Install
Anubis is available as a docker container and as a python package.
Requirements to allow policy enforcement using Anubis (PAP) are:
- envoy proxy acting as PEP
- opa with envoy plugin acting as PDP
- optionally PostgresSQL to store policies
An example docker compose in Anubis code repository that deploy all the dependencies and demonstrates how to protect an Orion Context Broker instance.
To install the python package:
$ pip install anubis-policy-api
This will allow you to reuse Anubis apis also for other projects.
Environment variables
Variale | Description |
---|---|
AUTH_API_URI |
Specifies the URI of the auth management API. |
VALID_ISSUERS |
Specifies the valid issuers of the auth tokens (coming from Keycloak). This can be a list of issuers, separated by ; . |
VALID_AUDIENCE |
The valid aud value for token verification. |
CORS_ALLOWED_ORIGINS |
A ; separated list of the allowed CORS origins (e.g. http://localhost;http://localhost:3000 ). |
CORS_ALLOWED_METHODS |
A ; separated list of the allowed CORS methods (e.g. GET;POST;DELETE ). |
CORS_ALLOWED_HEADERS |
A ; separated list of the allowed CORS headers (e.g. content-type;some-other-header ). |
DEFAULT_POLICIES_CONFIG_FILE |
Specifies the path of the configuration file of the default policies to create upon tenant creation. |
DEFAULT_WAC_CONFIG_FILE |
Specifies the path of the configuration file of the wac serialization. |
KEYCLOACK_ENABLED |
Enable creation of tenant also in Keycloak. |
TENANT_ADMIN_ROLE_ID |
Specifies the path of the configuration file of the wac serialization. |
KEYCLOACK_ADMIN_ENDPOINT |
The endpoint of the admin api of Keycloak. |
DB_TYPE |
The database type to be used by the API. Valid options for now are postgres and sqlite . |
DB_HOST |
The host for the database. |
DB_USER |
The user for the database. |
DB_PASSWORD |
The password of the database user. |
DB_NAME |
The name of the database. |