The policy script file defines policy configuration in two parts:
-
A policy configuration object, which defines each element of the policy.
-
A policy implementation function, which describes the requirements that are enforced by that policy.
Together, the configuration object and the implementation function determine whether an object is valid in terms of the policy. The following extract from the policy script file configures a policy that specifies that the value of a property must contain a certain number of capital letters.
...
{ "policyId" : "at-least-X-capitals",
"clientValidation": true,
"policyExec" : "atLeastXCapitalLetters",
"policyRequirements" : ["AT_LEAST_X_CAPITAL_LETTERS"]
},
...
function atLeastXCapitalLetters(fullObject, value, params, property) {
var reg = /[(A-Z)]/g;
if (typeof value !== "string" || !value.length || value.match(reg)
=== null || value.match(reg).length < params.numCaps) {
return [ {
"policyRequirement" : "AT_LEAST_X_CAPITAL_LETTERS",
"params" : {
"numCaps": params.numCaps
}
}
];
}
return [];
}
...
To enforce user passwords that contain at least one capital letter, the previous policy ID is applied to the appropriate resource and the required number of capital letters is defined in the policy configuration file, as described in Section 7.1.2, “Policy Configuration File”.
