Policies

What is a policy?

At nullplatform, we allow finer control over the lifecycle of certain entities through approvals. Approvals can be governed by policies, which are configurable business rules that users can set up for their approval actions.

A policy is an entity that specifies the conditions under which certain actions are approved, denied, or will require review. The conditions are written using MongoDB syntax, allowing users to leverage MongoDB operators to create complex conditionalities. Here is an example of a policy:

{
  "nrn": "organization=1:account=2:namespace=3:application=4",
  "name": "Prod Deployments should have high coverage, minimal vulnerabilities and autoscaling",
  "conditions": {
    "build.metadata.coverage": {
      "$gte": 80
    },
    "build.metadata.security.issues": { "$lte": 4 },
    "scope.capabilities.auto_scaling": true,
    "$or": [
      { "scope.dimensions.environment": "dev" },
      { "scope.dimensions.environment": "œa" }
    ]
  }
}

Available Entities for Policy Configuration

The following entities are available when configuring your policies, this means, you can use the data related to any of the specified entities depending on the action of the approval:

• deployment:create: deployment, scope, release, build, application, namespace, account, organization
• scope:create: scope, application, namespace, account, organization
• scope:write: scope, application, namespace, account, organization
• scope:delete: scope, application, namespace, account, organization
• scope:stop: scope, application, namespace, account, organization

Each of these entities comes with user metadata, which can be loaded using our API. This metadata can be used to create more precise and contextual policies, ensuring that approvals are based on comprehensive and relevant data.