SOA3 Policy Management Service

From Gcube Wiki
Jump to: navigation, search

Introduction

The SOA3 Policy Management Service is a REST Service providing the interfaces to perform Create, Read, Update and Delete operations on the policies stored on Argus. The current version of the Policy Management Service works on atomic policies, called rules while future versions will support rule combination to create complex policies.

The Policy Management Service is used by the Policy Management Portlet, which provides a human friendly interface, but it can also be used as a separated component to manage the policies with a general purpose REST client.

In this section the syntax of the REST methods provided is shown.

Methods

The root of all the REST requests is:

 http(s)://hostname:port/policyService/policymanager

and the method exposed are the following:

  • Create Rule
  • Get Rule
  • Get Rule Id
  • Update Rule
  • Delete Rule
  • List Rules
  • List Rules By Subjects
  • List Rules By Action
  • List Rules By Resource


Create Rule

    POST <root-uri>/policyService/policymanager

Request Message Body:

Name
Type
Description
mandatory/optional
attributes
JSON Map
Attributes of the user/service to be authorized
mandatory
action
JSON String
Action, i.e. the service string (serviceClass:serviceName)
mandatory
resource
JSON String
Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")
mandatory
permit
JSON Boolean
A boolean value defining if the rule concerns a permit (true) or a deny (false)
mandatory


dateRange
JSON String
date range of validity of the policy (ddmmyyyy-ddmmyyyy)
optional
timeRange
JSON String
time range of validity of the policy (hhmm-hhmm)
optional


HTTP Response:

Description:

HTTP Status Description
201 Created the rule was created
200 OK The rule has been created, but optional parameters have not been added
400 Bad Request Invalid parameter or field names in the request.



Example:

Request:

    PUT <root-uri>/policyService/policymanagerName> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }
    Response:
    201 CREATED


Get Rule

    GET <root-uri>/policyService/policymanager/{ruleId}"

Request Message Body:

Name
Type
Description
mandatory/optional
ruleId
JSON String
The id of the rule requested
mandatory


HTTP Response:

Description:

HTTP Status Description
200 OK The rule has been found and is in the body in JSON format
404 Not Found Rule not found.


Example:

Request:

    GET <root-uri>/policyService/policymanager/fdfv43f43c3124crcName> 


    Response:
    200 OK
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }

Get Rule ID

    POST <root-uri>/policyService/policymanager/ruleId"

Request Message Body:

Name
Type
Description
mandatory/optional
attributes
JSON Map
Attributes of the user/service to be authorized
mandatory
action
JSON String
Action, i.e. the service string (serviceClass:serviceName)
mandatory
resource
JSON String
Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")
mandatory


HTTP Response:

Description:

HTTP Status Description
200 OK The rule idhas been found and is in the body
404 Not Found Rule id not found.


Example:

Request:

    POST <root-uri>/policyService/policymanager/ruleidName> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
    }


    Response:
    200 OK
   Content-Type: plain/text
   fdsfvet5gv546u7n67n6n4n


Update Rule

    PUT <root-uri>/policyService/policymanager/{ruleId}

Request Message Body:

Name
Type
Description
mandatory/optional
ruleid
JSON String
the id of the rule to be updated
mandatory
attributes
JSON Map
Attributes of the user/service to be authorized
mandatory
action
JSON String
Action, i.e. the service string (serviceClass:serviceName)
mandatory
resource
JSON String
Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")
mandatory
permit
JSON Boolean
A boolean value defining if the rule concerns a permit (true) or a deny (false)
mandatory


dateRange
JSON String
date range of validity of the policy (ddmmyyyy-ddmmyyyy)
optional (if null the value is deleted)
timeRange
JSON String
time range of validity of the policy (hhmm-hhmm)
optional (if null the value is deleted)


HTTP Response:

Description:

HTTP Status Description
200 OK the rule has been updated
304 Not Modified The rule has not been modified for an error in the new parameters
404 Not Found Rule not found



Example:

Request:

    PUT <root-uri>/policyService/policymanager/{ruleId}Name> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }
    Response:
    200 OK


Delete Rule

    DELETE <root-uri>/policyService/policymanager/{ruleId}"

