Full Script Examples onhttps://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/workflow_examples/automation_script/Recent content in Full Script Examples onHugoenFull Script to Protect CCN using Policy Management REST APIshttps://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/workflow_examples/automation_script/ccn_automation_script/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/workflow_examples/automation_script/ccn_automation_script/<p>The following code snippet contains the contents of the <code>deploy-ccn-policy.sh</code> shell script. This script enables the creation and deployment of a policy to protect CCN data using the Policy Management REST APIs.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#!/usr/bin/env bash </span></span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"></span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Script Name : ccn_policy.sh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Description : End-to-end automation script for creating and deploying a</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Credit Card Number (CCN) protection policy using the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Protegrity Policy Information Management (PIM) REST API.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># IMPORTANT NOTES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 1. WORKBENCH REQUIREMENT:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The Policy Management REST APIs will work only after you have installed</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the Protegrity Workbench. Attempting to use these APIs before the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Workbench is installed will result in errors.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 2. USER PERMISSIONS:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The user account used to authenticate against these APIs must have the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># appropriate Protegrity role assigned:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Security Officer : Required for write access (create, update, delete)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Security Viewer : Required for read-only access (get, list)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># For more information about the roles and permissions required, refer to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the section &#34;Managing Roles&#34; in the Protegrity documentation.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 3. API VERSION:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The Policy Management API uses version v2.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># All endpoints in this script are prefixed with /pty/v2/pim/</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Requests to older API versions will not be supported.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># PREREQUISITES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Protegrity Workbench must be installed and running</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - kubectl configured and connected to your Kubernetes cluster</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - curl installed on the machine running this script</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Access to the Protegrity API Gateway</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - A user account with Security Officer permissions</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># USAGE</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># chmod +x deploy-ccn-policy.sh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ./deploy-ccn-policy.sh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># WORKFLOW</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 1 - Initialize Policy Management</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 2 - Prepare Data Element (CCN Token)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 2.1 - Create Mask (subsection of Prepare Data Element)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 3 - Create Member Source</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 3.1 - Test Member Source Connectivity</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 4 - Create Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 5 - Assign Member Source to Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 5.1 - Sync Role Membership</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 6 - Create Policy Shell</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 7 - Define Policy Rule (bind Role + Data Element + Permissions)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 8 - Create Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 9 - Deploy Policy to Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 10 - Confirm Deployment</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECURITY NOTES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - If any API call returns HTTP 401 (Unauthorized), the script will</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># automatically attempt to re-generate the JWT token and retry the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># request once before failing.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - If any API call indicates that a resource already exists, the script</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># will exit immediately with an error. Delete the conflicting resource</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># first, or update the name variables in SECTION 1 before re-running.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># EXIT CODES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 0 - Success</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 1 - Script error (set -e will trigger on any failed command)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#204a87">set</span> -euo pipefail </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 1: USER-CONFIGURABLE VARIABLES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Modify the variables below to match your environment before running</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># this script. All other values are derived automatically.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: The user specified by ADMIN_USER must have the Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># permission to perform write operations via the Policy Management API.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># For read-only operations, the Security Viewer permission is sufficient.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># For more information, refer to the &#34;Managing Roles&#34; section in the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Protegrity documentation.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Protegrity Admin Credentials ---</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># WARNING: For production use, consider sourcing these values from a secrets</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># manager (e.g., HashiCorp Vault, Kubernetes Secrets, AWS SSM).</span> </span></span><span style="display:flex;"><span><span style="color:#000">ADMIN_USER</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;workbench&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ADMIN_PASS</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Admin123!&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Data Element ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;de_ccn_token&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Tokenize credit card numbers, keeping last 4 chars in clear&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_TOKENIZER</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;SLT_1_6&#34;</span> <span style="color:#8f5902;font-style:italic"># Options: SLT_1_3 | SLT_2_3 | SLT_1_6 | SLT_2_6</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_FROM_LEFT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#8f5902;font-style:italic"># Number of digits to keep in clear from the left</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_FROM_RIGHT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">4</span> <span style="color:#8f5902;font-style:italic"># Number of digits to keep in clear from the right</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Mask (subsection of Prepare Data Element) ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">MASK_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;clear_mask&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">MASK_FROM_LEFT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#8f5902;font-style:italic"># Number of characters to keep in clear from the left</span> </span></span><span style="display:flex;"><span><span style="color:#000">MASK_FROM_RIGHT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">4</span> <span style="color:#8f5902;font-style:italic"># Number of characters to keep in clear from the right</span> </span></span><span style="display:flex;"><span><span style="color:#000">MASK_CHARACTER</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;*&#34;</span> <span style="color:#8f5902;font-style:italic"># Character used to mask hidden digits</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Role ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;role_protect_ccn&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;This role has access to protect CCN data&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_MODE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;MANUAL&#34;</span> <span style="color:#8f5902;font-style:italic"># Options: MANUAL | SEMIAUTOMATIC | AUTOMATIC</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Member Source ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;test-file&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_USER_FILE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;exampleusers.txt&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_GROUP_FILE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;examplegroups.txt&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Role Member ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">MEMBER_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;exampleuser1&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">MEMBER_TYPE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;USER&#34;</span> <span style="color:#8f5902;font-style:italic"># Options: USER | GROUP</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Policy ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;ccn-policy&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Protect CCN with tokenization&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Policy Rule Permissions ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_PROTECT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">true</span> <span style="color:#8f5902;font-style:italic"># Allow protect operation</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_REPROTECT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">false</span> <span style="color:#8f5902;font-style:italic"># Allow re-protect operation</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_UNPROTECT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">true</span> <span style="color:#8f5902;font-style:italic"># Allow unprotect operation</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_NO_ACCESS_OP</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;NULL_VALUE&#34;</span> <span style="color:#8f5902;font-style:italic"># Behavior for no-access: NULL_VALUE | EXCEPTION</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Datastore ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;ds_protect_ccn&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Datastore to demonstrate CCN protection&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_DEFAULT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">true</span> <span style="color:#8f5902;font-style:italic"># Set as the default datastore: true | false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Token Retry Settings ---</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># On receiving HTTP 401 Unauthorized, the script will refresh the JWT token</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># and retry the failed request. MAX_TOKEN_RETRIES controls how many refresh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># attempts are made before the script aborts.