Skip to main content
Version: 1.1

ADM integration

ADM is Axiomatics' content management system for authorization domains, which include policies, attributes, and attribute connectors. It stores policies and configurations that Axiomatics Decision Service (ADS) retrieves for policy evaluation. ADS is Axiomatics' Policy Decision Point (PDP) and integrating with ADM allows you to push, pull, run, test, and promote authorization domains.

tip

In ADM, an authorization domain is identified by a namespace and a domain name.

To connect to an ADM domain, add an adm block within the repositories section in your build.gradle file.

build.gradle
alfa {
 namespace 'JanesNamespace'
    repositories {
        adm {
            environment 'Dev'
            host 'https://adm.dev.myorg'
            domainName 'JanesDev'
            envVariable 'LDAP_PIP_URL', 'http://ldap-dev.myorg.com' 
            oidcCredentials {
                client_id 'ads'
                client_secret 'uU12JImeEiA1cfC0q2aNi40DhNkjeK1Ga'
            }
        }
    }
}
PropertyDescription
environmentA string that provides a free-form description of the environment or nature of the domain. Examples include dev, qa, or prod. This string is used to create Gradle tasks related to the ADM domain integration.
hostProtocol and hostname of ADM.
domainNameThe domain name in ADM.
envVariableOptional property. Sets environment variable if you run this domain with ADS from within Axiomatics Policy DevOps. Multiple envVariables properties are possible.
client_idThe client ID to use for OIDC authentication to ADM.
client_secretThe client secret to use for OIDC authentication to ADM.
Important

The ADM namespace is set globally in the alfa{} section and will be the same for all adm repository entries.

If your ADM instance uses basic authentication instead of OpenID Connect (OIDC), replace the oidcCredentials block with a basic credentials block:

basicCredentials {
    username  'user' 
    password  'password' 
}

Adding an ADM repository generates a new Gradle task group with related tasks. The screenshot below shows the result after adding an ADM repository with the environment name "Dev" to build.gradle. The task group axiomatics-adm-dev is created, containing four tasks: pullFromDev, pushToDev, runAdsWithDev, and testDev.

Certificates

Any certificates required for TLS communication with ADM or ADS should be added to the appropriate truststore (for example, the operating system's truststore or Java's truststore). Alternatively, you can specify a custom truststore (JKS or PKCS12 format) using standard Java system properties.

gradle.properties
# Restart Gradle deamon (../gradlew --stop) after changing these lines, otherwise changes may not be loaded
systemProp.javax.net.ssl.trustStore=mycacerts.jks
systemProp.javax.net.ssl.trustStorePassword=changeit
systemProp.javax.net.ssl.trustStoreType=JKS

or

./gradlew -Djavax.net.ssl.truststore=mycacerts.jks
...
Important

You should restart the Gradle daemon using ./gradlew --stop to apply any changes.

Tasks

  • pullFromDev

    Downloads the domain.yaml file from ADM and stores it to build\alfa\axiomatics-adm-dev\domain.yaml.

    pullFromDev output
    > Task :pullFromDev
    Domain https://adm.dev.myorg/adm/api/namespaces/JanesNamespace/names/JanesDev/domain stored to  build\alfa\axiomatics-adm-dev\domain.yaml

  • pushToDev

    Uploads the domain generated by the :buildAuthzDomain task (the local domain located in src/) to ADM.

    Important

    This action pushes the domain as the latest version. Any ADS instances polling this domain will receive the update.

    To avoid pushing the local source domain (for example, in a promote scenario), read the "Copy domains between multiple ADS instances" section below.

    pushToDev output
    > Task :pushToDev
    Source file is build\alfa\domain\ads\domain.yaml
    Domain successfully pushed to https://adm.dev.myorg/adm/api/namespaces/JanesNamespace/names/JanesDev. Server returned new id 087f5c4a-bba2-4cb9-94a3-b9a557d005e0

    To execute tests, invoke them explicitly before pushing. For example: 

    ./gradlew test pushToDev

  • runAdsWithDev

    Starts a local ADS instance with the domain, using a random, unencrypted local HTTP port and basic authentication (username: pdp-user, password: secret).

    note

    You can add environment variables using envVariable 'KEY', 'VALUE' within the adm block.

    runAdsWithDev output
    > Task :spawnAdsWithDev
    Location of domain.yaml is https://adm.dev.myorg/adm/api/namespaces/JanesNamespace/names/JanesDev/domain

    > Task :runAdsWithDev
    ADS is running on port 52870. To see ADS output run gradle with --info. Stop it with Ctrl-C!
    tip

    To start ADS with DEBUG level logging enabled, use the --info switch.

  • testDev

    Runs the system tests on the domain and stores the test report in the build/reports/tests/testDev directory.

    testDev output
    > Task :spawnAdsWithDev
    Location of domain.yaml is https://adm.dev.myorg/adm/api/namespaces/JanesNamespace/names/JanesDev/domain

    > Task :testDev
           ...test results
    note

    Ensure that the mainpolicy is set within the alfa section of your build.gradle file in order to identify system tests.