{ "info": { "name": "Keycard Access Policies", "description": "Complete workflow for creating, drafting, publishing, and simulating access policies in a Keycard zone.\n\nSet these environment variables before running:\n- `client_id` — your service account client ID\n- `client_secret` — your service account client secret\n- `principal_id` — a user or application ID for policy simulation\n- `resource_id` — a resource ID for policy simulation\n\nAll other variables (token, zone_id, policy_id, etc.) are auto-set by post-response scripts. The collection picks the first zone from your account by default.\n\nRun all requests sequentially using Postman Runner.", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "variable": [ { "key": "base_url", "value": "https://api.keycard.ai", "description": "Default API base URL. Override in your Postman environment to target a different host." } ], "item": [ { "name": "1 — Setup", "description": "Authenticate, discover zones, and fetch the current policy schema version.", "item": [ { "name": "1.1 Authenticate", "request": { "method": "POST", "header": [], "url": { "raw": "{{base_url}}/service-account-token", "host": ["{{base_url}}"], "path": ["service-account-token"] }, "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "client_credentials" }, { "key": "client_id", "value": "{{client_id}}" }, { "key": "client_secret", "value": "{{client_secret}}" } ] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "pm.environment.set(\"token\", jsonData.access_token);" ] } } ] }, { "name": "1.2 List zones", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones", "host": ["{{base_url}}"], "path": ["zones"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "if (jsonData.items && jsonData.items.length > 0) {", " pm.environment.set(\"zone_id\", jsonData.items[0].id);", "}" ] } } ] }, { "name": "1.3 List schemas", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-schemas", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-schemas"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "if (jsonData.items && jsonData.items.length > 0) {", " pm.environment.set(\"schema_version\", jsonData.items[0].version);", "}" ] } } ] } ] }, { "name": "2 — Policy Lifecycle", "description": "Create a policy, author a draft with Cedar JSON, then publish an immutable version.", "item": [ { "name": "2.1 Create policy", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policies", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policies"] }, "body": { "mode": "raw", "raw": "{\n \"name\": \"require-token-credentials\",\n \"description\": \"Require token credential type for all application access\"\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "if (pm.response.code === 201) {", " pm.environment.set(\"policy_id\", jsonData.id);", "} else if (pm.response.code === 409) {", " pm.sendRequest({", " url: pm.variables.get(\"base_url\") + \"/zones/\" + pm.environment.get(\"zone_id\") + \"/policies\",", " method: \"GET\",", " header: { \"Authorization\": \"Bearer \" + pm.environment.get(\"token\") }", " }, function (err, res) {", " var items = res.json().items || [];", " for (var i = 0; i < items.length; i++) {", " if (items[i].name === \"require-token-credentials\") {", " pm.environment.set(\"policy_id\", items[i].id);", " if (items[i].latest_version_id) {", " pm.environment.set(\"policy_version_id\", items[i].latest_version_id);", " }", " break;", " }", " }", " });", "}" ] } } ] }, { "name": "2.2 Upsert policy draft", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policies/{{policy_id}}/draft", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policies", "{{policy_id}}", "draft"] }, "body": { "mode": "raw", "raw": "{\n \"cedar_json\": {\n \"staticPolicies\": {\n \"require-token-credentials\": {\n \"effect\": \"forbid\",\n \"principal\": { \"op\": \"is\", \"entity_type\": \"Keycard::Application\" },\n \"action\": { \"op\": \"All\" },\n \"resource\": { \"op\": \"All\" },\n \"conditions\": [\n {\n \"kind\": \"unless\",\n \"body\": {\n \"&&\": {\n \"left\": {\n \"has\": {\n \"left\": { \"Var\": \"principal\" },\n \"attr\": \"credential_type\"\n }\n },\n \"right\": {\n \"==\": {\n \"left\": {\n \".