</span> </span></span><span style="display:flex;"><span><span style="color:#000">MAX_TOKEN_RETRIES</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#8f5902;font-style:italic"># Number of times to retry generating a token on 401</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 2: HELPER FUNCTIONS</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Internal utility functions used throughout the script.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Do not modify unless necessary.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prints a formatted primary section header to stdout</span> </span></span><span style="display:flex;"><span>log<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n%s\n&#34;</span> <span style="color:#4e9a06">&#34;━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34; %s\n&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$*</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%s\n&#34;</span> <span style="color:#4e9a06">&#34;━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prints a formatted subsection header to stdout (indented, lighter style)</span> </span></span><span style="display:flex;"><span>log_sub<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n%s\n&#34;</span> <span style="color:#4e9a06">&#34; ┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34; %s\n&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$*</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%s\n&#34;</span> <span style="color:#4e9a06">&#34; ┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prints an error message to stderr and exits with code 1</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: die &lt;message&gt;</span> </span></span><span style="display:flex;"><span>die<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n [ERROR] %s\n&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$*</span><span style="color:#4e9a06">&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">exit</span> <span style="color:#0000cf;font-weight:bold">1</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Attempts to extract a UID from a JSON API response.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Handles both string UIDs (&#34;uid&#34;:&#34;1&#34;) and integer UIDs (&#34;uid&#34;:1).</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Exits with an error if extraction fails — never prompts interactively.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: extract_uid &lt;json_response&gt; &lt;resource_label&gt;</span> </span></span><span style="display:flex;"><span>extract_uid<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> <span style="color:#000">response</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;</span><span style="color:#000">$1</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> <span style="color:#000">label</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;</span><span style="color:#000">$2</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> uid </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Match string-quoted UIDs: &#34;uid&#34;:&#34;&lt;value&gt;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#000">uid</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response</span><span style="color:#4e9a06">&#34;</span> <span style="color:#000;font-weight:bold">|</span> grep -o <span style="color:#4e9a06">&#39;&#34;uid&#34;:&#34;[^&#34;]*&#34;&#39;</span> <span style="color:#000;font-weight:bold">|</span> head -1 <span style="color:#000;font-weight:bold">|</span> sed <span style="color:#4e9a06">&#39;s/&#34;uid&#34;:&#34;//;s/&#34;//&#39;</span> <span style="color:#ce5c00;font-weight:bold">||</span> <span style="color:#204a87">true</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Fallback: match integer UIDs: &#34;uid&#34;:&lt;number&gt;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">uid</span><span style="color:#204a87;font-weight:bold">:-</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#000">uid</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response</span><span style="color:#4e9a06">&#34;</span> <span style="color:#000;font-weight:bold">|</span> grep -o <span style="color:#4e9a06">&#39;&#34;uid&#34;:[0-9]*&#39;</span> <span style="color:#000;font-weight:bold">|</span> head -1 <span style="color:#000;font-weight:bold">|</span> grep -o <span style="color:#4e9a06">&#39;[0-9]*&#39;</span> <span style="color:#ce5c00;font-weight:bold">||</span> <span style="color:#204a87">true</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">uid</span><span style="color:#204a87;font-weight:bold">:-</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Failed to extract UID for &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">label</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39;. API response was: </span><span style="color:#4e9a06">${</span><span style="color:#000">response</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$uid</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Generates a new JWT authentication token using the configured admin</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># credentials (ADMIN_USER / ADMIN_PASS). Stores the result in the global</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># TOKEN variable.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: The user must have the Security Officer permission for write access</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># or the Security Viewer permission for read-only access to the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Policy Management API (v2). For more information, refer to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the &#34;Managing Roles&#34; section in the Protegrity documentation.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: generate_token</span> </span></span><span style="display:flex;"><span>generate_token<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Generating JWT authentication token...&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#000">TOKEN</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>curl -k -s <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/api/v1/auth/login/token&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#39;Content-Type: application/x-www-form-urlencoded&#39;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#34;loginname=</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#34;password=</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_PASS</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -D - -o /dev/null 2&gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#000;font-weight:bold">|</span> grep -i <span style="color:#4e9a06">&#39;pty_access_jwt_token:&#39;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#000;font-weight:bold">|</span> sed <span style="color:#4e9a06">&#39;s/pty_access_jwt_token: //&#39;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#000;font-weight:bold">|</span> tr -d <span style="color:#4e9a06">&#39;\r&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">TOKEN</span><span style="color:#204a87;font-weight:bold">:-</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Failed to retrieve JWT token. Please verify the following: </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The Protegrity Workbench is installed and running. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The API Gateway host (</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">) is reachable. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The credentials for user &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; are correct. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The user &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; has the Security Officer or Security Viewer </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> permission assigned. Refer to &#39;Managing Roles&#39; in the Protegrity </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> documentation for more information.&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Token acquired successfully.&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Executes a curl API call and automatically retries with a refreshed JWT</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># token if a 401 Unauthorized response is received.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># All Policy Management API calls in this script target the v2 API version:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># https://&lt;gateway&gt;/pty/v2/pim/...</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># On HTTP 401, the token is refreshed (up to MAX_TOKEN_RETRIES times) and</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the request is retried. This can occur when a token expires mid-run.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># On any other non-2xx response, a warning is logged but execution continues.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: api_call &lt;curl_args...&gt;</span> </span></span><span style="display:flex;"><span>api_call<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> <span style="color:#000">retries</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> http_status </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> response_body </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> tmp_file </span></span><span style="display:flex;"><span> <span style="color:#000">tmp_file</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>mktemp<span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">while</span> true<span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">do</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Execute the curl call, capturing body and HTTP status separately</span> </span></span><span style="display:flex;"><span> <span style="color:#000">http_status</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>curl -k -s -o <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> -w <span style="color:#4e9a06">&#34;%{http_code}&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Authorization: Bearer </span><span style="color:#4e9a06">${</span><span style="color:#000">TOKEN</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$@</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> <span style="color:#000">response_body</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>cat <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Handle 401 Unauthorized:</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># This typically means the JWT token has expired or is invalid.