Skip to main content

Create the Entitlements Policy
ENTERPRISE

To connect your Entitlements to <das-id>.styra.com, you must create a new Entitlements System.

Add a System

To add a system:

  1. In the Styra DAS UI, navigate to Your Workspace >> SYSTEMS and click the ( ⨁ ) plus icon above the systems list in your DAS instance.

    Figure 1 - Create a New System

  2. Select a System type from the list of available types. In this case, select Entitlements.

  3. Type a human-friendly System name (required) that helps you identify the target for a set of policies. For example, if the System type is Entitlements, then you should provide a name that helps you recognize which Entitlements system you are managing.

  4. Type an optional Description to provide additional details.

  5. If you want to configure the systems through the Quick Start, then enable the Launch Quick Start (switch on) and return to this tutorial once you have completed the Quick Start.

  6. Click Add system.

    Figure 2 - Add Entitlements System

Install the Styra DAS Docker Containers

After creating a new Entitlements system, the DAS UI displays the Install page. You can also find the installation instructions under Your System >> Settings >> Install page. This page gives you the instructions to download the requirements and start enforcing policies in your laptop (or your CICD pipeline).

To install the Styra DAS Docker Containers:

  1. On the Install page, select Entitlements Playground.

  2. Run the installation commands one after the other in your terminal to install the Styra DAS Docker containers.

    Figure 3 - Install the Styra DAS Docker containers

  3. When you run the installation commands, verify the expected output on your terminal as shown in Figure 4.

    Figure 4 - Expected Output

    tip

    Keep the terminal window open and return to your web browser. For the rest of the tutorial, use your web browser more often than your terminal window.

Add Rules

You can add rules using the Entitlements Playground or through the Styra DAS UI.

Use the Entitlements Playground

To add a rule using the Entitlements Playground:

important

Navigate to Your System >> Policy >> rules.rego to see a blank screen as shown in Figure 5. If you have already added some rules here (during the Quick Start), then you must delete those rules.

Figure 5 - A Blank Screen

In your web browser, open a new tab and enter the local host URL to see the Entitlements playground, as shown in Figure 6.

Figure 6 - Entitlements Playground

note

This web application is running inside the Docker container that you launched earlier, and allows you to experiment with policies as you create them.

Now, enter a simple request using the format displayed in Figure 7.

  • Action: Enter GET.

  • Resource: Enter /cars.

  • Click the Submit button.

Figure 7 - Request Entry Form

Figure 7 shows Allowed: false which is not the desired behavior. The expected result is to have all cars listed and accessible to every user.

Use the GUI

To add a rule using the Styra DAS UI:

Now, return to the Styra DAS UI and use the following instructions to create a policy that will allow all requests.

  1. Click on the Add rule button.

    Figure 8 - Add Rules

  2. Search and click on the Generic Allow/Deny Rule.

  3. Click on the Enforce button at the top of the rule card to enable it.

  4. Click on the Publish button to publish your changes.

    Figure 9 - Search and Publish a Rule

View Results in Entitlements Playground

After you publish a rule, do the following to view your results in the Entitlement Playground.

  1. Navigate to your Entitlements Playground tab and wait for it to receive the bundle update. The Last Bundle Update section displays when the last bundle update was received. The bundle update is displayed within 60-90 seconds of clicking the Publish button.

  2. Click on the Submit button again to see your results as shown in Figure 10.

    Figure 10 - View Results

Now, you can see the following results on your Entitlements Playground:

  • The request is displayed as allowed (Allowed:true) rather than denied.

  • The enforced field in the result now contains an object with allowed set to true and the message Request was matched object was generated by the Generic Allow/Deny Rule.

Add a Rule for a Specific Request

The above rule allows any request. You can add a rule for a specific request using the following instructions.

To add a rule that accesses only /cars:

  1. Navigate to the Styra DAS UI.

  2. Select the filter icon located in the top-right of the card as shown in Figure 11.

    Figure 11 - Select the Filter

  3. Switch ON the Actions and Resources toggles.

    Figure 12 - Enable the Actions and Resources

  4. Fill in the following fields:

    • actions: Enter GET.

    • resources: Enter /cars.

<div id="s3a-figure">
<img src="/img/set-the-filters.png"/>
<span id="s3a-figure-caption">Figure 13 - Set the Filters</span>
</div>
<br/>
  1. Click on the Publish button to publish your changes.

  2. Return to the Entitlements playground and click on the Submit button again. The request should still be allowed.

  3. Now, change the entries in the following fields and press Submit again. This request should be denied.

    • Actions: Enter POST.

    • Resources: Enter /cars.