Policies UI backend

This backend is to serve (data to) the UI for Policies

For some functionality it relies on the Engine part.

Get started

To get started (locally) you can run Docker-Compose, which starts Postgres and a local Kafka instance for use with the Engine.

cd helpers
docker-compose up

The UI backend is written in Java and can be compiled via

./mvnw package

Which also runs some Rest-API tests (under the hood it starts a postgres instance in a container).

When developing you can use Quarkus hot-reload

./mvnw compile quarkus:dev

Talking to the endpoint

Note	The backend requires a valid x-rh-identity to be supplied on calls. For testing purposes you can take the one that is stored in link:src/test/resources/rhid.txt It has accountId = '1234' set.

List existing policies

curl  -Hx-rh-identity:`cat src/test/resources/rhid.txt` http://localhost:8080/api/policies/v1.0/policies

By default this uses paging with a page-size of 10. Default sorting is by mtime (last updated, descending). You can select different pages, page sizes and sorting with the following query parameters:

Parameter	Default	Comment
page	0	Page numbers start at 0
pageSize	10
sortColumn	mtime	Sort can happen by column names ("name", "description", "is_enabled", "mtime")
sortDirection	desc	Allowed values : asc, desc

Example:

curl  -Hx-rh-identity:`cat src/test/resources/rhid.txt` http://localhost:8080/api/policies/v1.0/policies?page=5

A header TotalCount returns the total number of policies.

List fact keys (for the UI)

curl  -Hx-rh-identity:`cat src/test/resources/rhid.txt` http://localhost:8080/api/policies/v1.0/facts

Testing

To run unit and integration tests use:

./mvnw test

Testing with Podman

The project uses testcontainers utility to provide supporting services, such as database.

To use testcontainers with Podman, first enable podman’s socket:

systemctl --user enable --now podman.socket

and (on some systems) set:

export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/podman/podman.sock

It is recommended to turn off RYUK container, as it is not supported by Podman:

export TESTCONTAINERS_RYUK_DISABLED=true

See also https://java.testcontainers.org/supported_docker_environment/#podman.

Validating (and storing) a policy

A POST to the /policies endpoint validates and potentially stores a passed policy.

 curl -i -HContent-Type:application/json  \
         -Hx-rh-identity:`cat src/test/resources/rhid.txt` -XPOST \
         -d @src/test/resources/example-policy.json \
          http://localhost:8080/api/policies/v1.0/policies

This sends the policy from the file 'example-policy.json' to the server for validation. By default this does not store the policy.

To also store the policy, one needs to pass ?alsoStore=true as query parameter in the url.

NOTE

Validation of a policy requires the engine to be up and reachable.

OpenAPI Endpoint / Swagger-UI

OpenAPI spec of the API is available under http://localhost:8080/api/policies/v1.0/openapi.json

When the server is running in dev mode, there is also the Swagger-UI available under http://localhost:8080/swagger-ui/