</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># The script will attempt to refresh the token and retry the request.</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Ensure the user has the correct permissions (Security Officer / Viewer).</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Refer to &#34;Managing Roles&#34; in the Protegrity documentation.</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$http_status</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">==</span> <span style="color:#4e9a06">&#34;401&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$retries</span><span style="color:#4e9a06">&#34;</span> -lt <span style="color:#4e9a06">&#34;</span><span style="color:#000">$MAX_TOKEN_RETRIES</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; [Warning] Received HTTP 401 Unauthorized.&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Refreshing JWT token and retrying (attempt </span><span style="color:#204a87;font-weight:bold">$((</span>retries <span style="color:#ce5c00;font-weight:bold">+</span> <span style="color:#0000cf;font-weight:bold">1</span><span style="color:#204a87;font-weight:bold">))</span><span style="color:#4e9a06"> of </span><span style="color:#4e9a06">${</span><span style="color:#000">MAX_TOKEN_RETRIES</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">)...&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> generate_token </span></span><span style="display:flex;"><span> <span style="color:#000">retries</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$((</span>retries <span style="color:#ce5c00;font-weight:bold">+</span> <span style="color:#0000cf;font-weight:bold">1</span><span style="color:#204a87;font-weight:bold">))</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">continue</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> rm -f <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Received HTTP 401 Unauthorized after </span><span style="color:#4e9a06">${</span><span style="color:#000">MAX_TOKEN_RETRIES</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06"> token refresh attempt(s). </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Please verify that user &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; has the required permissions: </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - Security Officer : for write access </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - Security Viewer : for read-only access </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Refer to &#39;Managing Roles&#39; in the Protegrity documentation.&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Fail on &#34;already exists&#34; (HTTP 400/409) — resource must be removed first</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response_body</span><span style="color:#4e9a06">&#34;</span> <span style="color:#000;font-weight:bold">|</span> grep -qi <span style="color:#4e9a06">&#34;already exist&#34;</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> rm -f <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Resource already exists (HTTP </span><span style="color:#4e9a06">${</span><span style="color:#000">http_status</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">). The script cannot continue. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Response : </span><span style="color:#4e9a06">${</span><span style="color:#000">response_body</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06"> </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Action : Delete or rename the existing resource before re-running, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> or update the name variables at the top of this script.&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Log other non-2xx responses (excluding 401 already handled above)</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$http_status</span><span style="color:#4e9a06">&#34;</span> !<span style="color:#ce5c00;font-weight:bold">=</span> 2* <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; [Warning] Received HTTP </span><span style="color:#4e9a06">${</span><span style="color:#000">http_status</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">. Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">response_body</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> rm -f <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response_body</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">break</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">done</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 3: ENVIRONMENT SETUP</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Retrieves the API Gateway host address and generates a JWT authentication</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># token required for all subsequent API calls.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: The Policy Management REST APIs will work only after the Protegrity</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Workbench has been installed. All API calls target version v2:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># https://&lt;gateway&gt;/pty/v2/pim/</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Environment Setup: Retrieving API Gateway Host&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">export</span> GW_HOST </span></span><span style="display:flex;"><span><span style="color:#000">GW_HOST</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">$(</span>kubectl get gateway pty-main -n api-gateway <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -o <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#39;{.status.addresses[0].value}&#39;</span><span style="color:#204a87;font-weight:bold">)</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; API Gateway Host : </span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; API Version : v2 (/pty/v2/pim/)&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Environment Setup: Generating JWT Authentication Token&#34;</span> </span></span><span style="display:flex;"><span>generate_token </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 4: WORKFLOW EXECUTION</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ──────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Executes each step of the CCN policy creation workflow in sequence.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># UIDs returned by each step are captured and reused in subsequent steps.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: All write operations (POST) require the Security Officer permission.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The read operation in Step 12 (GET) requires at minimum the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Security Viewer permission.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 1: Initialize Policy Management</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Initializes the PIM system. This step only needs to be performed once</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># per environment setup.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Requirement : Protegrity Workbench must be installed before running this step.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/init</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 1: Initialize Policy Management&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">INIT_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/init&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">INIT_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK (empty response — PIM already initialized or no content returned)&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">INIT_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 2: Prepare Data Element</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prepares the CCN Data Element that defines what data is protected and how</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># it is tokenized. The tokenizer (SLT_1_6) and clear-text settings determine</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># how many digits remain visible after tokenization.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># This step also includes the creation of a Mask (Step 2.1) as a subsection,</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># since the mask is directly associated with how the data element&#39;s unprotected</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># value is presented to consumers.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/dataelements</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 2: Prepare Data Element — </span><span style="color:#4e9a06">${</span><span style="color:#000">DE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/dataelements&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;creditCardToken&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;tokenizer&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_TOKENIZER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;fromLeft&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_FROM_LEFT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;fromRight&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_FROM_RIGHT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;valueIdentification&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;invalidCardType&#34;: false, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;invalidLuhnDigit&#34;: true, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;alphabeticIndicator&#34;: false, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;alphabeticIndicatorPosition&#34;: 1 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">DE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DE_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DE_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Data Element UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">DE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 2.1: Create Mask</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Subsection of: Prepare Data Element</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates a mask that controls how data is displayed when unprotected.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The mask is optionally applied to an unprotect operation to display only</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># certain characters to the consumer of the data. Hidden characters are</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># replaced with the specified mask character, while the defined number of</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># characters on each side remain visible in the clear.