\": {\n \"left\": { \"Var\": \"principal\" },\n \"attr\": \"credential_type\"\n }\n },\n \"right\": { \"Value\": { \"__entity\": { \"type\": \"Keycard::CredentialType\", \"id\": \"token\" } } }\n }\n }\n }\n }\n }\n ]\n }\n },\n \"templates\": {},\n \"templateLinks\": []\n },\n \"schema_version\": \"{{schema_version}}\"\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Draft has cedar_json', function () {", " pm.expect(body.cedar_json).to.not.be.undefined;", "});" ] } } ] }, { "name": "2.3 Get policy draft", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policies/{{policy_id}}/draft", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policies", "{{policy_id}}", "draft"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Draft contains cedar_json', function () {", " pm.expect(body.cedar_json).to.not.be.undefined;", "});", "console.log('Draft cedar_json:', JSON.stringify(body.cedar_json, null, 2));" ] } } ] }, { "name": "2.4 Create policy version (publish)", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policies/{{policy_id}}/versions", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policies", "{{policy_id}}", "versions"] }, "body": { "mode": "raw", "raw": "{\n \"cedar_raw\": \"@id(\\\"require-token-credentials\\\")\\nforbid (\\n principal is Keycard::Application,\\n action,\\n resource\\n) unless {\\n principal has credential_type && principal.credential_type == Keycard::CredentialType::\\\"token\\\"\\n};\",\n \"schema_version\": \"{{schema_version}}\"\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "if (pm.response.code === 201) {", " var jsonData = pm.response.json();", " pm.environment.set(\"policy_version_id\", jsonData.id);", "}" ] } } ] } ] }, { "name": "3 — Policy Set Lifecycle", "description": "Create a policy set, build a draft manifest with the custom policy, and publish an immutable version. Steps 3.2–3.3 discover the managed policy set for use in rollback (section 6).", "item": [ { "name": "3.1 Create policy set", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets"] }, "body": { "mode": "raw", "raw": "{\n \"name\": \"custom-zone-policies\",\n \"scope_type\": \"zone\"\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "if (pm.response.code === 201) {", " pm.environment.set(\"policy_set_id\", jsonData.id);", "} else if (pm.response.code === 409) {", " pm.sendRequest({", " url: pm.variables.get(\"base_url\") + \"/zones/\" + pm.environment.get(\"zone_id\") + \"/policy-sets\",", " method: \"GET\",", " header: { \"Authorization\": \"Bearer \" + pm.environment.get(\"token\") }", " }, function (err, res) {", " var items = res.json().items || [];", " for (var i = 0; i < items.length; i++) {", " if (items[i].name === \"custom-zone-policies\" && items[i].owner_type === \"customer\") {", " pm.environment.set(\"policy_set_id\", items[i].id);", " break;", " }", " }", " });", "}" ] } } ] }, { "name": "3.2 Get managed policy set", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "var items = jsonData.items || [];", "for (var i = 0; i < items.length; i++) {", " if (items[i].owner_type === \"platform\") {", " pm.environment.set(\"managed_ps_id\", items[i].id);", " pm.environment.set(\"managed_ps_version_id\", items[i].latest_version_id);", " break;", " }", "}" ] } } ] }, { "name": "3.3 Get managed policy set version", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets/{{managed_ps_id}}/versions/{{managed_ps_version_id}}", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets", "{{managed_ps_id}}", "versions", "{{managed_ps_version_id}}"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "var entries = jsonData.manifest.entries || [];", "pm.environment.set(\"managed_manifest_entries\", JSON.stringify(entries));", "if (jsonData.schema_version) {", " pm.environment.set(\"managed_schema_version\", jsonData.schema_version);", "}" ] } } ] }, { "name": "3.4 Upsert policy set draft", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets/{{policy_set_id}}/draft", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets", "{{policy_set_id}}", "draft"] }, "body": { "mode": "raw", "raw": "{\n \"manifest\": {\n \"entries\": [\n {\n \"policy_id\": \"{{policy_id}}\",\n \"policy_version_id\": \"{{policy_version_id}}\"\n }\n ]\n },\n \"schema_version\": \"{{schema_version}}\"\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Manifest has 1 entry', function () {", " pm.expect(body.manifest.entries).to.have.lengthOf(1);", "});", "console.log('Draft created with custom policy, manifest entries:', body.manifest?.entries?.length || 0);" ] } } ] }, { "name": "3.5 Get policy set draft", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets/{{policy_set_id}}/draft", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets", "{{policy_set_id}}", "draft"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Manifest has entries', function () {", " pm.expect(body.manifest.entries.length).to.be.above(0);", "});", "console.log('Draft manifest:', JSON.stringify(body.manifest, null, 2));" ] } } ] }, { "name": "3.6 Create policy set version (publish)", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets/{{policy_set_id}}/versions", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets", "{{policy_set_id}}", "versions"] }, "body": { "mode": "raw", "raw": "{{ps_version_body}}" } }, "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "var policyVersionId = pm.environment.get(\"policy_version_id\");", "if (!policyVersionId) {", " console.warn(\"policy_version_id is not set — the policy version may not have been created. Check step 2.4.