Expression Context Reference
Codiac expressions use JSONata — a lightweight query and transformation language for JSON. Anywhere Codiac accepts an expression, it evaluates it against a context object that describes the current deployment target.
For practical examples and recipes, see Expression Examples.
Context schema
tenant
| Field | Type | Description |
|---|---|---|
tenant.code | string | The tenant identifier |
enterprise
| Field | Type | Description |
|---|---|---|
enterprise.name | string | Name of the enterprise |
environment
| Field | Type | Description |
|---|---|---|
environment.name | string | Name of the environment |
cabinet
| Field | Type | Description |
|---|---|---|
cabinet.name | string | Name of the cabinet |
cabinet.namespace | string | The cabinet's internal runtime identifier |
cabinet.hostNaming | array | Host naming entries (used by the $hostmap() function) |
cluster
| Field | Type | Description |
|---|---|---|
cluster.name | string | Name of the cluster |
cluster.provider | string | Cloud provider: "azure", "aws", or "other" |
cluster.version | string | Cluster version |
cluster.location.code | string | Cloud region code (e.g. "eastus", "us-east-1") |
cluster.rbacEnabled | boolean | Whether RBAC is enabled on the cluster |
cluster.ingress.enabled | boolean | Whether ingress is enabled |
cluster.ingress.private | boolean | Whether ingress is private (internal-only) |
cluster.ingress.ip | string | undefined | Public IP address of the cluster's ingress |
cluster.ingress.ipResourceName | string | undefined | Cloud resource name for the ingress IP |
cluster.ingress.ipResourceId | string | undefined | Cloud resource ID for the ingress IP |
cluster.ingress.subnets.private | string[] | undefined | Private subnet identifiers |
cluster.ingress.subnets.public | string[] | undefined | Public subnet identifiers |
asset
| Field | Type | Description |
|---|---|---|
asset.name | string | Name of the asset |
asset.version | string | Version of the asset being deployed |
asset.name and asset.version are only available in config expressions (values and conditions). They are not available in deploy conditions, which are evaluated before configs are loaded.
secrets
Available in config setting values only. Before expression evaluation, Codiac scans all config values for secrets.* references, fetches each referenced store once, and injects the results into the expression context. Supported store types: Azure Key Vault, AWS Secrets Manager.
| Field | Type | Description |
|---|---|---|
secrets.<storeName>.<key> | string | A secret value fetched from the named KVP store at deploy time |
Example: @{secrets.myVault.DB_PASS} — fetches the DB_PASS key from the myVault store.
If a referenced store or key cannot be resolved, the deploy fails with a clear error pointing at the unresolved expression. To store @{secrets.*} as a literal rather than evaluating it, escape it as @@{secrets.*}.
For the relationship between secrets.* expressions and the sourcedSettings mechanism, see Expression Examples — Inline secrets.
Functions
Two functions are available inside any expression for resolving host names from the cabinet's ingress configuration.
$hostmap(strategy, domain)
Returns the concrete hostname for a given host naming strategy and domain.
Parameters:
strategy— the host naming strategy (e.g.,"svc_dot_cab_dot_domain")domain— the base domain (e.g.,"example.com")
Returns: The resolved hostname string (e.g., "my-api.dev-cabinet.example.com")
See Ingress and Domain Routing for full details on host naming strategies.
$hostmap_path(strategy, domain)
Same as $hostmap(), but returns the path prefix of the resolved URL instead of the hostname. Used with path-based ingress routing.
Where expressions are evaluated
| Feature | Context available | Behavior when expression is falsy |
|---|---|---|
| Config setting value | Full context including asset.* and secrets.* | The value is the expression result |
| Config setting condition | Full context including asset.* | Setting is omitted from the deployment |
| Asset deploy condition | Context without asset.* or secrets.* | Asset is skipped with a reason message |
JSONata basics
JSONata is designed to be readable. A few useful patterns:
| Goal | Expression |
|---|---|
| Field access | environment.name |
| String equality | environment.name = "prod" |
| String concatenation | "https://" & asset.name & ".example.com" |
| Boolean check | cluster.ingress.enabled |
| Negation | cluster.ingress.private = false |
For the full JSONata reference, see jsonata.org.
What's next
- Expression Examples — Common recipes for real workflows
- Manage configs — Using expressions in config values and conditions
- Ingress and Domain Routing — Using
$hostmap()to resolve domain names