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/masks</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log_sub <span style="color:#4e9a06">&#34;Step 2.1: Create Mask — </span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06"> (Subsection of: Prepare Data Element)&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">MASK_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/masks&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;masked&#34;: true, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;fromLeft&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_FROM_LEFT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;fromRight&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_FROM_RIGHT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;character&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_CHARACTER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">MASK_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$MASK_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$MASK_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Mask UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 3: Create Member Source</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates a Member Source that defines where user and group identities are</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># sourced from (in this example, a flat file). Member Sources are used to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># populate roles with real enterprise identities.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/sources</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 4: Create Member Source — </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/sources&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;type&#34;: &#34;FILE&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;connection&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;userFile&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_USER_FILE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;groupFile&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_GROUP_FILE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$SOURCE_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$SOURCE_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Source UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 3.1: Test Member Source Connectivity</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Validates that the Member Source is reachable and correctly configured.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># All connectivity checks (connection, authentication, groups, users) must</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># pass before proceeding.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/sources/{id}/test</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 3.1: Test Member Source Connectivity — UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/sources/</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/test&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 4: Create Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates a role that represents who is allowed to perform operations on</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the protected data. Permissions are granted to roles, which are then</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># mapped to users and groups via Member Sources.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/roles</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 4: Create Role — </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/roles&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;mode&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_MODE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;allowAll&#34;: false </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$ROLE_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$ROLE_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Role UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 5: Assign Member Source to Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Binds a specific user or group from the Member Source to the Role.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># This establishes the identity-to-role mapping that makes the policy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># enforceable for real users.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/roles/{id}/members</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 5: Assign Member &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">MEMBER_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; to Role — UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/roles/</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/members&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;[ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MEMBER_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;source&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;type&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MEMBER_TYPE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> ]&#39;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 5.1: Sync Role Membership</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Synchronizes the role membership from the Member Source. This pulls the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># current list of users and groups into the role so that access controls</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># reflect the latest state of the identity source.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/roles/{id}/sync</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 5.1: Sync Role Membership — Role UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SYNC_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/roles/</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/sync&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SYNC_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">SYNC_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 6: Create Policy Shell</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates the policy container that will hold the access rules. The policy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># is the deployable object that ties together Data Elements, Roles, and Rules.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/policies</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 6: Create Policy Shell — </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/policies&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;template&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;access&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;protect&#34;: false, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;reProtect&#34;: false, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;unProtect&#34;: false </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$POLICY_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$POLICY_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Policy UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 7: Define Policy Rule</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates the rule that binds a Role (who), a Data Element (what), a Mask</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># (how unprotected data is displayed), and the permitted operations</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># (protect / reProtect / unProtect) into the policy.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Without rules, the policy exists but grants no access.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/policies/{id}/rules</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 7: Define Policy Rule — Policy UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/policies/</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/rules&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;role&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;dataElement&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;mask&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;noAccessOperation&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_NO_ACCESS_OP</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;permission&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;access&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;protect&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_PROTECT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;reProtect&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_REPROTECT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;unProtect&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_UNPROTECT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 8: Create Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates the datastore target to which the policy will be deployed.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># A policy is not active for protectors until it has been deployed to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># at least one datastore.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/datastores</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 8: Create Datastore — </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/datastores&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;default&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_DEFAULT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DS_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DS_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Datastore UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 9: Deploy Policy to Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Deploys the policy to the target datastore. After this step, runtime</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># protectors that reference this datastore will be able to load and</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># enforce the policy.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/datastores/{id}/deploy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 9: Deploy Policy to Datastore — DS UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">, Policy UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DEPLOY_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/datastores/</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/deploy&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;policies&#34;: [&#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;], </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;applications&#34;: [] </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DEPLOY_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">DEPLOY_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 10: Confirm Deployment</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Verifies that the policy has been successfully deployed to the datastore.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Confirms the policy is active, correctly mapped, and enforceable.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Viewer (read-only) or Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — GET /pty/v2/pim/deploy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 10: Confirm Deployment&#34;</span> </span></span><span style="display:flex;"><span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X GET <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/deploy&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 5: SUMMARY</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ───────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Displays a summary of all created resources and their UIDs.