Skip to main content
Version: 1.1

Variable substitution

Axiomatics Policy DevOps (APD) supports variable substitution in policies, attribute connectors, test data, and other configurations. You can also define default values for variables where needed.

The following examples show variable substitution with and without default values:

${PIP_URL}
${PIP_URL:-http://ldap.myorganization.com}

You can use variables in the YAML files within your authorization domain. Environment variables are particularly useful for configuration that varies across environments (such as Dev and Prod). For instance, to set the logging level to INFO by default but allow enabling debug level in the Dev environment, you can use the following in your deployment.yaml:

deployment.yaml
...
logging:
  level: ${LOGLEVEL:-INFO}
...

Defining variables

You can define variable values either directly in your build.gradle file (suitable for non-sensitive data) or by inheriting them from the source environment (preferable for sensitive data).

  • Running unit tests

    Define variables within the test {} block in your build.gradle file:

    test {
        environment "LDAP_PIP_URL", "http://ldap-dev.myorg.com"
    }

  • Running tests against a specific ADS instance

    Define variables within the task definition in your build.gradle file:

    task test_DevEnv(type: Test) {
        group "verification"
        environment "ALFA_TEST_REMOTE_URL", "http://127.0.0.1:53491/authorize"
        environment "ALFA_TEST_REMOTE_USER", "pdp-user"
        environment "ALFA_TEST_REMOTE_PASSWORD", "secret"
    }

  • Running a local ADS instance

    Define variables when starting a local ADS instance:

    runAds {
     environment "LOGLEVEL", "debug"
    }

Accessing and passing environment variables

This section describes how to retrieve environment variables from the source environment and pass them to Gradle tasks.

To access the value of an environment variable from the source environment (your local machine or build server) when executing a Gradle task, use the following:

providers.environmentVariable("LDAP_PIP_PASSWORD").get()

To pass an environment variable from the source environment to a task, you can use the following in your build.gradle file:

build.gradle
 def  KEY_PIP_LDAP_PASSWORD = 'PIP_LDAP_PASSWORD'
 test {
    environment KEY_PIP_LDAP_PASSWORD, providers.environmentVariable(KEY_PIP_LDAP_PASSWORD).get()
 }
note

The source environment can be your local IDE or a Jenkins build server. Using environment variables allows you to securely store sensitive credentials in the Jenkins Secrets store.

You can also specify variables directly from the command line using standard methods:

  • Linux

    $ USER_WITH_ROLE_A=Bob PIP_PASSWORD=abc123 PIP_URL=http://ldapprod.acme.com ./gradlew test_ProductionEnv

  • Windows

    set USER_WITH_ROLE_A=Bob
    set PIP_PASSWORD=abc123
    set PIP_URL=http://ldapprod.acme.com
    gradlew test_ProductionEnv