X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Fdrools%2Fguardpdp.rst;h=0fdb4ab2b2bda7515d9461799e68de1ae143d517;hb=11de40286f2a91edc9755f6ea9e621006452527b;hp=797557fcb04b2d9e4cddae62e50bbb169b1a2482;hpb=e0c35e720daba281e20e3e028f9d65fff3ec3b8b;p=policy%2Fparent.git diff --git a/docs/drools/guardpdp.rst b/docs/drools/guardpdp.rst index 797557fc..0fdb4ab2 100644 --- a/docs/drools/guardpdp.rst +++ b/docs/drools/guardpdp.rst @@ -3,23 +3,23 @@ .. http://creativecommons.org/licenses/by/4.0 ************************ -Using guard in the PDP-D +Using guard in the PDP-D ************************ .. contents:: :depth: 2 -This guide will help configure and test guard connection from PDP-D to PDP-X. This guide assumes that the PDP-D is installed and running policy properly with other properties being set properly. +This guide will help configure and test the guard connection from PDP-D (drools-pdp) to PDP-X (xacml-pdp). This guide assumes that the PDP-D is installed and running policy properly with other properties being set properly. Configuration -^^^^^^^^^^^^^ +^^^^^^^^^^^^^ Prerequisites ------------- Stop Policy, open, and verify the config: -- Stop policy with *policy stop* +- Stop policy with **policy stop** - Open *$POLICY_HOME/config/controlloop.properties.environment* - Make sure the *sql.db.host*, *sql.db.username* and *sql.db.password* are set correctly @@ -39,7 +39,7 @@ Guard Properties **guard.disabled** - For enabling / disabling guard functionality. - For example, to enable set it to false. - - When this is set to true, the previous two properties will be ignored. + - When this is set to true, the previous two properties (guard.url and guard.jdbc.url) will be ignored. - If guard is enabled, then the following PDP-X properties must also be set. @@ -63,16 +63,16 @@ For testing these properties before running policy, see Verification below. **pdpx.client.password** - Client password - Verification -^^^^^^^^^^^^ +^^^^^^^^^^^^ It is recommended to test using CLI tools before running since changing bash command parameters are faster than restarting policy. Logs Verification ----------------- -Checking the logs is straight forward. Check the *$POLICY_HOME/logs/error.log* file for the word "*callRESTfulPDP*" for any exceptions thrown. If they are thrown then there was a problem with the connection. -You can also check the *$POLICY_HOME/logs/network.log* file for the word "*Indeterminate*" which implies the connection failed or got a non 200 response code. +Checking the logs is straight forward. Check the **$POLICY_HOME/logs/error.log** file for the word "*callRESTfulPDP*" for any exceptions thrown. If they are thrown then there was a problem with the connection. +You can also check the **$POLICY_HOME/logs/network.log** file for the word "*Indeterminate*" which implies the connection failed or got a non 200 response code. + CLI Verification ---------------- @@ -80,29 +80,29 @@ CLI Verification It can be helpful to test the PDP-X connection using bash commands to make sure that the PDP-X properties are correct and the guard.url property is correct before running policy. **Method 1: httpie - CLI, cURL-like tool for humans** - + Using the http command we can make a request directly to PDP-X from the command line. Use the following form: .. code-block:: bash - + http POST pdp:8081/pdp/api/getDecision Authorization: ClientAuth: Environment: Content-Type:application/json < guard_request.json - + | where: | ** is the string generated from user:pass converted to base64 encoding | (a conversion tool is available at https://www.base64encode.org/) | ** is generated the same way but from the client user and pass. | ** is the context of the request. For example: TEST | *pdp* is the host of the PDP-X - + The guard_request.json should be in the form of the following: - + .. code-block:: json :caption: guard_request.json - + { "decisionAttributes": { "actor": "APPC",