\");", "}", "var body = {", " manifest: { entries: [{ policy_id: pm.environment.get(\"policy_id\"), policy_version_id: policyVersionId }] },", " schema_version: pm.environment.get(\"schema_version\")", "};", "pm.environment.set(\"ps_version_body\", JSON.stringify(body, null, 2));" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "var jsonData = pm.response.json();", "pm.environment.set(\"ps_version_id\", jsonData.id);" ] } } ] } ] }, { "name": "4 — Activate & Verify", "description": "Activate the published policy set version and verify it is live.", "item": [ { "name": "4.1 Activate policy set", "request": { "method": "PATCH", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets/{{policy_set_id}}/versions/{{ps_version_id}}", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets", "{{policy_set_id}}", "versions", "{{ps_version_id}}"] }, "body": { "mode": "raw", "raw": "{\"active\": true}" } } }, { "name": "4.2 Verify", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets"] } } } ] }, { "name": "5 — Policy Simulation", "description": "Test policy evaluation against real entities before deployment. Supports evaluating a single policy draft, a published policy set, or raw Cedar text.\n\nSet `principal_id` and `resource_id` environment variables before running.", "item": [ { "name": "5.1 Simulate — single policy (draft)", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-evaluations", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-evaluations"] }, "body": { "mode": "raw", "raw": "{\n \"principal_type\": \"application\",\n \"principal_id\": \"{{principal_id}}\",\n \"action\": \"any\",\n \"resource_id\": \"{{resource_id}}\",\n \"policy_source\": {\n \"policy\": {\n \"policy_id\": \"{{policy_id}}\"\n }\n }\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Response has decision', function () {", " pm.expect(body.decision).to.be.oneOf(['allow', 'deny']);", "});", "console.log('Decision:', body.decision);", "console.log('Determining policies:', JSON.stringify(body.determining_policies));", "if (body.diagnostics && body.diagnostics.length > 0) {", " console.log('Diagnostics:', JSON.stringify(body.diagnostics, null, 2));", "}" ] } } ] }, { "name": "5.2 Delete policy draft (setup for 5.3)", "request": { "method": "DELETE", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policies/{{policy_id}}/draft", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policies", "{{policy_id}}", "draft"] } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Draft deleted or not found', function () {", " pm.expect(pm.response.code).to.be.oneOf([200, 204, 404]);", "});" ] } } ] }, { "name": "5.3 Simulate — policy (latest version fallback)", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-evaluations", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-evaluations"] }, "body": { "mode": "raw", "raw": "{\n \"principal_type\": \"application\",\n \"principal_id\": \"{{principal_id}}\",\n \"action\": \"any\",\n \"resource_id\": \"{{resource_id}}\",\n \"policy_source\": {\n \"policy\": {\n \"policy_id\": \"{{policy_id}}\"\n }\n }\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "// ACC-72 case 2: no draft, published version exists — should use latest version", "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Response has decision', function () {", " pm.expect(body.decision).to.be.oneOf(['allow', 'deny']);", "});", "console.log('Decision:', body.decision);", "console.log('Determining policies:', JSON.stringify(body.determining_policies));" ] } } ] }, { "name": "5.4 Simulate — policy (no draft, no version)", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "// Create a throwaway policy with no draft and no published version", "pm.sendRequest({", " url: pm.variables.get('base_url') + '/zones/' + pm.environment.get('zone_id') + '/policies',", " method: 'POST',", " header: {", " 'Authorization': 'Bearer ' + pm.environment.get('token'),", " 'Content-Type': 'application/json'", " },", " body: {", " mode: 'raw',", " raw: