YAML Tags
To use the custom tags with your preferred editor, you must make the editor aware of the custom tags.
For VS Code, for example, add these entries to your settings.json
:
{
"yaml.customTags": [
"!Condition sequence",
"!Context scalar",
"!Enumerate sequence",
"!Env scalar",
"!Find sequence",
"!Format sequence",
"!If sequence",
"!Index scalar",
"!KeyOf scalar",
"!Value scalar",
"!AtIndex scalar"
]
}
!KeyOf
Example:
policy: !KeyOf my-policy-id
Resolves to the primary key of the model instance defined by id my-policy-id.
If no matching entry can be found, an error is raised and the blueprint is invalid.
!Env
Example:
password: !Env my_env_var
Returns the value of the given environment variable. Can be used as a scalar with !Env my_env_var, default
to return a default value.
!Find
Examples:
configure_flow: !Find [authentik_flows.flow, [slug, default-password-change]]
configure_flow:
!Find [
authentik_flows.flow,
[!Context property_name, !Context property_value],
]
Looks up any model and resolves to the the matches' primary key. First argument is the model to be queried, remaining arguments are expected to be pairs of key=value pairs to query for.
!Context
Example:
configure_flow: !Context foo
Find values from the context. Can optionally be called with a default like !Context [foo, default-value]
.
!Format
Example:
name: !Format [my-policy-%s, !Context instance_name]
Format a string using python's % formatting. First argument is the format string, any remaining arguments are used for formatting.
!If
Minimal example:
# Short form
# !If [<condition>]
required: !If [true]
# Longer form
# !If [<condition>, <when true>, <when false>]
required: !If [true, true, false]
Full example:
attributes: !If [
!Condition [...], # Or any valid YAML or custom tag. Evaluated as boolean in Python
{
# When condition evaluates to true
dictionary:
{
with: { keys: "and_values" },
and_nested_custom_tags: !Format ["foo-%s", !Context foo],
},
},
[
# When condition evaluates to false
list,
with,
items,
!Format ["foo-%s", !Context foo],
],
]
Conditionally add YAML to a blueprint.
Similar to a one-line if, the first argument is the condition, which can be any valid yaml or custom tag. It will be evaluated as boolean in python. However, keep in mind that dictionaries and lists will always evaluate to true
, unless they are empty.
The second argument is used when the condition is true
, and the third - when false
. The YAML inside both arguments will be fully resolved, thus it is possible to use custom YAML tags and even nest them inside dictionaries and lists.
!Condition
Minimal example:
required: !Condition [OR, true]
Full example:
required: !Condition [
AND, # Valid modes are: AND, NAND, OR, NOR, XOR, XNOR
!Context instance_name,
!Find [authentik_flows.flow, [slug, default-password-change],
"My string",
123
]
Converts one or more arguments to their boolean representations, then merges all representations together. Requires at least one argument after the mode selection.
If only a single argument is provided, its boolean representation will be returned for all normal modes and its negated boolean representation will be returned for all negated modes.
Normally, it should be used to define complex conditions for use with an !If
tag or for the conditions
attribute of a blueprint entry (see the blueprint file structure). However, this is essentially just a boolean evaluator so it can be used everywhere a boolean representation is required.
!Enumerate
, !Index
and !Value
These tags collectively make it possible to iterate over objects which support iteration. Any iterable Python object is supported. Such objects are sequences ([]
), mappings ({}
) and even strings.
!Enumerate
tag:
This tag takes 3 arguments:
!Enumerate [<iterable>, <output_object_type>, <single_item_yaml>]
- iterable: Any Python iterable or custom tag that resolves to such iterable
- output_object_type:
SEQ
orMAP
. Controls whether the returned YAML will be a mapping or a sequence. - single_item_yaml: The YAML to use to create a single entry in the output object
!Index
tag:
This tag is only valid inside an !Enumerate
tag
This tag takes 1 argument:
!Index <depth>
- depth: Must be >= 0. A depth of 0 refers to the
!Enumerate
tag this tag is located in. A depth of 1 refers to one!Enumerate
tag above that (to be used when multiple!Enumerate
tags are nested inside each other).
