diff options
Diffstat (limited to 'docs/drools/guardpdp.rst')
-rw-r--r-- | docs/drools/guardpdp.rst | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/docs/drools/guardpdp.rst b/docs/drools/guardpdp.rst index 797557fc..0fdb4ab2 100644 --- a/docs/drools/guardpdp.rst +++ b/docs/drools/guardpdp.rst @@ -3,23 +3,23 @@ .. http://creativecommons.org/licenses/by/4.0 ************************ -Using guard in the PDP-D +Using guard in the PDP-D ************************ .. contents:: :depth: 2 -This guide will help configure and test guard connection from PDP-D to PDP-X. This guide assumes that the PDP-D is installed and running policy properly with other properties being set properly. +This guide will help configure and test the guard connection from PDP-D (drools-pdp) to PDP-X (xacml-pdp). This guide assumes that the PDP-D is installed and running policy properly with other properties being set properly. Configuration -^^^^^^^^^^^^^ +^^^^^^^^^^^^^ Prerequisites ------------- Stop Policy, open, and verify the config: -- Stop policy with *policy stop* +- Stop policy with **policy stop** - Open *$POLICY_HOME/config/controlloop.properties.environment* - Make sure the *sql.db.host*, *sql.db.username* and *sql.db.password* are set correctly @@ -39,7 +39,7 @@ Guard Properties **guard.disabled** - For enabling / disabling guard functionality. - For example, to enable set it to false. - - When this is set to true, the previous two properties will be ignored. + - When this is set to true, the previous two properties (guard.url and guard.jdbc.url) will be ignored. - If guard is enabled, then the following PDP-X properties must also be set. @@ -63,16 +63,16 @@ For testing these properties before running policy, see Verification below. **pdpx.client.password** - Client password - Verification -^^^^^^^^^^^^ +^^^^^^^^^^^^ It is recommended to test using CLI tools before running since changing bash command parameters are faster than restarting policy. Logs Verification ----------------- -Checking the logs is straight forward. Check the *$POLICY_HOME/logs/error.log* file for the word "*callRESTfulPDP*" for any exceptions thrown. If they are thrown then there was a problem with the connection. -You can also check the *$POLICY_HOME/logs/network.log* file for the word "*Indeterminate*" which implies the connection failed or got a non 200 response code. +Checking the logs is straight forward. Check the **$POLICY_HOME/logs/error.log** file for the word "*callRESTfulPDP*" for any exceptions thrown. If they are thrown then there was a problem with the connection. +You can also check the **$POLICY_HOME/logs/network.log** file for the word "*Indeterminate*" which implies the connection failed or got a non 200 response code. + CLI Verification ---------------- @@ -80,29 +80,29 @@ CLI Verification It can be helpful to test the PDP-X connection using bash commands to make sure that the PDP-X properties are correct and the guard.url property is correct before running policy. **Method 1: httpie - CLI, cURL-like tool for humans** - + Using the http command we can make a request directly to PDP-X from the command line. Use the following form: .. code-block:: bash - + http POST pdp:8081/pdp/api/getDecision Authorization:<yourAuth> ClientAuth:<yourClientAuth> Environment:<environment> Content-Type:application/json < guard_request.json - + | where: | *<yourAuth>* is the string generated from user:pass converted to base64 encoding | (a conversion tool is available at https://www.base64encode.org/) | *<yourClientAuth>* is generated the same way but from the client user and pass. | *<environment>* is the context of the request. For example: TEST | *pdp* is the host of the PDP-X - + The guard_request.json should be in the form of the following: - + .. code-block:: json :caption: guard_request.json - + { "decisionAttributes": { "actor": "APPC", |