API Guide - Policy
- Updated on Apr 27, 2022
- List policies
- List policy attachments
- Create a new policy or update an existing policy
- Attach a policy to a service
- Delete a policy
- Delete a policy attachment
List policies
Fetches a list of policies in your Banyan organization.
Review the Policy Spec Syntax for more information on the Policy data structures.
HTTP Request
GET /v1/security_policies
URL Parameters
N/A
Query Parameters
Parameter | Format | Description |
---|---|---|
PolicyID | String | The ID of the Policy to retrieve |
ServiceType | String | The type of the policies to fetch for web or tcp type of service (possible values can be WEB or TCP only) |
Request Headers
Authorization: Bearer $AUTHTOKEN
Request Body
N/A
Status Codes and Errors
Value | Description |
---|---|
200 | OK |
Response Headers
N/A
HTTP Response Body
[
{
"PolicyID": "483b7a2c-28a3-42cc-b7db-9bdc3d296d65",
"PolicyName": "billing-finegrained",
"PolicySpec": "{\n\t\"kind\": \"BanyanPolicy\",\n\t\"apiVersion\": \"v2\",\n\t\"metadata\": {\n\t\t\"name\": \"billing-finegrained\",\n\t\t\"description\": \"Manage L7 access to the Billing microservice\"\n\t},\n\t\"spec\": {\n\t\t\"access\": [\n\t\t\t{\n\t\t\t\t\"roles\": [\n\t\t\t\t\t\"passenger-mgmt-role\"\n\t\t\t\t],\n\t\t\t\t\"rules\": {\n\t\t\t\t\t\"encryption\": true,\n\t\t\t\t\t\"client_auth\": true,\n\t\t\t\t\t\"l7_access\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"/passenger_api\": \"*\"\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"roles\": [\n\t\t\t\t\t\"driver-mgmt-role\"\n\t\t\t\t],\n\t\t\t\t\"rules\": {\n\t\t\t\t\t\"encryption\": true,\n\t\t\t\t\t\"client_auth\": true,\n\t\t\t\t\t\"l7_access\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"/driver_api\": \"READ,WRITE\"\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n}",
"CreatedBy": "tarun+kubedemo@banyanops.com",
"CreatedAt": 1487377669,
"LastUpdatedBy": "tarun+marko@banyanops.com",
"LastUpdatedAt": 1492679254,
"Description": "Manage L7 access to the Billing microservice",
"PolicyVersion": 0,
"DeletedBy": "",
"DeletedAt": ""
},
{
"PolicyID": "4bb8efb0-977c-44fd-8639-bb81a8832b8c",
"PolicyName": "netserver-policy",
"PolicySpec": "{\n\t\"kind\": \"BanyanPolicy\",\n\t\"apiVersion\": \"v2\",\n\t\"metadata\": {\n\t\t\"name\": \"netserver-policy\",\n\t\t\"description\": \"TLS for netserver\"\n\t},\n\t\"spec\": {\n\t\t\"access\": [\n\t\t\t{\n\t\t\t\t\"roles\": [\n\t\t\t\t\t\"netserver-client1\"\n\t\t\t\t],\n\t\t\t\t\"rules\": {\n\t\t\t\t\t\"encryption\": true,\n\t\t\t\t\t\"client_auth\": true\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n}",
"CreatedBy": "tarun+kubedemo@banyanops.com",
"CreatedAt": 1496444224,
"LastUpdatedBy": "tarun+kubedemo@banyanops.com",
"LastUpdatedAt": 1496444224,
"Description": "TLS for netserver",
"PolicyVersion": 1,
"DeletedBy": "",
"DeletedAt": "0"
}
]
List policy attachments
HTTP Request
GET /v1/security_attach_policies
URL Parameters
N/A
Query Parameters
Parameter | Format | Description |
---|---|---|
PolicyID | String | The ID of the Policy |
ServiceID | String | The ID of the Service |
Request Headers
Authorization: Bearer $AUTHTOKEN
Request Body
N/A
Status Codes and Errors
Value | Description |
---|---|
200 | OK |
Response Headers
N/A
