Cisco
Login
Search
Software Secure Workload
Activity Configure

Manage Policy Lifecycle in Secure Workload Create and Discover Policies Policy Templates Create Custom Policy Templates JSON Schema for Policy Templates

Last updated: Jun 09, 2025

JSON Schema for Policy Templates

The policy template JSON schema is designed to mimic the schema of exported application workspace versions. You can create a set of policies in a workspace, export it as JSON, modify the JSON, then import as a policy template.

Attribute

Type

Description

name

string

(optional) Used as the name of the template during import.

description

string

(optional) Template description that is displayed during the apply process.

parameters

parameters object

Template parameters, see below.

absolute_policies

array of policy objects

(optional) Array of absolute policies.

default_policies

array of policy objects

(required) Array of default policies, can be empty.

Parameters Object

The parameters object is optional but can be used to dynamically define filters as parameters to the template. The parameters are referenced using the consumer_filter_ref or provider_filter_ref policy attributes.

The keys of the parameters object are the reference names. The values are an object with a required "type": "Filter" and an optional description. An example Parameters object is shown below:


  {
    "parameters": {
      "HTTP Consumer": {
        "type": "Filter",
        "description": "Consumer of the HTTP and HTTPS service"
      },
      "HTTP Provider": {
        "type": "Filter",
        "description": "Provider of the HTTP and HTTPS service"
      }
    }
  }

The parameters can be referenced in the policy objects, for example: "consumer_filter_ref": "HTTP Consumer" or "provider_filter_ref": "HTTP Provider".

Special Parameter References

A few special references automatically map to a filter and do not need to be defined as parameters.

Ref

Description

_workspaceScope

Resolves to the scope of the workspace to which the template is being applied.

_rootScope

Resolves to the root/top level scope.

Policy Object

To maintain compatibility with the workspace export JSON, the policy object contains multiple keys for consumers and providers. They are resolved as follows: 


        if *_filter_ref is defined
    use the filter resolved by that parameter
  else if *_filter_id is defined
    use the filter referenced by that id
  else if *_filter_name is defined
    use the filter that has that name
  else
    use the workspace scope.

If a filter cannot be resolved as defined above, an error is returned both at the time of application and at the time of upload.

Attribute

Type

Description

action

string

(optional) Action of the policy, ALLOW, or DENY (default ALLOW).

priority

integer

(optional) The priority of the policy (default 100).

consumer_filter_ref

string

Reference to a parameter.

consumer_filter_name

string

Reference to a filter by name.

consumer_filter_id

string

ID of a defined Scope or Inventory Filter.

provider_filter_ref

string

Reference to a parameter.

provider_filter_name

string

Reference to a filter by name.

provider_filter_id

string

ID of a defined Scope or Inventory Filter.

l4_params

array of l4params

List of allowed ports and protocols.

Attribute

Type

Description

proto

integer

Protocol integer value (NULL means all protocols).

port

integer

Inclusive range of ports, for example, [80, 80] or [5000, 6000] (NULL means all ports).

L4param object

Attribute

Type

Description

proto

integer

Protocol integer value (NULL means all protocols).

port

integer

Inclusive range of ports, for example, [80, 80] or [5000, 6000] (NULL means all ports).
Previous topic Create Custom Policy Templates Next topic Template Sample