Accesses the !Enumerate
tag's iterable and resolves to the index of the item currently being iterated (in case !Enumerate
is iterating over a sequence), or the mapping key (in case !Enumerate
is iterating over a mapping).
For example, given a sequence like this - ["a", "b", "c"]
, this tag will resolve to 0
on the first !Enumerate
tag iteration, 1
on the second and so on. However, if given a mapping like this - {"key1": "value1", "key2": "value2", "key3": "value3"}
, it will first resolve to key1
, then to key2
and so on.
!Value
tag:
This tag is only valid inside an !Enumerate
tag
This tag takes 1 argument:
!Value <depth>
- depth: Must be >= 0. A depth of 0 refers to the
!Enumerate
tag this tag is located in. A depth of 1 refers to one!Enumerate
tag above that (to be used when multiple!Enumerate
tags are nested inside each other).
Accesses the !Enumerate
tag's iterable and resolves to the value of the item currently being iterated.
For example, given a sequence like this - ["a", "b", "c"]
, this tag will resolve to a
on the first !Enumerate
tag iteration, b
on the second and so on. If given a mapping like this - {"key1": "value1", "key2": "value2", "key3": "value3"}
, it will first resolve to value1
, then to value2
and so on.
Minimal examples:
configuration_stages: !Enumerate [
!Context map_of_totp_stage_names_and_types,
SEQ, # Output a sequence
!Find [
!Format [
"authentik_stages_authenticator_%s.authenticator%sstage",
!Index 0,
!Index 0,
],
[name, !Value 0],
], # The value of each item in the sequence
]
The above example will resolve to something like this:
configuration_stages:
- !Find [
authentik_stages_authenticator_<stage_type_1>.authenticator<stage_type_1>stage,
[name, <stage_name_1>],
]
- !Find [
authentik_stages_authenticator_<stage_type_2>.authenticator<stage_type_2>stage,
[name, <stage_name_2>],
]
Similarly, a mapping can be generated like so:
example: !Enumerate [
!Context list_of_totp_stage_names,
MAP, # Output a map
[
!Index 0, # The key to assign to each entry
!Value 0, # The value to assign to each entry
],
]
The above example will resolve to something like this:
example:
0: <stage_name_1>
1: <stage_name_2>
Full example:
Note that an !Enumeration
tag's iterable can never be an !Item
or !Value
tag with a depth of 0
. Minimum depth allowed is 1
. This is because a depth of 0
refers to the !Enumeration
tag the !Item
or !Value
tag is in, and an !Enumeration
tag cannot iterate over itself.
example: !Enumerate [
!Context sequence, # ["foo", "bar"]
MAP, # Output a map
[
!Index 0, # Use the indexes of the items in the sequence as keys
!Enumerate [
# Nested enumeration
# Iterate over each item of the parent enumerate tag.
# Notice depth is 1, not 0, since we are inside the nested enumeration tag!
!Value 1,
SEQ, # Output a sequence
!Format [
"%s: (index: %d, letter: %s)",
!Value 1,
!Index 0,
!Value 0,
],
],
],
]
The above example will resolve to something like this:
"0":
- "foo: (index: 0, letter: f)"
- "foo: (index: 1, letter: o)"
- "foo: (index: 2, letter: o)"
"1":
- "bar: (index: 0, letter: b)"
- "bar: (index: 1, letter: a)"
- "bar: (index: 2, letter: r)"
!AtIndex
authentik 2024.12+
Minimal example:
value_in_sequence: !AtIndex [["first", "second"], 0] # Resolves to "first"
value_in_mapping: !AtIndex [{ "foo": "bar", "other": "value" }, "foo"] # Resolves to "bar"
Example with default value:
default_value: !AtIndex [["first"], 100, "default"] # Resolves to "default"
default_value: !AtIndex [["first"], 100] # Throws an error
Resolves to the value at a specific index in a sequence or a mapping.
If no value can be found at the specified index and no default is provided, an error is raised and the blueprint is invalid.