Cloud Config uses custom condition rules as one of the ways to deploy and implement rules. A custom condition rule consists of multiple basic elements such as Resource, Condition, and DryRun.
Condition is a key element of a custom condition rule. It consists of condition clauses. Multiple clauses can be combined by using the logical AND operator and logical OR operator to form a more complex logical structure. A group of clauses concatenated by logical operators is called a condition group. A clause is the essence of a condition group and consists of the elements featurePath, operator, and desired.
Element | Required | Description |
Yes | The resource characteristic. The property of a resource or the related source characteristic of a resource is described by using JSONPath. For example, the property of the resource status is Status, and the characteristic description is | |
Yes | The source of the resource characteristic. | |
Yes | The conditional operator. | |
No | The unary operator. The element desired can be left empty. An example operator is IsStringEmpty. |
featurePath
Policies support the JSONPath format. When you create or update policies, Cloud Config checks whether the policies meet JSONPath syntax standards. You can also use third-party JSONPath validators and editors to check whether the policies meet JSONPath syntax standards. For more information about JSONPath syntax standards, see JSONPath.
JSONPath | Description |
$ | The root object or element. |
@ | The current object or element. |
. or [] | The child operator. |
.. | The recursive descent. JSONPath borrows this syntax from E4X. |
* | The wildcard. All objects or elements regardless of their names. |
[] | The subscript operator. XPath uses it to iterate over element collections and for predicates. In Javascript and JSON, it is the native array operator. |
[,] | The Union operator in XPath results in a combination of node sets. JSONPath allows alternate names or array indices as a set. |
[start:end:step] | The array slice operator borrowed from ES4. |
?() | Applies a filter (script) expression. |
() | The script expression, using the underlying script engine. |
Example 1: The status characteristic of ACS::ECS::Instance is
$.Status, the type is determined as String, and an operator of the String type is recommended.Example 2: The tag characteristic of ACS::ECS::Instance is
$.Tags[*].TagKey, and the result is Array.Example 3: The permission configuration characteristic of ACS::ECS::SecurityGroup is
$.Permissions.Permission[?(@.Policy=='Accept')][?(@.IpProtocol=='TCP' || @.IpProtocol=='UDP')][?(@.SourceCidrIp=='0.0.0.0/0')].PortRange. This indicates that the system allows entries where the protocol is TCP or UDP, the source IP address is any IP address of a port, and the port range can be configured whether to include 22, 3389, and other ports.{ "featureSource": "CONFIGURATION", "desired": "21/21,22/22,23/23,3389/3389,445/445,-1/-1", "children": [], "operator": "ExcludeAll", "featurePath": "$.Permissions.Permission[?(@.Policy=='Accept')][?(@.IpProtocol=='TCP' || @.IpProtocol=='UDP')][?(@.SourceCidrIp=='0.0.0.0/0')].PortRange" }
featureSource
The source of the resource characteristic.
CONFIGURATION (default value): the configuration of the resource property. If the element featureSource is left empty, the system still performs processing based on the resource property.
RESOURCE_RELATIONSHIP_${targetResourceType}: resource relationship, such asRESOURCE_RELATIONSHIP_ACS::ECS::DISK.
operator
Operators include logical operators and calculation operators. Logical operators include the logical AND operator and the logical OR operator. The following table describes the calculation operators.
Operator | Description |
SizeLess | The number of array elements is less than. |
DistinctSizeGreater | The number of elements after deduplication is greater than. |
AllGreaterOrEquals | All elements are greater than or equal to. |
InAllItem | All elements contain. |
AllLessOrEquals | All elements are less than or equal to. |
AllGreater | All elements are greater than. |
SizeGreater | The number of array elements is greater than. |
NotContainsIP | The array does not contain the specified IP address. |
ContainsIP | The array contains the specified IP address. |
ContainsAny | The array does not contain any objects in the destination array. |
NotContainsNull | The array does not contain empty elements. |
NotContainsInternetCidr | Not contain public CIDR blocks. |
IsNotEmpty | Not empty. |
AllIn | All exist. |
IsEmpty | Empty. |
ExcludeAll | Exclude all. |
ContainsAll | Contain all. |
NotIn | Not exist. |
In | Exist. |
NotContains | Not contain. |
Contains | Contain. |
NotBase64Contains | Not contain. |
Base64Contains | Contain. |
NotBoolEquals | Not equal to. |
BoolEquals | Equal to. |
NotEquals | Not equal to. |
Equals | Equal to. |
LessOrEquals | Less than or equal to. |
Less | Less than. |
Greater | Greater than. |
GreaterOrEquals | Greater than or equal to. |
StringItemSizeGreater | The number of string splitting elements exceeds the specified value. |
StringMatch | Regular expression match. |
NotStringTrimIn | Valid values do not exist. |
StringTrimIn | Valid values exist. |
IsNotStringEmpty | Not empty. |
IsStringEmpty | Empty. |
NotStringContains | Not contain. |
StringContains | Contain. |
NotStringIn | Not exist. |
StringIn | Exist. |
NotStringEquals | Not equal to. |
StringEquals | Equal to. |
desired
The element desired can be left empty. An example operator is IsStringEmpty.