Create a policy
A policy is a set of rules that determine whether an approval action should be approved, denied, or require manual review. Each policy consists of a set of conditions that are evaluated when an action is triggered.
To create a policy, send a POST request to the policy creation endpoint. In this request, the conditions object defines the rules for evaluating the approval action.
Example request for a service action
curl -L 'https://api.nullplatform.com/approval/policy' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"nrn": "organization=1",
"name": "Acme service rules",
"conditions": {
"service.name": {
"$dynamicPattern": {
"template": "^{application}-[a-zA-Z0-9_-]+$",
"fields": {
"application": {
"path": "tags.application"
}
}
}
}
}
}
nrn: he NRN of the resource where the policy applies.name: A descriptive name for your policy.conditions: Defines the rule that must be met for the policy to pass. In this example;service.namemust follow a dynamic naming pattern.- The pattern requires the service name to start with the application name, followed by any combination of letters, numbers, underscores (
_), or hyphens (-). - The application name is dynamically extracted from
tags.applicationin the request data.
This policy enforces naming consistency by ensuring that services created within an application use a standardized prefix matching the application's name.
Example request for a scope
Just to give you another example. If you'd like to create a policy with conditions that control how scopes are created, you can follow an example like the following:
curl -L 'https://api.nullplatform.com/approval/policy' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"nrn": "organization=1",
"name": "Dev scopes rules",
"conditions": {
"scope.requested_spec.memory_in_gb": { "$lte": 4 },
"scope.capabilities.scheduled_stop.enabled": true
}
}
nrn– The NRN of the resource where the policy applies.name– A descriptive name for your policy.conditions– Defines the rules for when this policy applies. In this example,- The requested memory in gigabytes is less than or equal to 4.
- The scheduled stop capability is enabled.
Example response
You'll get a response like this:
{
"id": 12345, // Save the policy ID for the next steps
"nrn": "organization=1",
"name": "Acme service rules",
"conditions": {
"service.name": {
"$dynamicPattern": {
"template": "^{application}-[a-zA-Z0-9_-]+$",
"fields": {
"application": {
"path": "tags.application"
}
}
}
}
}
}
This response indicates that the policy has been created.
The id field contains the unique policy ID. Be sure to save it, as you'll need it in the next steps.
What's next
Now that the policy is created, the next step is to link it to the approval action so it can be evaluated. Learn more about how to associate a policy with an action here.