SOA3 Policy Management Service

Introduction

SOA3 Policy Management Service is a REST Service providing the interfaces to perform Create, Read, Update and Delete operation on the policies stored on Argus. The current version of the Policy Management Service works on atomic policies, called rules: complex policies are combination of rules. Anyway SOA3 rules meet all the use cases of IMarine: future versions will support rule combination.

Policy Management Service is used by Policy Management Portlet, which provides a more human friendly interface, but it can also be used as a separated component to manage the policies with a general purpose REST client.

In this section the sintax of the REST methods provided is shown.

Methods

The root of all the REST requests is:

 http(s)://hostname:port/policyService/policymanager

and the method exposed are the following:

• Create Rule
• Get Rule
• Get Rule Id
• Update Rule
• Delete Rule
• List Rules
• List Rules By Subjects
• List Rules By Action
• List Rules By Resource

Create Rule

    POST <root-uri>/policyService/policymanager

Request Message Body:

Name	Type	Description	mandatory/optional
attributes	JSON Map	Attributes of the user/service to be authorized	mandatory
action	JSON String	Action, i.e. the service string (serviceClass:serviceName)	mandatory
resource	JSON String	Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")	mandatory
permit	JSON Boolean	A boolean value defining if the rule concerns a permit (true) or a deny (false)	mandatory
dateRange	JSON String	date range of validity of the policy (ddmmyyyy-ddmmyyyy)	optional
timeRange	JSON String	time range of validity of the policy (hhmm-hhmm)	optional

HTTP Response:

Description:

HTTP Status	Description
201 Created	the rule was created
200 OK	The rule has been created, but optional parameters have not been added
400 Bad Request	Invalid parameter or field names in the request.

Example:

Request:

    PUT <root-uri>/policyService/policymanagerName> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }

    Response:
    201 CREATED

Get Rule

    GET <root-uri>/policyService/policymanager/{ruleId}"

Request Message Body:

Name	Type	Description	mandatory/optional
ruleId	JSON String	The id of the rule requested	mandatory

HTTP Response:

Description:

HTTP Status	Description
200 OK	The rule has been found and is in the body in JSON format
404 Not Found	Rule not found.

Example:

Request:

    GET <root-uri>/policyService/policymanager/fdfv43f43c3124crcName> 

    Response:
    200 OK

    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }

Get Rule ID

    POST <root-uri>/policyService/policymanager/ruleId"

Request Message Body:

Name	Type	Description	mandatory/optional
attributes	JSON Map	Attributes of the user/service to be authorized	mandatory
action	JSON String	Action, i.e. the service string (serviceClass:serviceName)	mandatory
resource	JSON String	Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")	mandatory

HTTP Response:

Description:

HTTP Status	Description
200 OK	The rule idhas been found and is in the body
404 Not Found	Rule id not found.

Example:

Request:

    POST <root-uri>/policyService/policymanager/ruleidName> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
    }

    Response:
    200 OK
   Content-Type: plain/text
   fdsfvet5gv546u7n67n6n4n

Update Rule

    PUT <root-uri>/policyService/policymanager/{ruleId}

Request Message Body:

Name	Type	Description	mandatory/optional
ruleid	JSON String	the id of the rule to be updated	mandatory
attributes	JSON Map	Attributes of the user/service to be authorized	mandatory
action	JSON String	Action, i.e. the service string (serviceClass:serviceName)	mandatory
resource	JSON String	Resource, i.e. instance of the service considered, identified by the host name (.* means "all the instances")	mandatory
permit	JSON Boolean	A boolean value defining if the rule concerns a permit (true) or a deny (false)	mandatory
dateRange	JSON String	date range of validity of the policy (ddmmyyyy-ddmmyyyy)	optional (if null the value is deleted)
timeRange	JSON String	time range of validity of the policy (hhmm-hhmm)	optional (if null the value is deleted)

HTTP Response:

Description:

HTTP Status	Description
200 OK	the rule has been updated
304 Not Modified	The rule has not been modified for an error in the new parameters
404 Not Found	Rule not found

Example:

Request:

    PUT <root-uri>/policyService/policymanager/{ruleId}Name> 
    Content-Type: application/json
    {
     “attributes” : { "role" : "Admin"},
     "action" : "serviceClass:serviceName",
     "resource": "hostname",
     "dateRange" : "10102013-10112013",
     "timeRange" : "10:30-11:30",
     "permit" : "true"
    }

    Response:
    200 OK

Delete Rule

    DELETE <root-uri>/policyService/policymanager/{ruleId}"

Request Message Body:

Name	Type	Description	mandatory/optional
ruleId	JSON String	The id of the rule to be deleted	mandatory

HTTP Response:

Description:

HTTP Status	Description
200 OK	The rule has been found and is in the body in JSON format
400 Bad Request	Rule not deleted

Example:

Request:

    DELETE <root-uri>/policyService/policymanager/fdfv43f43c3124crcName> 

    Response:
    200 OK