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Workflow Complete ✅&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Resource&#34;</span> <span style="color:#4e9a06">&#34;Name&#34;</span> <span style="color:#4e9a06">&#34;UID&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;────────────────────&#34;</span> <span style="color:#4e9a06">&#34;──────────────────────────────&#34;</span> <span style="color:#4e9a06">&#34;──────────&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Data Element&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34; └─ Mask&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MASK_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Role&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Member Source&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Policy&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Datastore&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n&#34;</span> </span></span></code></pre></div>Full Script to Protect DOB using Policy Management REST APIshttps://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/workflow_examples/automation_script/dob_automation_script/Mon, 01 Jan 0001 00:00:00 +0000https://docs.protegrity.com/aiteam-edition/1.0.0/docs/gov_policy/workflow_examples/automation_script/dob_automation_script/<p>The following code snippet contains the contents of the <code>deploy-dob-policy.sh</code> shell script. This script enables the creation and deployment of a policy to protect DOB data using the Policy Management REST APIs.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#!/usr/bin/env bash </span></span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"></span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Script Name : dob_policy.sh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Description : End-to-end automation script for creating and deploying a</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Date of Birth (DOB) protection policy using the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Protegrity Policy Information Management (PIM) REST API.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># IMPORTANT NOTES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 1. WORKBENCH REQUIREMENT:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The Policy Management REST APIs will work only after you have installed</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the Protegrity Workbench. Attempting to use these APIs before the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Workbench is installed will result in errors.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 2. USER PERMISSIONS:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The user account used to authenticate against these APIs must have the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># appropriate Protegrity role assigned:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Security Officer : Required for write access (create, update, delete)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Security Viewer : Required for read-only access (get, list)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># For more information about the roles and permissions required, refer to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the section &#34;Managing Roles&#34; in the Protegrity documentation.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 3. API VERSION:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The Policy Management API uses version v2.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># All endpoints in this script are prefixed with /pty/v2/pim/</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Requests to older API versions will not be supported.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># PREREQUISITES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Protegrity Workbench must be installed and running</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - kubectl configured and connected to your Kubernetes cluster</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - curl installed on the machine running this script</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - Access to the Protegrity API Gateway</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - A user account with Security Officer permissions</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># USAGE</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># chmod +x deploy-dob-policy.sh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ./deploy-dob-policy.sh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># WORKFLOW</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 1 - Initialize Policy Management</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 2 - Prepare Data Element (DOB DateTime Token)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 3 - Create Member Source</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 3.1 - Test Member Source Connectivity</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 4 - Create Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 5 - Assign Member Source to Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 5.1 - Sync Role Membership</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 6 - Create Policy Shell</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 7 - Define Policy Rule (bind Role + Data Element + Permissions)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 8 - Create Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 9 - Deploy Policy to Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Step 10 - Confirm Deployment</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECURITY NOTES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - If any API call returns HTTP 401 (Unauthorized), the script will</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># automatically attempt to re-generate the JWT token and retry the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># request once before failing.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># - If any API call indicates that a resource already exists, the script</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># will exit immediately with an error. Delete the conflicting resource</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># first, or update the name variables in SECTION 1 before re-running.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># EXIT CODES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 0 - Success</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 1 - Script error (set -e will trigger on any failed command)</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#204a87">set</span> -euo pipefail </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 1: USER-CONFIGURABLE VARIABLES</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Modify the variables below to match your environment before running</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># this script. All other values are derived automatically.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: The user specified by ADMIN_USER must have the Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># permission to perform write operations via the Policy Management API.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># For read-only operations, the Security Viewer permission is sufficient.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># For more information, refer to the &#34;Managing Roles&#34; section in the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Protegrity documentation.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Protegrity Admin Credentials ---</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># WARNING: For production use, consider sourcing these values from a secrets</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># manager (e.g., HashiCorp Vault, Kubernetes Secrets, AWS SSM).</span> </span></span><span style="display:flex;"><span><span style="color:#000">ADMIN_USER</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;workbench&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ADMIN_PASS</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Admin123!&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Data Element ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;de_dob_token&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Tokenize Date of Birth&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_TOKENIZER</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;SLT_8_DATETIME&#34;</span> <span style="color:#8f5902;font-style:italic"># DateTime tokenizer for date/time fields</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Role ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;dob_protect_role&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Role having access to protect DOB&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_MODE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;MANUAL&#34;</span> <span style="color:#8f5902;font-style:italic"># Options: MANUAL | SEMIAUTOMATIC | AUTOMATIC</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Member Source ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;test-file&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_USER_FILE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;exampleusers.txt&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_GROUP_FILE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;examplegroups.txt&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Role Member ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">MEMBER_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;exampleuser1&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">MEMBER_TYPE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;USER&#34;</span> <span style="color:#8f5902;font-style:italic"># Options: USER | GROUP</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Policy ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;dob-policy&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Protect Date of Birth with tokenization&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Policy Rule Permissions ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_PROTECT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">true</span> <span style="color:#8f5902;font-style:italic"># Allow protect operation</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_REPROTECT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">false</span> <span style="color:#8f5902;font-style:italic"># Allow re-protect operation</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_UNPROTECT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">true</span> <span style="color:#8f5902;font-style:italic"># Allow unprotect operation</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_NO_ACCESS_OP</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;NULL_VALUE&#34;</span> <span style="color:#8f5902;font-style:italic"># Behavior for no-access: NULL_VALUE | EXCEPTION</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Datastore ---</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_NAME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;ds_protect_dob&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_DESC</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;Datastore to demonstrate DOB protection&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_DEFAULT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">true</span> <span style="color:#8f5902;font-style:italic"># Set as the default datastore: true | false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># --- Token Retry Settings ---</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># On receiving HTTP 401 Unauthorized, the script will refresh the JWT token</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># and retry the failed request. MAX_TOKEN_RETRIES controls how many refresh</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># attempts are made before the script aborts.