JSON.stringify({ name: 'empty-policy-' + Date.now(), description: 'Throwaway for ACC-72 case 3' })", " }", "}, function (err, res) {", " if (res.code === 201) {", " pm.environment.set('empty_policy_id', res.json().id);", " }", "});" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "// ACC-72 case 3: no draft AND no versions — should return 400", "pm.test('Returns 400 for policy with no draft and no versions', function () {", " pm.response.to.have.status(400);", "});", "", "var body = pm.response.json();", "console.log('Status:', pm.response.code, '| Message:', body.message);" ] } } ], "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-evaluations", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-evaluations"] }, "body": { "mode": "raw", "raw": "{\n \"principal_type\": \"application\",\n \"principal_id\": \"{{principal_id}}\",\n \"action\": \"any\",\n \"resource_id\": \"{{resource_id}}\",\n \"policy_source\": {\n \"policy\": {\n \"policy_id\": \"{{empty_policy_id}}\"\n }\n }\n}" } } }, { "name": "5.5 Simulate — policy set (published)", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-evaluations", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-evaluations"] }, "body": { "mode": "raw", "raw": "{\n \"principal_type\": \"application\",\n \"principal_id\": \"{{principal_id}}\",\n \"action\": \"any\",\n \"resource_id\": \"{{resource_id}}\",\n \"policy_source\": {\n \"policy_set\": {\n \"policy_set_id\": \"{{policy_set_id}}\",\n \"version_id\": \"{{ps_version_id}}\"\n }\n }\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Response has decision', function () {", " pm.expect(body.decision).to.be.oneOf(['allow', 'deny']);", "});", "console.log('Decision:', body.decision);", "console.log('Determining policies:', JSON.stringify(body.determining_policies));", "if (body.entity_snapshot) {", " console.log('Entity snapshot:', JSON.stringify(body.entity_snapshot, null, 2));", "}" ] } } ] }, { "name": "5.6 Simulate — policy set (draft/latest)", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-evaluations", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-evaluations"] }, "body": { "mode": "raw", "raw": "{\n \"principal_type\": \"application\",\n \"principal_id\": \"{{principal_id}}\",\n \"action\": \"any\",\n \"resource_id\": \"{{resource_id}}\",\n \"policy_source\": {\n \"policy_set\": {\n \"policy_set_id\": \"{{policy_set_id}}\"\n }\n }\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Response has decision', function () {", " pm.expect(body.decision).to.be.oneOf(['allow', 'deny']);", "});", "console.log('Decision:', body.decision);", "console.log('Determining policies:', JSON.stringify(body.determining_policies));", "if (body.entity_snapshot) {", " console.log('Entity snapshot:', JSON.stringify(body.entity_snapshot, null, 2));", "}" ] } } ] }, { "name": "5.7 Simulate — raw Cedar", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-evaluations", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-evaluations"] }, "body": { "mode": "raw", "raw": "{\n \"principal_type\": \"application\",\n \"principal_id\": \"{{principal_id}}\",\n \"action\": \"any\",\n \"resource_id\": \"{{resource_id}}\",\n \"policy_source\": {\n \"raw\": {\n \"cedar\": \"permit(\\n principal is Keycard::Application,\\n action,\\n resource\\n);\",\n \"schema_version\": \"{{schema_version}}\"\n }\n }\n}" } }, "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test('Status is 200 OK', function () {", " pm.response.to.have.status(200);", "});", "", "var body = pm.response.json();", "pm.test('Response has decision', function () {", " pm.expect(body.decision).to.be.oneOf(['allow', 'deny']);", "});", "console.log('Decision:', body.decision);", "console.log('Determining policies:', JSON.stringify(body.determining_policies));", "if (body.diagnostics && body.diagnostics.length > 0) {", " console.log('Diagnostics:', JSON.stringify(body.diagnostics, null, 2));", "}" ] } } ] } ] }, { "name": "6 — Rollback", "description": "Re-activate the platform-managed policy set version to revert custom policies.", "item": [ { "name": "6.1 Rollback", "request": { "method": "PATCH", "header": [ { "key": "Authorization", "value": "Bearer {{token}}" }, { "key": "Content-Type", "value": "application/json" } ], "url": { "raw": "{{base_url}}/zones/{{zone_id}}/policy-sets/{{managed_ps_id}}/versions/{{managed_ps_version_id}}", "host": ["{{base_url}}"], "path": ["zones", "{{zone_id}}", "policy-sets", "{{managed_ps_id}}", "versions", "{{managed_ps_version_id}}"] }, "body": { "mode": "raw", "raw": "{\"active\": true}" } } } ] } ] }