kyverno/documentation/writing-policies-preconditions.md

<small>*[documentation](/README.md#documentation) / [Writing Policies](/documentation/writing-policies.md) / Preconditions*</small>

# Preconditions

Preconditions allow controlling policy rule execution based on variable values.

While `match` & `exclude` conditions allow filtering requests based on resource and user information, `preconditions` can be used to define custom filters for more granular control.

The following operators are currently supported for preconditon evaluation:
- Equal
- NotEqual
- In
- NotIn

## Example

```yaml
  - name: generate-owner-role
    match:
      resources:
        kinds:
        - Namespace
    preconditions:
    - key: "{{serviceAccountName}}"
      operator: NotEqual
      value: ""
```

In the above example, the rule is only applied to requests from service accounts i.e. when the `{{serviceAccountName}}` is not empty.

```yaml
  - name: generate-default-build-role
    match:
      resources:
        kinds:
        - Namespace
    preconditions:
    - key: "{{serviceAccountName}}"
      operator: In
      value: ["build-default", "build-base"]
```

In the above example, the rule is only applied to requests from service account with name `build-default` and `build-base`.


<small>*Read Next >> [Auto-Generation for Pod Controllers](/documentation/writing-policies-autogen.md)*</small>
update docs for new features 2020-02-06 00:04:19 -08:00			`<small>[documentation](/README.md#documentation) / [Writing Policies](/documentation/writing-policies.md) / Preconditions</small>`

			`# Preconditions`

			`Preconditions allow controlling policy rule execution based on variable values.`

			While `match` & `exclude` conditions allow filtering requests based on resource and user information, `preconditions` can be used to define custom filters for more granular control.

			`The following operators are currently supported for preconditon evaluation:`
			`- Equal`
			`- NotEqual`
updated readme 2020-06-25 17:51:53 +05:30			`- In`
			`- NotIn`
update docs for new features 2020-02-06 00:04:19 -08:00
			`## Example`

			```yaml
			`- name: generate-owner-role`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`preconditions:`
			`- key: "{{serviceAccountName}}"`
			`operator: NotEqual`
			`value: ""`
			```

			In the above example, the rule is only applied to requests from service accounts i.e. when the `{{serviceAccountName}}` is not empty.

updated readme 2020-06-25 17:51:53 +05:30			```yaml
			`- name: generate-default-build-role`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`preconditions:`
			`- key: "{{serviceAccountName}}"`
			`operator: In`
			`value: ["build-default", "build-base"]`
			```

			In the above example, the rule is only applied to requests from service account with name `build-default` and `build-base`.

update docs for new features 2020-02-06 00:04:19 -08:00
			`<small>Read Next >> [Auto-Generation for Pod Controllers](/documentation/writing-policies-autogen.md)</small>`