Map policies to a deployable to define the validation processes that the config data must pass. You can map policies to a deployable using static mapping or dynamic mapping.

Before you begin

Important: Starting with the Washington DC release, DevOps Config is being prepared for future deprecation. It will be hidden and no longer installed on new instances but will continue to be supported. For details, see the Deprecation Process [KB0867184] article in the Now Support Knowledge Base.

Role required: cdm_policy_editor or cdm_editor or cdm_admin

About this task

Policies validate any changes to the mapped deployable. Whenever changes that affect a deployable are committed, the system generates a new snapshot of the deployable and then executes all mapped policies against the snapshot. You can also manually execute a policy at any time (for example, to test a policy operation).

Procedure

  1. On the Policies tab for an application, select Manage static mappings.
    The Manage static mappings page lists all deployables that have mapped policies. Policies are grouped by the deployable to which they’re mapped.
  2. Select Add.
    The Map Policies dialog box displays with a list of available policies.
  3. Select a deployable against which the policies should be executed.
  4. Select the policies in the Policies list.
    You can map any number of policies.
  5. Select Map Policies.
    On the Manage static mappings page, the deployable is updated with the list of mapped policies.
    Table 1. Mapped Policies list - Columns
    Column headerDescription
    Policy name Name of the policy. Policies appear grouped under the deployable to which they’re mapped.
    Input Policy settings that are configurable.
    Dynamic mapping Identifier to denote whether the policy is mapped dynamically or statically.
    • true: The policy is mapped dynamically based on the defined conditions.
    • false: The policy is mapped statically.
    Condition Business conditions based on which the policy is mapped dynamically to specific deployables.

    For example, to dynamically map policies to only deployables that have the environment type as production, you can define the condition as: [Environment][is][Production].

    For more information on defining a condition, see Map PaCE policies using Dynamic Mapping.
    Description Description of the policy, specifying what it validates.
    Category Identifier that enables policy grouping. For example, Production Policies.
    Input status Validation state of the mapping inputs in the policy.
    Note:
    • This information reflects the validity of the input settings (that is, the readiness of the policy to perform validation).
    • All mapping inputs are valid on insertion. Inputs become invalid if the policy version is archived or deleted.
    • This value does not indicate whether the snapshot passed validation (that is, whether the snapshot is compliant).
    State Mapping state of the policy with the deployable.

    Only mapped policies that are active execute during snapshot validation.
    Tags Tags that are associated with the policy.