HTTP Response Body
[
{
"PolicyID": "483b7a2c-28a3-42cc-b7db-9bdc3d296d65",
"ServiceID": "83ca5439-24ae-11e7-b0b3-000d3a9307c1",
"AttachedBy": "tarun+marko@banyanops.com",
"AttachedAt": 1494578296,
"Enabled": "FALSE",
"DetachedBy": "",
"DetachedAt": ""
},
{
"PolicyID": "483b7a2c-28a3-42cc-b7db-9bdc3d296d65",
"ServiceID": "d7d8feb7-f55c-11e6-b0b3-000d3a9307c1",
"AttachedBy": "tarun+kubedemo@banyanops.com",
"AttachedAt": 1492573606,
"Enabled": "TRUE",
"DetachedBy": "",
"DetachedAt": ""
}
]
Create a new policy or update an existing policy
HTTP Request
POST /v1/insert_security_policy
URL Parameters
N/A
Query Parameters
N/A
Request Headers
Authorization: Bearer $AUTHTOKEN
, ContentType: application/json
Request Body
JSON string with the Policy Spec
Sample JSON body:
{
"kind": "BanyanPolicy",
"apiVersion": "rbac.banyanops.com/v1",
"metadata": {
"name": "webserver-policy",
"description": "Banyan policy for HTTP Web Server",
"tags": {
"template": "CUSTOM"
}
},
"spec": {
"access": [
{
"roles": [
"SuperClientRole"
],
"rules": {
"client_auth": true,
"encryption": true,
"l7_protocol": "http",
"l7_access":[
{
"resources":[
"*"
],
"actions":[
"*"
]
}
]
}
},
{
"roles": [
"NormalClientAttrRole"
],
"rules": {
"client_auth": true,
"encryption": true,
"l7_protocol": "http",
"l7_access":[
{
"resources":[
"/admin/*",
"/salary"
],
"actions":[
"READ"
]
},
{
"resources":[
"/users",
"/departments/qa"
],
"actions":[
"CREATE",
"READ",
"UPDATE",
"DELETE"
]
},
{
"resources":[
"/uploads"
],
"actions":[
"WRITE"
]
}
]
}
}
],
"exception": {
"src_addr": [
"10.20.0.0/16"
],
"forward_to": "127.0.0.1:1234"
}
}
}
Status Codes and Errors
Value | Description |
---|---|
200 | OK |
500 | Internal Server Error |
400 | Bad Request |
Response Headers
N/A
Response Body
If a Policy with the name
doesn’t already exist, a new Policy is created and a PolicyID is returned.
{
"PolicyID": "74300337-2123-490d-890f-29347777124e"
}
If a Policy with the name
does exist, it is updated.
Attach a policy to a service
HTTP Request
POST /v1/insert_security_attach_policy
URL Parameters
N/A
Query Parameters
N/A
Request Headers
Authorization: Bearer $AUTHTOKEN
Request Body
Parameter | Format | Description |
---|---|---|
PolicyID | String | Policy to be attached |
ServiceID | String | Service to attach policy to |
Enabled | String | TRUE=Enforcing, FALSE=Permissive |
Status Codes and Errors
Value | Description |
---|---|
200 | OK |
Response Headers
N/A
HTTP Response Body
N/A
Delete a policy
HTTP Request
DELETE /v1/delete_security_policy
URL Parameters
N/A
Query Parameters
Parameter | Format | Description |
---|---|---|
PolicyID | String | The ID of the Policy to delete |
Request Headers
Authorization: Bearer $AUTHTOKEN
Request Body
N/A
Status Codes and Errors
Value | Description |
---|---|
200 | OK |
Response Headers
N/A
HTTP Response Body
N/A
Delete a policy attachment
HTTP Request
DELETE /v1/delete_security_attach_policy
URL Parameters
N/A
Query Parameters
Parameter | Format | Description |
---|---|---|
PolicyID | String | The ID of the Policy |
ServiceID | String | The ID of the Service |
Request Headers
Authorization: Bearer $AUTHTOKEN
Request Body
N/A
Status Codes and Errors
Value | Description |
---|---|
200 | OK |
Response Headers
N/A
HTTP Response Body
N/A