SOA3 Policy Management Service
Contents
Introduction
The SOA3 Policy Management Service is a REST Service providing the interfaces to perform Create, Read, Update and Delete operations on the policies stored on Argus. The current version of the Policy Management Service works on atomic policies, called rules while future versions will support rule combination to create complex policies.
The Policy Management Service is used by the Policy Management Portlet, which provides a human friendly interface, but it can also be used as a separated component to manage the policies with a general purpose REST client.
In this section the syntax of the REST methods provided is shown.
Methods
The root of all the REST requests is:
http(s)://hostname:port/policyService/policymanager
and the method exposed are the following:
- Create Rule
- Get Rule
- Get Rule Id
- Update Rule
- Delete Rule
- List Rules
- List Rules By Subjects
- List Rules By Action
- List Rules By Resource
Create Rule
POST <root-uri>/policyService/policymanager
Request Message Body:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
201 Created | the rule was created |
200 OK | The rule has been created, but optional parameters have not been added |
400 Bad Request | Invalid parameter or field names in the request.
|
Example:
Request:
PUT <root-uri>/policyService/policymanagerName> Content-Type: application/json { “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }
Response: 201 CREATED
Get Rule
GET <root-uri>/policyService/policymanager/{ruleId}"
Request Message Body:
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rule has been found and is in the body in JSON format |
404 Not Found | Rule not found. |
Example:
Request:
GET <root-uri>/policyService/policymanager/fdfv43f43c3124crcName>
Response: 200 OK
Content-Type: application/json { “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }
Get Rule ID
POST <root-uri>/policyService/policymanager/ruleId"
Request Message Body:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rule idhas been found and is in the body |
404 Not Found | Rule id not found. |
Example:
Request:
POST <root-uri>/policyService/policymanager/ruleidName> Content-Type: application/json { “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", }
Response: 200 OK Content-Type: plain/text fdsfvet5gv546u7n67n6n4n
Update Rule
PUT <root-uri>/policyService/policymanager/{ruleId}
Request Message Body:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | the rule has been updated |
304 Not Modified | The rule has not been modified for an error in the new parameters |
404 Not Found | Rule not found
|
Example:
Request:
PUT <root-uri>/policyService/policymanager/{ruleId}Name> Content-Type: application/json { “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }
Response: 200 OK
Delete Rule
DELETE <root-uri>/policyService/policymanager/{ruleId}"
Request Message Body:
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rule has been found and is in the body in JSON format |
400 Bad Request | Rule not deleted |
Example:
Request:
DELETE <root-uri>/policyService/policymanager/fdfv43f43c3124crcName>
Response: 200 OK
List Rules
GET <root-uri>/policyService/policymanager/rules"
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rules have been found and is in the body in JSON format |
Example:
Request:
GET <root-uri>/policyService/policymanager/rulesName>
Response: 200 OK
Content-Type: application/json beanList [{ “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }, { “attributes” : { "role" : "Guest"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102012-10112012", "timeRange" : "11:23-13:30", "permit" : "true" } ]
List Rules by Subject
There are two forms:
Single Attribute
GET <root-uri>/policyService/policymanager/subjects/{subjectid}/{subjectvalue}"
Request Message Body:
|
|
|
|
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rules have been found and is in the body in JSON format |
Example:
Request:
GET <root-uri>/policyService/policymanager/subjects/role/AdminName>
Response: 200 OK
Content-Type: application/json beanList [{ “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }, { “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102012-10112012", "timeRange" : "11:23-13:30", "permit" : "true" } ]
Multi Attributes
GET <root-uri>/policyService/policymanager/subjects/{subjects}"
Request Message Body:
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rules have been found and is in the body in JSON format |
Example:
Request:
GET <root-uri>/policyService/policymanager/subjects/<encodedString>Name>
Response: 200 OK
Content-Type: application/json beanList [{ “attributes” : { "role" : "Admin"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }, { “attributes” : { "role" : "Guest"}, "action" : "serviceClass:serviceName", "resource": "hostname", "dateRange" : "10102012-10112012", "timeRange" : "11:23-13:30", "permit" : "true" } ]
List Rules by Action
GET <root-uri>/policyService/policymanager/action/{action}"
Request Message Body:
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rules have been found and is in the body in JSON format |
Example:
Request:
GET <root-uri>/policyService/policymanager/action/serviceClass1:serviceName1Name>
Response: 200 OK
Content-Type: application/json beanList [{ “attributes” : { "role" : "Admin"}, "action" : "serviceClass1:serviceName1", "resource": "hostname", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }, { “attributes” : { "role" : "Guest"}, "action" : "serviceClass1:serviceName1", "resource": "hostname", "dateRange" : "10102012-10112012", "timeRange" : "11:23-13:30", "permit" : "true" } ]
List Rules by Resource
GET <root-uri>/policyService/policymanager/resource/{resource}"
Request Message Body:
|
|
|
|
|
|
|
|
HTTP Response:
Description:
HTTP Status | Description |
200 OK | The rules have been found and is in the body in JSON format |
Example:
Request:
GET <root-uri>/policyService/policymanager/resource/GHNPiseName>
Response: 200 OK
Content-Type: application/json beanList [{ “attributes” : { "role" : "Admin"}, "action" : "serviceClass1:serviceName1", "resource": "GHNPise", "dateRange" : "10102013-10112013", "timeRange" : "10:30-11:30", "permit" : "true" }, { “attributes” : { "role" : "Guest"}, "action" : "serviceClass1:serviceName1", "resource": "GHNPise", "dateRange" : "10102012-10112012", "timeRange" : "11:23-13:30", "permit" : "true" } ]