ContX IQ: With _Application node as a subject, check whether a given subdomain is available, using optional pattern matching and a conditional CASE expression.
Implement a policy using OPTIONAL MATCH in the cypher, with the _Application node as subject.
Use case
In this case, we are going to use the application node (label _Application) as a subject.
When a new Application with new credentials is created, _Application and _AppAgent nodes are created in the IKG.
The AppAgent credentials are used to authenticate and execute CIQ queries with the _Application as an authenticated subject.
We add a filter with attribute: subject.external_id and value: $_appId (reserved value).
When the subject is _Application, the $_appId input does not need to be provided in the CIQ Execution and is automatically assigned the subject.external_id value.
We then try to find a Tenant that HAS a Property node of type 'subdomain' and with value matching $subdomain.
This is optional: if the subdomain doesn't exist, the match still continues (with tenant = null).
If a tenant was found (i.e. the subdomain is already taken), then is_subdomain_available = false.
If no tenant was found (i.e. subdomain not in use), then is_subdomain_available = true.
Requirements
- ServiceAccount credentials created in the IndyKite Hub for your organization.
- AppAgent credentials created in the IndyKite Hub, using the REST endpoints or using Terraform for your Project / Application.
Steps
1. Using the AppAgent credential as API Key (name: X-IK-ClientKey), ingest data in your IKG (IndyKite Knowledge Graph) using the script provided.
2. Using the ServiceAccount credential as Bearer token, create a CIQ Policy which designates the Subject node, the cypher and the nodes allowed to be agregated.
3. Using the ServiceAccount credential as Bearer token, create a CIQ Query in the context of the policy to check that a subdomain is available or not.
4. Using the AppAgent credential as API Key (name: X-IK-ClientKey), run a CIQ Execution to read the data.
Step 1
Ingest the nodes needed for this use case.
{
"nodes": [
{
"external_id": "tenant1",
"is_identity": false,
"type": "Tenant",
"properties": [
{
"type": "name",
"value": "Tenant1"
},
{
"type": "subdomain",
"value": "whocares"
}
]
},
{
"external_id": "tenant2",
"is_identity": false,
"type": "Tenant",
"properties": [
{
"type": "name",
"value": "Tenant2"
},
{
"type": "subdomain",
"value": "whatabout"
}
]
},
{
"external_id": "tenant3",
"is_identity": false,
"type": "Tenant",
"properties": [
{
"type": "name",
"value": "Tenant3"
}
]
}
]
}Step 2
Create a CIQ Policy which designates the Subject node, the cypher, and the nodes allowed to be agregated.
{
"meta": {
"policy_version": "1.0-ciq"
},
"subject": {
"type": "_Application"
},
"condition": {
"cypher": "MATCH (subject:_Application) WHERE subject.external_id = $_appId WITH subject OPTIONAL MATCH (tenant:Tenant)-[:HAS]->(subdomain:Property) WHERE subdomain.type = 'subdomain' AND subdomain.value = $subdomain WITH subject, CASE tenant WHEN tenant THEN false ELSE true END AS is_subdomain_available",
"filter": []
},
"allowed_reads": {
"nodes": [
"subject.*",
"tenant.*"
],
"aggregate_values": [
"is_subdomain_available"
]
}
}Request to create the CIQ Policy configuration using REST.
{
"project_id": "your_project_gid",
"description": "description of policy",
"display_name": "policy name",
"name": "policy-name",
"policy": "{\"meta\":{\"policy_version\":\"1.0-ciq\"},\"subject\":{\"type\":\"_Application\"},\"condition\":{\"cypher\":\"MATCH (subject:_Application) WHERE subject.external_id = $_appId WITH subject OPTIONAL MATCH (tenant:Tenant)-[:HAS]->(subdomain:Property) WHERE subdomain.type = 'subdomain' AND subdomain.value = $subdomain WITH subject, CASE tenant WHEN tenant THEN false ELSE true END AS is_subdomain_available\",\"filter\":[]},\"allowed_reads\":{\"nodes\":[\"subject.*\",\"tenant.*\"],\"aggregate_values\":[\"is_subdomain_available\"]}}",
"status": "ACTIVE",
"tags": []
}Request to read the CIQ Policy configuration using REST.
{
"id": "your_policy_configuration_gid"
}Step 3
Create a CIQ Query in the context of the policy to retrieve the designated properties.
{
"aggregate_values": [
"is_subdomain_available"
]
}Request to create a CIQ Query configuration using REST.
{
"project_id": "your_project_gid",
"description": "description of knowledge query",
"display_name": "knowledge query name",
"name": "knowledge-query-name",
"policy_id": "your_policy_gid",
"query": "{\"aggregate_values\":[\"is_subdomain_available\"]}",
"status": "ACTIVE"
}Read the CIQ Query Configuration.
{
"id": "your_knowledge_query_configuration_gid"
}Step 4
Run a CIQ Execution to get the designated information.
{
"id": "knowledge_query_gid",
"input_params": {
"subdomain": "whocares"
},
"page_token": 1
}CIQ Execution response.
{
"data": [
{
"aggregate_values": {
"is_subdomain_available": false
}
}
]
}