You can define one or more policy configuration keys under the options file’s
core
section.
These are arbitrary key/value pairs that are typically used to define environment-specific details such as host names and credentials. After you define a policy configuration key, you can reference it by name in the PingAuthorize Policy Editor Trust Framework. By using a reference, you do not need to hard-code the values in the Trust Framework.
Example
Consider an organization that has two development environments, US-East and US-West. The organization’s policies call out to a PingDirectory Consent API policy information provider (PIP), and the Consent API’s host name differs depending on the development environment being used. If the Consent API host name was hard-coded in the Trust Framework, then a different Trust Framework would need to be used for each development environment. Instead, you can declare the host name as a policy configuration key in the Policy Editor’s configuration.
- Make a copy of the default options
file.
$ cp config/options.yml my-options.yml
- Edit the new options file to define a policy configuration key in the
core
section calledConsentHostname
.core: ConsentHostname: consent-us-east.example.com # Other options omitted for brevity...
- Stop the Policy Editor.
$ bin/stop-server
- Run setup using the
--optionsFile
argument. Customize all other options as appropriate for your needs.$ bin/setup demo \ --adminUsername admin \ --generateSelfSignedCertificate \ --decisionPointSharedSecret pingauthorize \ --hostname <pap-hostname> \ --port <pap-port> \ --adminPort <admin-port> \ --licenseKeyFile <path-to-license> \ --optionsFile my-options.yml
- Start the Policy Editor.
$ bin/start-server
After you define the Consent API service in the Trust Framework, you can refer to the policy configuration key that you defined in the Policy Editor configuration. To do this, you must first create an attribute in the Trust Framework to hold the policy configuration key value. Add an attribute with the following settings.
Property | Value |
---|---|
Name | ConsentHostname |
Resolver Type | Configuration Key |
Resolver Value | ConsentHostname |
Now when you create a service in the Trust Framework, you can refer to this
attribute using the {{AttributeName}}
notation. For example, where
the URL https://consent-us-east.example.com/consent/v1/consents is otherwise used,
you would use the URL https://{{ConsentHostname}}/consent/v1/consents, as shown in
the following image.