Documentation
Policies Reference
Customization
Conditions
Express Gateway comes with a core set of conditions. These conditions can be used throughout all policies in Express Gateway. Additional conditions may also be added through Express Gateway plugins.
Action Conditions
Each Policy Action in a pipeline can be gated with a condition specification. Each condition specification is in the format:
Usage
condition:
name: condition-name # examples: always; never;
some-param-1: p1 # if condition requires parameters they are listed here
some-param-2: p1 #
Full Example
pipelines:
default:
apiEndpoints:
- api
policies:
-
simple-logger: # policy name
- # array of Actions optionally gated by a condition
condition: # this action is executed only if path is exactly /v1
name: pathExact
path: /v1
action:
message: "V1: ${req.originalUrl}"
- # executed only after previous action is completed
condition: # this action is executed only if path is exactly /v2
name: pathExact
path: /v2
action:
message: "V2: ${req.originalUrl}"
- # executed only after previous two actions are completed
action: # no condition, always executed
message: "GENERIC: ${req.method}"
-
proxy: # policy name
- # array of objects with condition\action properties
action:
serviceEndpoint: example
Conditions Reference
pathExact
Matches if the request’s path is equal to path parameter.
condition:
name: pathExact
path: "/foo/bar"
pathMatch
Matches if the request’s path matches the given regular expression parameter.
condition:
name: pathMatch
pattern: "/foo(/bar)?"
method
Matches if the request’s method matches the methods parameter.
The parameter can be either a string (e.g. ‘GET’) or an array of such strings.
condition:
name: method
methods: GET
condition:
name: method
methods:
- GET
- POST
hostMatch
Matches if the Host header passed with the request matches the parameter.
Parameter pattern should be a wildcard\string expression.
condition:
name: hostMatch
pattern: '*.example.com'
expression
Matches execution result of JS code provided in expression property.
Code is executed in limited space that has access only to egContext.
condition:
name: expression
expression: "req.url.length>5"
# will match for for path /long_path
# will not match /a
See more info about egContext Also check Expression policy
In addition, several Conditions are provided that allow you to create logical combinations of conditions. The parameters to these conditions should be other condition statements:
allOf
Matches only if all of its parameters match.
{
"condition":{
"name": "allOf",
"conditions": [
{"name":"pathExact", "path": "/foo/bar"},
{ "name":"not",
"condition":{ "name":"method", "methods": ["POST", "HEAD"]}
}
]
}
}
condition:
name: allOf
conditions:
-
name: pathExact
path: /foo/bar
-
name: not
condition:
name: method
methods:
- POST
- HEAD
The above will match only if the exact request path is “/foo/bar” and the request is not a POST or HEAD.
oneOf
Matches if at least one of its parameters matches.
{
"condition":{
"name": "oneOf",
"conditions": [
{"name":"pathExact", "path": "/foo/bar"},
{ "name":"not",
"condition":{ "name":"method", "methods": ["POST", "HEAD"]}
}
]
}
}
condition:
name: oneOf
conditions:
-
name: pathExact
path: /foo/bar
-
name: not
condition:
name: method
methods:
- POST
- HEAD
The above will match if the exact request path is “/foo/bar” or the request is not a POST or HEAD.
not
Invert condition result
condition:
name: not
condition: # negates the condition
name: method
methods:
- POST
- HEAD
Will match only if method is other than POST and HEAD
authenticated
Matches if the current request is authenticated.
condition:
name: authenticated
anonymous
Matches if the current request is not authenticated.
condition:
name: anonymous
tlsClientAuthenticated
Matches if the current request came with a valid client certificate
condition:
name: tlsClientAuthenticated
json-schema
Matches if the current request body came with a payload that passes the specified schema validation
condition:
name: json-schema
schema:
type: object
properties:
name:
type: string
age:
type: number
required:
- name
- age
In the example shown above, the request’s body must have a name and age properties, respectively a string and a number and they’re both required.
You can put any valid JSON Schema in it, but it can’t currently resolve references.
Since any JSON is a valid YAML, you can also put a JSON Schema that’s coming from another source:
condition:
name: json-schema
schema: {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"age": {
"type": "number"
}
},
"required": [
"name",
"age"
]
}
Best Practice Note
While it is possible to build quite complicated condition tree, huge trees could greatly affect readability of your EG configuration. In such cases it could be better to have multiple api endpoints and pipelines
The following two configs are equivalent, however we believe variant B is easier to read.
Conditions Based Config - Variant A
serviceEndpoints:
admin: # will be referenced in proxy policy
url: 'http://admin.com'
staff: # will be referenced in proxy policy
url: 'http://staff.com'
apiEndpoints:
api:
host: '*'
paths:
- /admin
- /staff
pipelines:
api:
apiEndpoints:
- api
policies:
-
proxy:
-
condition:
name: pathExact
path: /admin
action:
serviceEndpoint: admin # see declaration above
-
condition:
name: pathExact
path: /staff
action:
serviceEndpoint: staff # see declaration above
Conditions Based Config - Variant B
serviceEndpoints:
admin: # will be referenced in proxy policy
url: 'http://admin.com'
staff: # will be referenced in proxy policy
url: 'http://staff.com'
apiEndpoints:
admin:
host: '*'
paths: /admin
staff:
host: '*'
paths: /staff
pipelines:
admin:
apiEndpoints:
- admin
policies:
proxy:
- # note: no condition at all
action:
name: proxy
serviceEndpoint: admin
staff:
apiEndpoints:
- staff
policies:
-
proxy:
- # note: no condition at all
action:
name: proxy
serviceEndpoint: staff