Skip to content
This repository has been archived by the owner on Dec 5, 2023. It is now read-only.

Platform Resource Management

Alvaro Villanueva edited this page Nov 5, 2021 · 11 revisions

The API will expose an endpoint to interact with the protected resource references. The main endpoints for the resource operations exposed by the API are now secured with OAuth/OIDC, it would accept both OAuth and JWT in order to authorize the user and both are expected on the header. This endpoint will be servicing on an separate port from the Access Management endpoint, so the format to access it is:

<pep_host>:<resources_service_port>/resources

This check will retrieve the UUID for the user and insert it on the data model of the resource storage, so when any call is made against a resource, the API will double check if the UUID of the requester matches the one associated to the resource in order to operate against it.

Management Scripts

Operators and Administrators of PEP Instances can utilize helper tools available in PEP containers since release 0.3. This can be achieved by attaching to the PEP container (or pod if using Kubernetes).

usage: management_tools [-h] [-u USER] [-r RESOURCE] [-a] action

Operational management of resources.

positional arguments:
  action                Operation to perform: list/remove

optional arguments:
  -h, --help            show this help message and exit
  -u USER, --user USER  Filter action by user ID (uuid)
  -r RESOURCE, --resource RESOURCE
                        Filter action by resource ID (uuid)
  -a, --all             Apply action to all resources.

Examples of use are

kubectl exec <pod_name> -c pep-engine -- management_tools list --all
docker exec -it <container_name> management_tools list --all

Demonstration Scripts

Testing and Demo for the validation with OAuth/OIDC:

Execute the test_validation_token.py in um-pep-engine/tests/

API Specification

An OpenAPI 3.0 SwaggerHub doc is available HERE

Clone this wiki locally