How do I migrate a CLM 1.5 application policy to a CLM 1.6 organization policy

Warning:  Do NOT import the same policy json file to more than one organization or you will lose data

 

You're using CLM 1.4 or 1.5 and you have a set of policies, labels, and license threat groups for each application.  CLM 1.6 introduces a new user interface and the concept of hierarchal policies.  In CLM 1.6, one or more applications can belong to an organization and both applications and organizations can have policies, labels, and license threat groups.

After performing the upgrade to CLM 1.6 and restarting the CLM Server, all the applications from your old environment will still be there with all the original policy pieces but these applications will not belong to an organization.   You could stop here and everything would still work correctly but you would not benefit from the new policy management features.  Upgrading from an application policy to an organizational policy is easy, this article will guide you through the steps.

Before migrating your policies, think about which applications can be grouped under an organization.  In other words, which applications would benefit from the same policy.  Maybe you only have one policy for all your applications, maybe you have 2 polices (distributed software vs non distributed), maybe you really need one policy for each application (that seems like overkill).

This example will show you how to have 2 applications share one policy, labels, and threat groups.  All other possible scenarios are a variation of this one and if you need additional help with the migration process contact Sonatype Support.

*1) Identify the application whose policy, labels, and license threat groups will be migrated. 

*

Screen_Shot_2013-08-30_at_3.26.00_PM.png

 

2) Export the application policy

curl -o webgoat6.json_ http://<clm-server:8070>/rest/policy/application/WebGoat%206_/export

 

*3) Create the organization

*

Screen_Shot_2013-08-30_at_3.29.26_PM.png

 

4) Select the organization and copy the organization ID from the URL.

Screen_Shot_2013-08-30_at_3.32.22_PM.png

 

*5) Import the policy from step 2 into the organization created in step 3.  Refresh page after import.  Notice all the WebGoat application policies, labels, and license threat groups have been deleted.

*

curl -T webgoat6.json http://<clm-server:8070>/rest/policy/organization/9ad985b5edfd4e33bfb4e93413097d4c/import

Screen_Shot_2013-08-30_at_3.40.39_PM.png

 

*6) Assign the application from step 2 to the organization created in step 3.  Select an optional robot or application icon. Refresh page to see inherited policies.

*

Screen_Shot_2013-08-30_at_3.43.27_PM.png

Screen_Shot_2013-08-30_at_3.44.09_PM.png

That's it.

If you want to move additional applications under that same organization, you will need to delete all the policies, labels, and threat groups from the application before saving the application to a new organization.  In this example to move JSPWiki into the OWASP organization, I would first need to delete all the JSPWiki polices, labels, and license threat groups.  I could then select OWASP as the JSPWiki organization.  All of the OWASP organization policies, labels, and license threat groups would now apply to JSPWiki.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk