RESOURCE API REST API SERVICE API

POLICY API

This page describes the K2HR3 POLICY API. The purpose of the POLICY API is to define and list ACLs associated with K2HR3 RESOURCES. ACLs determine K2HR3 RESOURCE usage. Each ACL consists of a group of actions(READ, WRITE and EXECUTE) over a K2HR3 RESOURCE and a permission(ALLOW or DENY) to the group of actions. See the Basic usage page about how to apply K2HR3 POLICIes to K2HR3 ROLE’s members.

POST

Creates or updates a K2HR3 POLICY.

Endpoint(URL)

http(s)://API SERVER:PORT/v1/policy

Content-Type: application/json
x-auth-token: U=<Scoped User Token>

Request Body

{
    policy:    {
        name:      <policy name>
        effect:    <allow or deny>
        action:    [<action yrn full path>,...]
        resource:  [<resource yrn full path>,...]
        condition: null or undefined
        alias:     [<policy yrn full path>,...]
    }
}

Response status

201、40x

Response Body(JSON)

{
    result:     <true/false>
    message:    <null or error message string>
}

PUT

Creates or updates a K2HR3 POLICY.

Endpoint(URL)

http(s)://API SERVER:PORT/v1/policy?urlarg

Header

Content-Type: application/json
x-auth-token: U=<Scoped User Token>

URL Arguments

Response status

201、40x

Response Body(JSON)

{
    result:     <true/false>
    message:    <null or error message string>
}

GET

Lists all available policies if a scoped user token request header is specified. If the service name is provided, the POLICY API lists the all policies under the service in YRN form. The POLICY API will match them with the requested policy in the URL path in YRN form.

Endpoint(URL)

http(s)://API SERVER:PORT/v1/policy/policy path or yrn full policy path{?service=service name}

Header

Content-Type: application/json
x-auth-token: U=<Scoped User Token>

URL argument

Response status

200、40x

Response Body(JSON)

{
    result:     <true/false>
    message:    <null or error message string>
    policy:    {
        name:       <policy name>,
        effect:     <allow or deny>,
        action:     [<action yrn full path>, ...],
        resource:   [<resource yrn full path>, ...],
        alias:      [<policy yrn full path>, ...]
    }
}

Validates information of a policy(including the actions if a TENANT name and a resource are specified in YRN form)

Endpoint(URL)

http(s)://API SERVER:PORT/v1/policy/yrn full policy path?urlarg

Header

Content-Type: application/json

URL Arguments

Response status

204、40x

Response Body(JSON)

Empty

DELETE

Deletes a policy.

Endpoint(URL)

http(s)://API SERVER:PORT/v1/policy/policy path or yrn full policy path

Header

Content-Type: application/json
x-auth-token: U=<Scoped User Token>

Response status

204、40x

Response Body(JSON)

RESOURCE API REST API SERVICE API