rule_expression

The expression of a single rule.

Three statuses of the expression are of interest. We want to know whether a rule is:

  • violated or valid;

  • active or inactive;

  • expired or not.

A rule can be violated, which means that the given rule condition is currently false.

A rule can also be inactive, which means that the given rule condition has never been true, but will be in the future.

The status of every possible rule expression can either:

  • always be "active";

  • trigger once, going from "inactive" to "active".

This gives us the definition of expired: A rule is expired if it is both violated and active, meaning that it doesn't allow the auth descriptor to be used and will never change state.

Examples:

Ruleactiveviolatedexpired
"time < 1000"truetruetrue
"time < 1e10"truefalsefalse
"time 1000"truefalsefalse
"time 1e10"falsetruefalse

Properties

Link copied to clipboard

The operator of the rule, e.g. "greater than"

Link copied to clipboard

The value the variable should be checked against, e.g. "1000"

Link copied to clipboard

The variable to check for validity, e.g. "timestamp"