Request Message Body:

Name
Type
Description
mandatory/optional
ruleId
JSON String
The id of the rule to be deleted
mandatory


HTTP Response:

Description:

HTTP Status Description
200 OK The rule has been found and is in the body in JSON format
400 Bad Request Rule not deleted


Example:

Request:

    DELETE <root-uri>/policyService/policymanager/fdfv43f43c3124crcName> 


    Response:
    200 OK


List Rules

    GET <root-uri>/policyService/policymanager/rules"


HTTP Response:

Description:

HTTP Status Description
200 OK The rules have been found and is in the body in JSON format


Example:

Request:

    GET <root-uri>/policyService/policymanager/rulesName> 


    Response:
    200 OK
    Content-Type: application/json
    beanList [{
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    },
    {
     “attributes” : { "role" : "Guest"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102012-10112012",
     "timeRange" : "11:23-13:30",
     "permit" : "true"
    }
    ]


List Rules by Subject

There are two forms:

Single Attribute

    GET <root-uri>/policyService/policymanager/subjects/{subjectid}/{subjectvalue}"


Request Message Body:

Name
Type
Description
mandatory/optional
subjectid
JSON String
the id of the attribute (e.g. role)
mandatory
subjectvalue
JSON String
the value of the attribute (e.g. Admin)
mandatory

HTTP Response:

Description:

HTTP Status Description
200 OK The rules have been found and is in the body in JSON format


Example:

Request:

    GET <root-uri>/policyService/policymanager/subjects/role/AdminName> 


    Response:
    200 OK
    Content-Type: application/json
    beanList [{
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    },
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102012-10112012",
     "timeRange" : "11:23-13:30",
     "permit" : "true"
    }
    ]


Multi Attributes

    GET <root-uri>/policyService/policymanager/subjects/{subjects}"


Request Message Body:

Name
Type
Description
mandatory/optional
subjects
JSON String
Base64(attributeName1=attributeValue1:attributeName2=attributeValue2....)
mandatory

HTTP Response:

Description:

HTTP Status Description
200 OK The rules have been found and is in the body in JSON format


Example:

Request:

    GET <root-uri>/policyService/policymanager/subjects/<encodedString>Name> 


    Response:
    200 OK
    Content-Type: application/json
    beanList [{
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    },
    {
     “attributes” : { "role" : "Guest"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102012-10112012",
     "timeRange" : "11:23-13:30",
     "permit" : "true"
    }
    ]


List Rules by Action

    GET <root-uri>/policyService/policymanager/action/{action}"


Request Message Body:

Name
Type
Description
mandatory/optional
action
JSON String
the service string (serviceClass:serviceName)
mandatory

HTTP Response:

Description:

HTTP Status Description
200 OK The rules have been found and is in the body in JSON format


Example:

Request:

    GET <root-uri>/policyService/policymanager/action/serviceClass1:serviceName1Name> 


    Response:
    200 OK
    Content-Type: application/json
    beanList [{
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass1:serviceName1",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    },
    {
     “attributes” : { "role" : "Guest"},
     "action" : "serviceClass1:serviceName1",
     "resource": "hostname",
     "dateRange" : "10102012-10112012",
     "timeRange" : "11:23-13:30",
     "permit" : "true"
    }
    ]

List Rules by Resource

    GET <root-uri>/policyService/policymanager/resource/{resource}"


Request Message Body:

Name
Type
Description
mandatory/optional
resource
JSON String
the service instance, i.e. the hostname
mandatory

HTTP Response:

Description:

HTTP Status Description
200 OK The rules have been found and is in the body in JSON format


Example:

Request:

    GET <root-uri>/policyService/policymanager/resource/GHNPiseName> 


    Response:
    200 OK
    Content-Type: application/json
    beanList [{
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass1:serviceName1",
     "resource": "GHNPise",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    },
    {
     “attributes” : { "role" : "Guest"},
     "action" : "serviceClass1:serviceName1",
     "resource": "GHNPise",
     "dateRange" : "10102012-10112012",
     "timeRange" : "11:23-13:30",
     "permit" : "true"
    }
    ]