authz/query
The query
API is the most abstract API for interacting with the Authorizer. It allows the caller to
send a general query to the Authorizer, along with an input, and returns the output from the
Authorizer.
URL
POST .../api/v2/authz/query
Input payload
{
"identityContext": {
"identity": "[topaz-user-guid]",
"type": "IDENTITY_TYPE_*"
},
"policyContext": {
"decisions": ["string"],
"path": "string"
},
"resourceContext": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"input": "string",
"query": "string",
"options": {
"instrument": true,
"metrics": true,
"trace": "TRACE_LEVEL_*",
"traceSummary": true
}
}
The identityContext
map is documented here.
The policyContext
map is documented here.
The resourceContext
map is documented here.
The input
parameter is a string that encodes a JSON document, and is mapped into the input
in the context of
evaluating the policy.
The query
parameter is a rego query that is evaluated over the policy.
The options
map allows the caller to instrument the query, retrieve metrics, set a trace level, and
get a trace summary.
Trace levels
The trace levels can be one of the following values:
- TRACE_LEVEL_OFF
- TRACE_LEVEL_FULL
- TRACE_LEVEL_NOTES
- TRACE_LEVEL_FAIL