This repository has been archived by the owner on Dec 5, 2023. It is now read-only.
generated from EOEPCA/um-service-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Integration Guide
Alvaro Villanueva edited this page Nov 11, 2021
·
8 revisions
- ⏬ Getting Started
- ⏬ Deploy and Configure the Policy Decision Point
- ⏬ Chart Configuration
▶️ Integration Guide (this page)- ⏬ Policy Management
- ⏬ Policy Language
- ⏬ Policy Checks
- ⏬ Policy Decision Endpoint API
The following Wiki page serves as an Integration Guide for Client Applications willing to utilize the policy protection platform for the policy decision point.
All endpoints described in this Integration Guide can be found in the following available discovery documents:
- OIDC Endpoints
https://<HOSTNAME>/.well-known/openid-configuration
- UMA Endpoints:
https://<HOSTNAME>/.well-known/uma2-configuration
In order to interact with policy operations for the PDP, it is mandatory to pass an Authenticated user to it by giving an ID_TOKEN. The endponint will receive any REST request in order to insert, delete, update and fetch policies and some mandatory parameters such as:
- Parameters:
- headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
- Response:
- 200: lists all policies filtered by ownership ID. Ownership ID is extracted from the OpenID Connect Token.
- Example:
curl -XGET https://<HOSTNAME>/policy -H 'Content-Type: application/json, Authorization: Bearer <ID_TOKEN>'
- Parameters:
- payload: JSON format with policy configuration as defined in Policy Language
- headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
- Response:
- 200: JSON format with policy data
- 401: Unauthorized
- 404: Not found
- Example:
curl -k -v -XPOST 'http://<DOMAIN>/policy/' -H 'Content-Type: application/json, Authorization: Bearer <OAuth access_token or JWT id_token>' -d '{"name":"NewPolicy","description":"Description for this new policy","config":{"resource_id":"6666666","action":"view","rules":[{"AND":[{"EQUAL":{"userName":"admin"}}]}]},"scopes":["oidc"]}'
- Parameters:
- headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
- Response:
- 200: JSON format of the policy asked
- 404: Policy not found
- Example:
Get by policy id:
curl -k -v -XGET 'http://<DOMAIN>/policy/5f32f236ea1bacfddd396e97' -H 'Content-Type: application/json, Authorization: Bearer <ID_TOKEN>'
Get by corresponding resource id:
curl -k -v -XGET 'http://<DOMAIN>/policy/5f339a1e8e8f28850cb2e6e7' -H 'Content-Type: application/json, Authorization: Bearer <ID_TOKEN>' -d '{"resource_id": "6666666"'
The policy specified will be updated with the content within the payload
- Parameters:
- payload: JSON format with policy content
- headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
- Response:
- 200: JSON format with policy data
- 401: Unauthorized
- 404: Not found
- Example:
curl -k -v -XPOST 'http://<DOMAIN>/policy/5f32f236ea1bacfddd396e97' -H 'Content-Type: application/json, Authorization: Bearer <OAuth access_token or JWT id_token>' -d '{"name":"NewPolicyChanged","description":"Description for this new policy changed","config":{"resource_id":"6666666","action":"view","rules":[{"AND":[{"EQUAL":{"userName":"admin"}}]}]},"scopes":["Authorized"]}'
- Parameters:
- headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
- Response:
- 200: Policy deleted
- 401: Unauthorized
- 404: Not found
- Example:
curl -k -v -XDELETE 'http://<DOMAIN>/policy/5f32f236ea1bacfddd396e97' -H 'Content-Type: application/json, Authorization: Bearer <ID_TOKEN>'
⏭️ Next step: Policy Management