-
Notifications
You must be signed in to change notification settings - Fork 2
Platform Resource Management
- ⏬ Getting Started
- ⏬ Deploy and Configure the PEP
- ⏬ Chart Configuration
▶️ Platform Resource Management (this page)- ⏬ Integration Guide
- ⏬ Access Enforcement
- ⏬ Swagger API
The API will expose an endpoint to interact with the protected resource references. The main endpoints for the resource operations exposed by the API are now secured with OAuth/OIDC, it would accept both OAuth and JWT in order to authorize the user and both are expected on the header. This endpoint will be servicing on an separate port from the Access Management endpoint, so the format to access it is:
<pep_host>:<resources_service_port>/resources
This check will retrieve the UUID for the user and insert it on the data model of the resource storage, so when any call is made against a resource, the API will double check if the UUID of the requester matches the one associated to the resource in order to operate against it.
Operators and Administrators of PEP Instances can utilize helper tools available in PEP containers since release 0.3. This can be achieved by attaching to the PEP container (or pod if using Kubernetes).
usage: management_tools [-h] [-u USER] [-r RESOURCE] [-a] action
Operational management of resources.
positional arguments:
action Operation to perform: list/remove
optional arguments:
-h, --help show this help message and exit
-u USER, --user USER Filter action by user ID (uuid)
-r RESOURCE, --resource RESOURCE
Filter action by resource ID (uuid)
-a, --all Apply action to all resources.
Examples of use are
kubectl exec <pod_name> -c pep-engine -- management_tools list --all
docker exec -it <container_name> management_tools list --all
Testing and Demo for the validation with OAuth/OIDC:
Execute the test_validation_token.py
in um-pep-engine/tests/
An OpenAPI 3.0 SwaggerHub doc is available HERE