</span> </span></span><span style="display:flex;"><span><span style="color:#000">MAX_TOKEN_RETRIES</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#8f5902;font-style:italic"># Number of times to retry generating a token on 401</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 2: HELPER FUNCTIONS</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Internal utility functions used throughout the script.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Do not modify unless necessary.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prints a formatted primary section header to stdout</span> </span></span><span style="display:flex;"><span>log<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n%s\n&#34;</span> <span style="color:#4e9a06">&#34;━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34; %s\n&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$*</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%s\n&#34;</span> <span style="color:#4e9a06">&#34;━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prints a formatted subsection header to stdout (indented, lighter style)</span> </span></span><span style="display:flex;"><span>log_sub<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n%s\n&#34;</span> <span style="color:#4e9a06">&#34; ┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34; %s\n&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$*</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%s\n&#34;</span> <span style="color:#4e9a06">&#34; ┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prints an error message to stderr and exits with code 1</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: die &lt;message&gt;</span> </span></span><span style="display:flex;"><span>die<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n [ERROR] %s\n&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$*</span><span style="color:#4e9a06">&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">exit</span> <span style="color:#0000cf;font-weight:bold">1</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Attempts to extract a UID from a JSON API response.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Handles both string UIDs (&#34;uid&#34;:&#34;1&#34;) and integer UIDs (&#34;uid&#34;:1).</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Exits with an error if extraction fails — never prompts interactively.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: extract_uid &lt;json_response&gt; &lt;resource_label&gt;</span> </span></span><span style="display:flex;"><span>extract_uid<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> <span style="color:#000">response</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;</span><span style="color:#000">$1</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> <span style="color:#000">label</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;</span><span style="color:#000">$2</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> uid </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Match string-quoted UIDs: &#34;uid&#34;:&#34;&lt;value&gt;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#000">uid</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response</span><span style="color:#4e9a06">&#34;</span> <span style="color:#000;font-weight:bold">|</span> grep -o <span style="color:#4e9a06">&#39;&#34;uid&#34;:&#34;[^&#34;]*&#34;&#39;</span> <span style="color:#000;font-weight:bold">|</span> head -1 <span style="color:#000;font-weight:bold">|</span> sed <span style="color:#4e9a06">&#39;s/&#34;uid&#34;:&#34;//;s/&#34;//&#39;</span> <span style="color:#ce5c00;font-weight:bold">||</span> <span style="color:#204a87">true</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Fallback: match integer UIDs: &#34;uid&#34;:&lt;number&gt;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">uid</span><span style="color:#204a87;font-weight:bold">:-</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#000">uid</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response</span><span style="color:#4e9a06">&#34;</span> <span style="color:#000;font-weight:bold">|</span> grep -o <span style="color:#4e9a06">&#39;&#34;uid&#34;:[0-9]*&#39;</span> <span style="color:#000;font-weight:bold">|</span> head -1 <span style="color:#000;font-weight:bold">|</span> grep -o <span style="color:#4e9a06">&#39;[0-9]*&#39;</span> <span style="color:#ce5c00;font-weight:bold">||</span> <span style="color:#204a87">true</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">uid</span><span style="color:#204a87;font-weight:bold">:-</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Failed to extract UID for &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">label</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39;. API response was: </span><span style="color:#4e9a06">${</span><span style="color:#000">response</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$uid</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Generates a new JWT authentication token using the configured admin</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># credentials (ADMIN_USER / ADMIN_PASS). Stores the result in the global</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># TOKEN variable.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: The user must have the Security Officer permission for write access</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># or the Security Viewer permission for read-only access to the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Policy Management API (v2). For more information, refer to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the &#34;Managing Roles&#34; section in the Protegrity documentation.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: generate_token</span> </span></span><span style="display:flex;"><span>generate_token<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Generating JWT authentication token...&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#000">TOKEN</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>curl -k -s <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/api/v1/auth/login/token&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#39;Content-Type: application/x-www-form-urlencoded&#39;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#34;loginname=</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#34;password=</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_PASS</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -D - -o /dev/null 2&gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#000;font-weight:bold">|</span> grep -i <span style="color:#4e9a06">&#39;pty_access_jwt_token:&#39;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#000;font-weight:bold">|</span> sed <span style="color:#4e9a06">&#39;s/pty_access_jwt_token: //&#39;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#000;font-weight:bold">|</span> tr -d <span style="color:#4e9a06">&#39;\r&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">TOKEN</span><span style="color:#204a87;font-weight:bold">:-</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Failed to retrieve JWT token. Please verify the following: </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The Protegrity Workbench is installed and running. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The API Gateway host (</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">) is reachable. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The credentials for user &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; are correct. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - The user &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; has the Security Officer or Security Viewer </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> permission assigned. Refer to &#39;Managing Roles&#39; in the Protegrity </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> documentation for more information.&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Token acquired successfully.&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Executes a curl API call and automatically retries with a refreshed JWT</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># token if a 401 Unauthorized response is received.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># All Policy Management API calls in this script target the v2 API version:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># https://&lt;gateway&gt;/pty/v2/pim/...</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># On HTTP 401, the token is refreshed (up to MAX_TOKEN_RETRIES times) and</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the request is retried. This can occur when a token expires mid-run.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># On any other non-2xx response, a warning is logged but execution continues.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Usage: api_call &lt;curl_args...&gt;</span> </span></span><span style="display:flex;"><span>api_call<span style="color:#ce5c00;font-weight:bold">()</span> <span style="color:#ce5c00;font-weight:bold">{</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> <span style="color:#000">retries</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> http_status </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> response_body </span></span><span style="display:flex;"><span> <span style="color:#204a87">local</span> tmp_file </span></span><span style="display:flex;"><span> <span style="color:#000">tmp_file</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>mktemp<span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">while</span> true<span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">do</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Execute the curl call, capturing body and HTTP status separately</span> </span></span><span style="display:flex;"><span> <span style="color:#000">http_status</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>curl -k -s -o <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> -w <span style="color:#4e9a06">&#34;%{http_code}&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Authorization: Bearer </span><span style="color:#4e9a06">${</span><span style="color:#000">TOKEN</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$@</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> <span style="color:#000">response_body</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>cat <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Handle 401 Unauthorized:</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># This typically means the JWT token has expired or is invalid.</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># The script will attempt to refresh the token and retry the request.</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Ensure the user has the correct permissions (Security Officer / Viewer).</span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Refer to &#34;Managing Roles&#34; in the Protegrity documentation.</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$http_status</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">==</span> <span style="color:#4e9a06">&#34;401&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$retries</span><span style="color:#4e9a06">&#34;</span> -lt <span style="color:#4e9a06">&#34;</span><span style="color:#000">$MAX_TOKEN_RETRIES</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; [Warning] Received HTTP 401 Unauthorized.