Each policy definition has a SCAN script for the life cycle stage to assess the compliance state of a deployment. Application Services calls the policy scan action script prior to performing operations, except the teardown process, on the deployment or when a user explicitly initiates a policy scan on the deployment.
About this task
The scan action script includes a model of deployment as defined in Application Services REST API specification. The scan action script also receives additional components used in blueprint for the deployment.
You must create policy instances in specific deployment environments to enable policies. If a policy violation occurs during deployment, it is flagged and you can view the violation details in the compliance view summary page.
Java Script is the only supported language for authoring policy definition scripts.
Policy properties defined in a policy definition are supplied to the script as individual variables. The script can access them by declaring a variable with same name as the property name.
Policy scripts are expected to output the following properties to communicate the result of the compliance assessment. Scripts must declare them as variables.
Script Output Variable
Type of string that is mandatory. If script fails to set it then the compliance result is assumed as an Error.
The valid values for the variable are:
Type of string.
This optional value provides a high-level summary of the reason behind policy violation. Value can be any string with less than 2048 characters.
The scripts can create log messages with the standard println function available in Java Script. The log is captured by Application Services, which is useful to diagnose errors in policy scripts or provide details for a policy assessment result.
Log in to Application Services as an application cloud administrator and an application publisher and deployer.
Verify that at least one policy is created in the library. See Add a Policy to the Library.
- On the Application Services title bar, click the drop-down menu and select .
- Open a policy to add a policy definition script.
- In the Script column, click the hyperlink to open the Edit Script dialog box.
You can refer to the existing predefined policy definitions and create a script in the dialog box.
- Click OK.
What to do next
Specifying a policy definition has no impact on deployments unless you create a policy instance in a deployment environment to enable that policy definition on all of the deployments under the deployment environment. See Create a Policy Instance.