SOA3 Policy Management Service

From Gcube Wiki
Revision as of 10:58, 8 May 2013 by Ciro.formisano (Talk | contribs) (Created page with '==Introduction== SOA3 Policy Management Service is a REST Service providing the interfaces to perform Create, Read, Update and Delete operation on the policies stored on Argus. T…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

SOA3 Policy Management Service is a REST Service providing the interfaces to perform Create, Read, Update and Delete operation on the policies stored on Argus. The current version of the Policy Management Service works on atomic policies, called rules: complex policies are combination of rules. Anyway SOA3 rules meet all the use cases of IMarine: future versions will support rule combination.

Policy Management Service is used by Policy Management Portlet, which provides a more human friendly interface, but it can also be used as a separated component to manage the policies with a general purpose REST client.

In this section the sintax of the REST methods provided is shown.

Methods

The root of all the REST requests is:

 http(s)://hostname:port/policyService/policymanager

and the method exposed are the following:

  • Create Rule
  • Get Rule
  • Get Rule Id
  • Update Rule
  • Delete Rule
  • List Rules
  • List Rules By Subjects
  • List Rules By Action
  • List Rules By Resource



Create Rule

    POST <root-uri>/policyService/policymanager

Request Message Body:

Name
Type
Description
mandatory/optional
attributes
JSON Map
Attributes of the user/service to be authorized
mandatory
action
JSON String
Action, i.e. the service string (serviceClass:serviceName)
mandatory
resource
JSON String
Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")
mandatory
permit
JSON Boolean
A boolean value defining if the rule concerns a permit (true) or a deny (false)
mandatory


dateRange
JSON String
date range of validity of the policy (ddmmyyyy-ddmmyyyy)
optional
timeRange
JSON String
time range of validity of the policy (hhmm-hhmm)
optional


HTTP Response:

Description:

HTTP Status Description
201 Created the rule was created
200 OK The rule has been created, but optional parameters have not been added
400 Bad Request Invalid parameter or field names in the request.



Example:

Request:

    PUT <root-uri>/policyService/policymanagerName> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }
    Response:
    201 CREATED


Get Rule

    GET <root-uri>/policyService/policymanager/{ruleId}"

Request Message Body:

Name
Type
Description
mandatory/optional
ruleId
JSON String
The id of the rule requested
mandatory


HTTP Response:

Description:

HTTP Status Description
200 OK The rule has been found and is in the body in JSON format
404 Not Found Rule not found.


Example:

Request:

    GET <root-uri>/policyService/policymanager/fdfv43f43c3124crcName> 


    Response:
    200 OK
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }

Get Rule ID

    POST <root-uri>/policyService/policymanager/ruleId"

Request Message Body:

Name
Type
Description
mandatory/optional
attributes
JSON Map
Attributes of the user/service to be authorized
mandatory
action
JSON String
Action, i.e. the service string (serviceClass:serviceName)
mandatory
resource
JSON String
Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")
mandatory


HTTP Response:

Description:

HTTP Status Description
200 OK The rule idhas been found and is in the body
404 Not Found Rule id not found.


Example:

Request:

    POST <root-uri>/policyService/policymanager/ruleidName> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
    }


    Response:
    200 OK
   Content-Type: plain/text
   fdsfvet5gv546u7n67n6n4n


Update Rule

    PUT <root-uri>/policyService/policymanager/{ruleId}

Request Message Body:

Name
Type
Description
mandatory/optional
ruleid
JSON String
the id of the rule to be updated
mandatory
attributes
JSON Map
Attributes of the user/service to be authorized
mandatory
action
JSON String
Action, i.e. the service string (serviceClass:serviceName)
mandatory
resource
JSON String
Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")
mandatory
permit
JSON Boolean
A boolean value defining if the rule concerns a permit (true) or a deny (false)
mandatory


dateRange
JSON String
date range of validity of the policy (ddmmyyyy-ddmmyyyy)
optional (if null the value is deleted)
timeRange
JSON String
time range of validity of the policy (hhmm-hhmm)
optional (if null the value is deleted)


HTTP Response:

Description:

HTTP Status Description
200 OK the rule has been updated
304 Not Modified The rule has not been modified for an error in the new parameters
404 Not Found Rule not found



Example:

Request:

    PUT <root-uri>/policyService/policymanager/{ruleId}Name> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }
    Response:
    200 OK


Delete Rule

    DELETE <root-uri>/policyService/policymanager/{ruleId}"

Request Message Body:

Name
Type
Description
mandatory/optional
ruleId
JSON String
The id of the rule to be deleted
mandatory


HTTP Response:

Description:

HTTP Status Description
200 OK The rule has been found and is in the body in JSON format
400 Bad Request Rule not deleted


Example:

Request:

    DELETE <root-uri>/policyService/policymanager/fdfv43f43c3124crcName> 


    Response:
    200 OK