API Guide - Policy

List policies

Fetches a list of policies in your Banyan organization.

Review the Policy Spec Syntax for more information on the Policy data structures.

HTTP Request

GET /security_policies

URL Parameters

N/A

Query Parameters

Parameter Format Description
PolicyID String The ID of the Policy to retrieve
ServiceType String The type of the policies to fetch for web or tcp type of service (possible values can be WEB or TCP only)

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value Description
200 OK

Response Headers

N/A

HTTP Response Body

[
  {
    "PolicyID": "483b7a2c-28a3-42cc-b7db-9bdc3d296d65",
    "PolicyName": "billing-finegrained",
    "PolicySpec": "{\n\t\"kind\": \"BanyanPolicy\",\n\t\"apiVersion\": \"v2\",\n\t\"metadata\": {\n\t\t\"name\": \"billing-finegrained\",\n\t\t\"description\": \"Manage L7 access to the Billing microservice\"\n\t},\n\t\"spec\": {\n\t\t\"access\": [\n\t\t\t{\n\t\t\t\t\"roles\": [\n\t\t\t\t\t\"passenger-mgmt-role\"\n\t\t\t\t],\n\t\t\t\t\"rules\": {\n\t\t\t\t\t\"encryption\": true,\n\t\t\t\t\t\"client_auth\": true,\n\t\t\t\t\t\"l7_access\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"/passenger_api\": \"*\"\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"roles\": [\n\t\t\t\t\t\"driver-mgmt-role\"\n\t\t\t\t],\n\t\t\t\t\"rules\": {\n\t\t\t\t\t\"encryption\": true,\n\t\t\t\t\t\"client_auth\": true,\n\t\t\t\t\t\"l7_access\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"/driver_api\": \"READ,WRITE\"\n\t\t\t\t\t\t}\n\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n}",
    "CreatedBy": "tarun+kubedemo@banyanops.com",
    "CreatedAt": 1487377669,
    "LastUpdatedBy": "tarun+marko@banyanops.com",
    "LastUpdatedAt": 1492679254,
    "Description": "Manage L7 access to the Billing microservice",
    "PolicyVersion": 0,
    "DeletedBy": "",
    "DeletedAt": ""
  },
  {
    "PolicyID": "4bb8efb0-977c-44fd-8639-bb81a8832b8c",
    "PolicyName": "netserver-policy",
    "PolicySpec": "{\n\t\"kind\": \"BanyanPolicy\",\n\t\"apiVersion\": \"v2\",\n\t\"metadata\": {\n\t\t\"name\": \"netserver-policy\",\n\t\t\"description\": \"TLS for netserver\"\n\t},\n\t\"spec\": {\n\t\t\"access\": [\n\t\t\t{\n\t\t\t\t\"roles\": [\n\t\t\t\t\t\"netserver-client1\"\n\t\t\t\t],\n\t\t\t\t\"rules\": {\n\t\t\t\t\t\"encryption\": true,\n\t\t\t\t\t\"client_auth\": true\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n}",
    "CreatedBy": "tarun+kubedemo@banyanops.com",
    "CreatedAt": 1496444224,
    "LastUpdatedBy": "tarun+kubedemo@banyanops.com",
    "LastUpdatedAt": 1496444224,
    "Description": "TLS for netserver",
    "PolicyVersion": 1,
    "DeletedBy": "",
    "DeletedAt": "0"
  }
]

List policy attachments

HTTP Request

GET /security_attach_policies

URL Parameters

N/A

Query Parameters

Parameter Format Description
PolicyID String The ID of the Policy
ServiceID String The ID of the Service

