "evaluations": [
        {
            "criteria": {
                "build.metadata.coverage": { "$gte": 80 }
            },
            "result": "met"
        },
        {
            "criteria": {
                "build.metadata.security.issues": { "$lte": 4 }
            },
            "result": "not_met"
        },
        {
            "criteria": {
                "scope.capabilities.auto_scaling": true
            },
            "result": "met"
        },
        {
            "criteria": {
                "$or": [
                    { "scope.dimensions.environment": "dev" },
                    { "scope.dimensions.environment": "qa" }
                ]
            },
            "result": "met"
        }
    ],
    "passed": false
}

What's evaluated here:

  • Coverage (≥ 80%) → "met" → The condition was satisfied.
  • Security issues (≤ 4) → "not_met" → The condition was not met (perhaps there were more than 4 security issues).
  • Auto-scaling enabled → "met" → The resource supports auto-scaling.
  • Environment (dev or qa) → "met" → The deployment was in "dev" or "qa".

Since at least one condition was not met, the overall policy evaluation failed ("passed": false).