&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Refreshing JWT token and retrying (attempt </span><span style="color:#204a87;font-weight:bold">$((</span>retries <span style="color:#ce5c00;font-weight:bold">+</span> <span style="color:#0000cf;font-weight:bold">1</span><span style="color:#204a87;font-weight:bold">))</span><span style="color:#4e9a06"> of </span><span style="color:#4e9a06">${</span><span style="color:#000">MAX_TOKEN_RETRIES</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">)...&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> generate_token </span></span><span style="display:flex;"><span> <span style="color:#000">retries</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$((</span>retries <span style="color:#ce5c00;font-weight:bold">+</span> <span style="color:#0000cf;font-weight:bold">1</span><span style="color:#204a87;font-weight:bold">))</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">continue</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> rm -f <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Received HTTP 401 Unauthorized after </span><span style="color:#4e9a06">${</span><span style="color:#000">MAX_TOKEN_RETRIES</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06"> token refresh attempt(s). </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Please verify that user &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">ADMIN_USER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; has the required permissions: </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - Security Officer : for write access </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> - Security Viewer : for read-only access </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Refer to &#39;Managing Roles&#39; in the Protegrity documentation.&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Fail on &#34;already exists&#34; (HTTP 400/409) — resource must be removed first</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response_body</span><span style="color:#4e9a06">&#34;</span> <span style="color:#000;font-weight:bold">|</span> grep -qi <span style="color:#4e9a06">&#34;already exist&#34;</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> rm -f <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> die <span style="color:#4e9a06">&#34;Resource already exists (HTTP </span><span style="color:#4e9a06">${</span><span style="color:#000">http_status</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">). The script cannot continue. </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Response : </span><span style="color:#4e9a06">${</span><span style="color:#000">response_body</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06"> </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> Action : Delete or rename the existing resource before re-running, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> or update the name variables at the top of this script.&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#8f5902;font-style:italic"># Log other non-2xx responses (excluding 401 already handled above)</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$http_status</span><span style="color:#4e9a06">&#34;</span> !<span style="color:#ce5c00;font-weight:bold">=</span> 2* <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; [Warning] Received HTTP </span><span style="color:#4e9a06">${</span><span style="color:#000">http_status</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">. Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">response_body</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> &gt;<span style="color:#000;font-weight:bold">&amp;</span><span style="color:#0000cf;font-weight:bold">2</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> rm -f <span style="color:#4e9a06">&#34;</span><span style="color:#000">$tmp_file</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$response_body</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">break</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87;font-weight:bold">done</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 3: ENVIRONMENT SETUP</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Retrieves the API Gateway host address and generates a JWT authentication</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># token required for all subsequent API calls.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: The Policy Management REST APIs will work only after the Protegrity</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Workbench has been installed. All API calls target version v2:</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># https://&lt;gateway&gt;/pty/v2/pim/</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Environment Setup: Retrieving API Gateway Host&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">export</span> GW_HOST </span></span><span style="display:flex;"><span><span style="color:#000">GW_HOST</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">$(</span>kubectl get gateway pty-main -n api-gateway <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -o <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#39;{.status.addresses[0].value}&#39;</span><span style="color:#204a87;font-weight:bold">)</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; API Gateway Host : </span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; API Version : v2 (/pty/v2/pim/)&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Environment Setup: Generating JWT Authentication Token&#34;</span> </span></span><span style="display:flex;"><span>generate_token </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 4: WORKFLOW EXECUTION</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ──────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Executes each step of the DOB policy creation workflow in sequence.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># UIDs returned by each step are captured and reused in subsequent steps.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># NOTE: All write operations (POST) require the Security Officer permission.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># The read operation in Step 12 (GET) requires at minimum the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Security Viewer permission.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 1: Initialize Policy Management</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Initializes the PIM system. This step only needs to be performed once</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># per environment setup.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Requirement : Protegrity Workbench must be installed before running this step.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/init</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 1: Initialize Policy Management&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">INIT_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/init&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">INIT_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK (empty response — PIM already initialized or no content returned)&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">INIT_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 2: Prepare Data Element</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Prepares the DOB DateTime Data Element that defines what data is protected</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># and how it is tokenized. The SLT_8_DATETIME tokenizer handles date/time</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># field tokenization.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/dataelements</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 2: Prepare Data Element — </span><span style="color:#4e9a06">${</span><span style="color:#000">DE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/dataelements&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;dateTimeToken&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;tokenizer&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_TOKENIZER</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">DE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DE_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DE_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DE_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Data Element UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">DE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 3: Create Member Source</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates a Member Source that defines where user and group identities are</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># sourced from (in this example, a flat file). Member Sources are used to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># populate roles with real enterprise identities.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/sources</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 3: Create Member Source — </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/sources&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;type&#34;: &#34;FILE&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;connection&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;userFile&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_USER_FILE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;groupFile&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_GROUP_FILE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SOURCE_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$SOURCE_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$SOURCE_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Source UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 3.1: Test Member Source Connectivity</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Validates that the Member Source is reachable and correctly configured.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># All connectivity checks (connection, authentication, groups, users) must</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># pass before proceeding.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/sources/{id}/test</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 3.1: Test Member Source Connectivity — UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/sources/</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/test&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 4: Create Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates a role that represents who is allowed to perform operations on</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the protected data. Permissions are granted to roles, which are then</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># mapped to users and groups via Member Sources.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/roles</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 4: Create Role — </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/roles&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;mode&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_MODE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;allowAll&#34;: false </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">ROLE_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$ROLE_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$ROLE_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Role UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 5: Assign Member Source to Role</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Binds a specific user or group from the Member Source to the Role.