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value Description
200 OK

Response Headers

N/A

HTTP Response Body

[
  {
    "PolicyID": "483b7a2c-28a3-42cc-b7db-9bdc3d296d65",
    "ServiceID": "83ca5439-24ae-11e7-b0b3-000d3a9307c1",
    "AttachedBy": "tarun+marko@banyanops.com",
    "AttachedAt": 1494578296,
    "Enabled": "FALSE",
    "DetachedBy": "",
    "DetachedAt": ""
  },
  {
    "PolicyID": "483b7a2c-28a3-42cc-b7db-9bdc3d296d65",
    "ServiceID": "d7d8feb7-f55c-11e6-b0b3-000d3a9307c1",
    "AttachedBy": "tarun+kubedemo@banyanops.com",
    "AttachedAt": 1492573606,
    "Enabled": "TRUE",
    "DetachedBy": "",
    "DetachedAt": ""
  }
]


Create a new policy or update an existing policy

HTTP Request

POST /insert_security_policy

URL Parameters

N/A

Query Parameters

N/A

Request Headers

Authorization: Bearer $AUTHTOKEN, ContentType: application/json

Request Body

JSON string with the Policy Spec

Sample JSON body:

{
   "kind": "BanyanPolicy",
   "apiVersion": "rbac.banyanops.com/v1",
   "metadata": {
      "name": "webserver-policy",
      "description": "Banyan policy for HTTP Web Server",
      "tags": {
        "template": "CUSTOM"
      }
   },
   "spec": {
      "access": [
         {
            "roles": [
               "SuperClientRole"
            ],
            "rules": {
               "client_auth": true,
               "encryption": true,
               "l7_protocol": "http",
               "l7_access":[
                  {
                     "resources":[
                        "*"
                     ],
                     "actions":[
                        "*"
                     ]
                  }
               ]
            }
         },
         {
            "roles": [
               "NormalClientAttrRole"
            ],
            "rules": {
               "client_auth": true,
               "encryption": true,
               "l7_protocol": "http",
               "l7_access":[
                  {
                     "resources":[
                        "/admin/*",
                        "/salary"
                     ],
                     "actions":[
                        "READ"
                     ]
                  },
                  {
                     "resources":[
                        "/users",
                        "/departments/qa"
                     ],
                     "actions":[
                        "CREATE",
                        "READ",
                        "UPDATE",
                        "DELETE"
                     ]
                  },
                  {
                     "resources":[
                        "/uploads"
                     ],
                     "actions":[
                        "WRITE"
                     ]
                  }
               ]
            }
         }
      ],
      "exception": {
         "src_addr": [
            "10.20.0.0/16"
         ],
         "forward_to": "127.0.0.1:1234"
      }
   }
}

Status Codes and Errors

Value Description
200 OK
500 Internal Server Error
400 Bad Request

Response Headers

N/A

Response Body

If a Policy with the name doesn’t already exist, a new Policy is created and a PolicyID is returned.

{
  "PolicyID": "74300337-2123-490d-890f-29347777124e"
}

If a Policy with the name does exist, it is updated.


Attach a policy to a service

HTTP Request

POST /insert_security_attach_policy

URL Parameters

N/A

Query Parameters

N/A

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

Parameter Format Description
PolicyID String Policy to be attached
ServiceID String Service to attach policy to
Enabled String TRUE=Enforcing, FALSE=Permissive

Status Codes and Errors

Value Description
200 OK

Response Headers

N/A

HTTP Response Body

N/A


Delete a policy

HTTP Request

DELETE /delete_security_policy

URL Parameters

N/A

Query Parameters

Parameter Format Description
PolicyID String The ID of the Policy to delete

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value Description
200 OK

Response Headers

N/A

HTTP Response Body

N/A


Delete a policy attachment

HTTP Request

DELETE /delete_security_attach_policy

URL Parameters

N/A

Query Parameters

Parameter Format Description
PolicyID String The ID of the Policy
ServiceID String The ID of the Service

Request Headers

Authorization: Bearer $AUTHTOKEN

Request Body

N/A

Status Codes and Errors

Value Description
200 OK

Response Headers

N/A

HTTP Response Body

N/A


Last modified: Jul 08, 2021