Tagging policies
Tagging policies
Create policies that enforce proper tagging for catalogs.
Enterprise Marketplace allows you to create policies that verify whether the proper tags are applied to orders. The process involves creating one or more constraints, which are the values that you want to restrict the order to, and the key to which those constraints are to be assigned to. You then set the policy context, which is the logic that is applied to the constraints to determine whether the policy is met (true) or not met (false). You can then create a policy using that context that can be used to validate the tags during an order. These policies can be validated and managed using the relevant APIs.To access the APIs, complete these steps:
- Navigate to theDeveloper Console. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
- In theApplicationfield, selectCommon Discovery.
- In theServicefield, selecttags.
Skip directly to a step:
Creating a constraint
Constraints are the values that you want to limit the key-value pair to. Use the following API in the
TagConstraint
section to set the values for the constraint:- Method:POST
- API:http://tenant-url/api/tags/v1/constraints
- Payload (tagContraintRequest):
- operator:The operator used to determine whether the constraint is met or not. The following options are available:
- regex:Returns true if the input matches the specified regular expression.
- eq: Returns true if the input is equal to the specified value.
- ne: Returns true if the input is NOT equal to the specified value.
- range: Returns true if the input is within the specified range of values.
- in:Returns true if the input is equal to any of the values in the specified array.
- value:The value or values that you want to restrict the constant to. Separate the values with commas as shown in the example.
{ "operator": "ne", "value": "" }
Creating a key
After creating constraint values, you need to create the key to associate those values to using the following API in the
TagDefinition
section:- Method:POST
- API:http://tenant-url/api/tags/v1/definitions
- Payload (tagDefinitionRequest):
- alias:The display name of the key.
- default_value:What value is automatically entered if none is selected. Leave this blank if you do not want to set a default value.
- description:A more detailed explanation of the key.
- key:The name of the key in the code.
- mandatory:Whether it is mandatory to select a value for the key.
- _metadata:What the tag is intended to do.
- allowed_values:Values that the key is allowed to have.
{ "alias": [ "string" ], "default_value": "string", "description": "string", "key": "string", "mandatory": true, "_metadata": { "post_to_provider": true }, "allowed_values": [] }
Creating a policy
With the values and key that you created, you must create a policy using this API in the
TagPolicy
section that evaluates an order based on those values:- Method:POST
- API:/policies
- Payload (tagPolicyRequest):
- id:The ID of the context that you want to create. You can set this as desired.
- name:Provide a descriptive name for the policy.
- provider_code:The code of the provider you want the context to apply to
- resource_categories:The categories of resources that you want the context to apply to.
- resource_types:The types of resources that you want the context to apply to.
- definition_keys:Lists all the constraints that you want the context to look for. Enter the following information for each constraint. All constraints must be met for the context to return true.
- Operand:Select an operand for the rule. This can beand(all must be present),or(any of the keys must be present) oreq(the key must be present).
- key:The name of the key in the code. Note that this is not the alias, which is how the key is displayed to the user.
- constraint_ids:The ID of the constraint. This can be found in the output when you created your constraint.
{ "id": "01J1PTTM3HNHAR3SP9KFR5KP9Z", "name":"awsComputePolicy", "provider_code": "aws", "resource_categories": [ "compute" ], "resource_types": [ "vms" ], "definition_keys": [ { "and": [ { "key": "dept", "constraint_ids": [ { "id": "01J1PTH4DSEZN204JTQWNZ3DEF", "operator": "in", "value": [ "pdm", "qa" ], "created_at": "2024-07-22T12:32:16.197Z", "updated_at": "2024-07-22T12:32:16.197Z", "created_by": "[email protected]", "updated_by": "[email protected]" } ] }, { "key": "vmtypes", "constraint_ids": [ { "id": "01J1PT7JE7BQDJ762S0K375ABC", "operator": "in", "value": [ "8gb", "16gb" ], "created_at": "2024-07-22T12:31:52.96Z", "updated_at": "2024-07-22T12:31:52.96Z", "created_by": "[email protected]", "updated_by": "[email protected]" } ] } ] }, { "and": [ { "key": "dept", "constraint_ids": [ { "id": "01J1PTH4DSEZN204JTQWNZ3G8J", "operator": "eq", "value": "Engineering", "created_at": "2024-07-22T12:32:04.929Z", "updated_at": "2024-07-22T12:32:04.929Z", "created_by": "[email protected]", "updated_by": "[email protected]" } ] }, { "key": "vmtypes", "constraint_ids": [ { "id": "01J1PT7JE7BQDJ762S0K375GRD", "operator": "eq", "value": "32gb", "created_at": "2024-07-22T12:31:32.83Z", "updated_at": "2024-07-22T12:31:32.83Z", "created_by": "[email protected]", "updated_by": "[email protected]" } ] } ] }, { "eq": [ { "key": "dept", "constraint_ids": [ { "id": "01J1PTH4DSEZN204JTQWNZ3DEW", "operator": "in", "value": [ "pdm", "qa", "Engineering" ], "created_at": "2024-07-22T12:32:26.58Z", "updated_at": "2024-07-22T12:32:26.58Z", "created_by": "[email protected]", "updated_by": "[email protected]" } ] } ] } ], "_metadata": {}, "version": 0, "status":"active", "description": "sample policy for department and vmtypes validation", "created_at": "2024-07-22T12:33:26.809Z", "updated_at": "2024-07-22T12:33:26.809Z", "created_by": "[email protected]", "updated_by": "[email protected]" }
Validating a policy
You can validate the policy using this API in the
TagPolicy
section:- Method:POST
- API:http://tenant-url/api/tags/v1/policies/validate
- Payload (tagPolicyRequest):
- id:The ID of the policy you want to validate.
- name:Provide a descriptive name for the policy.
- description:Provide a more detailed explanation of what the policy does.
- status:What state the policy is in currently. The options are testing, ETC.
- constraint_ids:The constraints that you want to include in the policy in the following format:
[ [ { "key": "dept", "value": "Engineering" }, { "key": "vmtypes", "value": "16gb" } ], [ { "key": "dept", "value": "pdm" }, { "key": "vmtypes", "value": "16gb" } ], [ { "key": "dept", "value": "account" } ] ]
Managing a policy
To update any of these objects, you can use the method PUT with the same API with the ID of the object appended and the updated payload. You only need to include the parameters that you want to change. For example, to update a constraint, used the following API: /constraints/{id}. Other APIs will allow you to fetch and delete objects. Be careful when deleting objects that are used in other objects.
Do you have two minutes for a quick survey?
Take Survey