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># This establishes the identity-to-role mapping that makes the policy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># enforceable for real users.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/roles/{id}/members</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 5: Assign Member &#39;</span><span style="color:#4e9a06">${</span><span style="color:#000">MEMBER_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#39; to Role — UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/roles/</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/members&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;[ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MEMBER_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;source&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;type&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">MEMBER_TYPE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> ]&#39;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 5.1: Sync Role Membership</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Synchronizes the role membership from the Member Source. This pulls the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># current list of users and groups into the role so that access controls</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># reflect the latest state of the identity source.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/roles/{id}/sync</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 5.1: Sync Role Membership — Role UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">SYNC_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/roles/</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/sync&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SYNC_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">SYNC_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 6: Create Policy Shell</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates the policy container that will hold the access rules. The policy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># is the deployable object that ties together Data Elements, Roles, and Rules.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/policies</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 6: Create Policy Shell — </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/policies&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;template&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;access&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;protect&#34;: false, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;reProtect&#34;: false, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;unProtect&#34;: false </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">POLICY_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$POLICY_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$POLICY_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Policy UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 7: Define Policy Rule</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates the rule that binds a Role (who), a Data Element (what), and</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># the permitted operations (protect / reProtect / unProtect) into the</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># policy. Without rules, the policy exists but grants no access.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Note: No mask is applied for DateTime data elements.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/policies/{id}/rules</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 7: Define Policy Rule — Policy UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">RULE_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/policies/</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/rules&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;role&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;dataElement&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;noAccessOperation&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_NO_ACCESS_OP</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;permission&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;access&#34;: { </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;protect&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_PROTECT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;reProtect&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_REPROTECT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;unProtect&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_UNPROTECT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> } </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">RULE_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 8: Create Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Creates the datastore target to which the policy will be deployed.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># A policy is not active for protectors until it has been deployed to</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># at least one datastore.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/datastores</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 8: Create Datastore — </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/datastores&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;name&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;description&#34;: &#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_DESC</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;, </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;default&#34;: &#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_DEFAULT</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DS_UID</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>extract_uid <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DS_RESPONSE</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#000">$DS_NAME</span><span style="color:#4e9a06">&#34;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Datastore UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 9: Deploy Policy to Datastore</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Deploys the policy to the target datastore. After this step, runtime</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># protectors that reference this datastore will be able to load and</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># enforce the policy.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — POST /pty/v2/pim/datastores/{id}/deploy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 9: Deploy Policy to Datastore — DS UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">, Policy UID: </span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#000">DEPLOY_RESPONSE</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;Content-Type: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X POST <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/datastores/</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/deploy&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -d <span style="color:#4e9a06">&#39;{ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;policies&#34;: [&#34;&#39;</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">&#39;&#34;], </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> &#34;applications&#34;: [] </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"> }&#39;</span><span style="color:#204a87;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">if</span> <span style="color:#ce5c00;font-weight:bold">[[</span> -z <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DEPLOY_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#ce5c00;font-weight:bold">]]</span><span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">then</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Status: OK&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">else</span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34; Response: </span><span style="color:#4e9a06">${</span><span style="color:#000">DEPLOY_RESPONSE</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">fi</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># STEP 10: Confirm Deployment</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Verifies that the policy has been successfully deployed to the datastore.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Confirms the policy is active, correctly mapped, and enforceable.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">#</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Permission : Security Viewer (read-only) or Security Officer</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># API Version : v2 — GET /pty/v2/pim/deploy</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ─────────────────────────────────────────────────────────────────────────────</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Step 10: Confirm Deployment&#34;</span> </span></span><span style="display:flex;"><span>api_call <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -H <span style="color:#4e9a06">&#34;accept: application/json&#34;</span> <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> -X GET <span style="color:#4e9a06">&#34;https://</span><span style="color:#4e9a06">${</span><span style="color:#000">GW_HOST</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/pty/v2/pim/deploy&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># SECTION 5: SUMMARY</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># ───────────────────</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Displays a summary of all created resources and their UIDs.</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic">###############################################################################</span> </span></span><span style="display:flex;"><span>log <span style="color:#4e9a06">&#34;Workflow Complete ✅&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Resource&#34;</span> <span style="color:#4e9a06">&#34;Name&#34;</span> <span style="color:#4e9a06">&#34;UID&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;────────────────────&#34;</span> <span style="color:#4e9a06">&#34;──────────────────────────────&#34;</span> <span style="color:#4e9a06">&#34;──────────&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Data Element&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Role&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">ROLE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Member Source&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">SOURCE_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Policy&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">POLICY_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;%-20s %-30s %-10s\n&#34;</span> <span style="color:#4e9a06">&#34;Datastore&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_NAME</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> <span style="color:#4e9a06">&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">DS_UID</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">printf</span> <span style="color:#4e9a06">&#34;\n&#34;</span> </span></span></code></pre></div>