Attribute match criteria feature is something that I want to implement at some point, but it would have to affect all resources/attributes. The hard part for me is figuring out a good syntax that's easy to read but allows for the flexibility. Also deciding what to support.

Features, that might be useful:

• ALL/CONTAINS for array attributes
• eq, gt, lt, ge, le for numeric. Ex: user.uid ge 1000 (ensuring user doesn't have an id lower than 1000)
• Negation. ex: file.filetype != "file"

Example:

{
    "cnn.com": {
        "resolveable": true,
        "addrs": [
            "157.166.226.25",
            "157.166.226.26"
        ],
        "timeout": 500
    }
}

The above addr check does a "contains" check and will succeed so long as the two listed items are found in the result returned by the DNS server. If the DNS server returns 10 IPs it will still be considered a success.

A user might want to only succeed if the returned result is an exact match, a possible approach might be something like this:
"addrs": { "ALL": ["157.166.226.25", "157.166.226.26"] }