Skip to main content
Both meta-connectors use the Common Expression Language (CEL) for data transformation. CEL is a simple, fast, and secure expression language - a safer alternative to embedding arbitrary code in your config.

Basic field mapping

map:
  id: ".id"                                           # Direct field access
  display_name: ".first_name + ' ' + .last_name"      # String concatenation
  status: ".is_active ? 'enabled' : 'disabled'"       # Ternary

Available functions

FunctionPurposeExample
lowercase()Convert to lowercaselowercase(.email)
uppercase()Convert to uppercaseuppercase(.code)
titlecase()Title casetitlecase(.name)
trim()Remove whitespacetrim(.value)
match()Regex matchingmatch(.email, ".*@corp\\.com")
extract()Extract regex groupextract(.urn, "user-([0-9]+)")
replace()String replacementreplace(.name, {"old": "_", "new": "-"})
get()Get with defaultget(.optional, "default")
has()Check field existshas(input.employee_id)
parse_json()Parse JSON stringparse_json(.metadata).type
json_path()Extract from JSONjson_path(.data, "user.name")

Context variables

Available variables depend on context:
VariableAvailable inPurpose
item or .columnList/GrantsCurrent row/item
resourceGrants, ProvisioningCurrent resource
principalProvisioningUser being granted/revoked
entitlementProvisioningEntitlement being modified
inputAccount creationUser-provided form values
passwordAccount creationGenerated password

Common patterns

Conditional field mapping

account_type: ".type == 'employee' ? 'human' : 'service'"

Null handling

last_login: ".last_login != null ? string(.last_login) : ''"

String operations

# Lowercase email
email: "lowercase(.email)"

# Build full name
display_name: ".first_name + ' ' + .last_name"

# Extract username from email
username: "extract(.email, '([^@]+)@.*')"

Type conversion

# Convert numeric ID to string
id: "string(.numeric_id)"

Field existence check

# Use optional field with fallback
department: "has(input.department) ? input.department : 'Unknown'"

Skip conditions in grants

grants:
  - query: "SELECT * FROM role_members WHERE role_id = ?<role_id>"
    map:
      - skip_if: ".user_type == 'system'"    # Skip system accounts
        principal_id: ".user_id"
        principal_type: "user"
        entitlement_id: "member"

Quick reference

# Direct field access
".field_name"

# String concatenation
".first + ' ' + .last"

# Ternary
".active ? 'enabled' : 'disabled'"

# Null check
".value != null ? .value : 'default'"

# Type conversion
"string(.numeric_id)"

# Field existence check
"has(input.optional_field)"

# Lowercase/uppercase
"lowercase(.email)"
"uppercase(.code)"

HTTP authoring

baton-http for REST API integration

SQL authoring

baton-sql for database integration