+1 for *HEAD /roles/{roleName} - *makes more sense and cleaner. If an user wants to pass the user store explicitly, shall we add a query param? *HEAD /roles/{roleName}?userstore=X *
On Thu, Aug 8, 2019 at 11:38 AM Malintha Amarasinghe <malint...@wso2.com> wrote: > When we return a 404, it implies that the URL (or the resource) does not > exist. Here the URL/resource is */validate-role *(a controller resource) > which always exists so it is wrong to return a 404 at any case. > > Thanks! > > On Thu, Aug 8, 2019 at 7:12 PM Menaka Jayawardena <men...@wso2.com> wrote: > >> Hi Naduni, >> >> Wh the GET request always returns 200? >> Can't we set the status code 404 if the role is not found? So we can >> check the response status from the UI. We do not want to read the body then. >> >> >> >> On Thu, Aug 8, 2019 at 6:05 PM Naduni Pamudika <nad...@wso2.com> wrote: >> >>> Hi All, >>> >>> Thanks all for the suggestions. With the GET method @Bhathiya Jayasekara >>> <bhath...@wso2.com> suggested, we have the following 2 options now. >>> >>> 1. *HEAD /roles/{roleName}* >>> 2. *GET /validate-role?role=rolename* >>> >>> >>> If we go with the option 1, it will simplify the work in the UI side >>> while doing the role validations by using the Rest API since we can do the >>> validation by looking at the status code (If the role exists it is a 200 >>> and if not it is a 404). If we go with the option 2, it will always return >>> a 200 status code and we need to check the response body to validate a >>> particular role name (We can send *isRoleExist=true* and >>> *isRoleExist=false* in the response body depending on the existence of >>> a role name). >>> >>> Since most of us are +1 with the option 2, shall we move forward with >>> the GET method? >>> >>> Thanks, >>> Naduni >>> >>> On Wed, Aug 7, 2019 at 7:27 PM Bhathiya Jayasekara <bhath...@wso2.com> >>> wrote: >>> >>>> >>>> >>>> On Wed, Aug 7, 2019 at 6:24 PM Malintha Amarasinghe <malint...@wso2.com> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Aug 7, 2019 at 3:39 PM Harsha Kumara <hars...@wso2.com> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Aug 7, 2019 at 3:37 PM Malintha Amarasinghe < >>>>>> malint...@wso2.com> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Aug 7, 2019 at 3:35 PM Harsha Kumara <hars...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Let's say if someone wants to check existence of role foo in user >>>>>>>> store TEST. He will do a call /roke/TEST/foo which isn't valid request >>>>>>>> right? >>>>>>>> >>>>>>> @Harsha Kumara <hars...@wso2.com> we need to URL encode the role >>>>>>> name. The request will become /roles/TEST%2Ffoo >>>>>>> >>>>>> Yes that's true. Again some customers might have different letters in >>>>>> their role names. Might note be a good idea to include as a path >>>>>> parameter. >>>>>> >>>>> Even if we add as a query param, that will go as part of the URL which >>>>> might lead to similar issues? We may need to test this for query >>>>> parameters >>>>> as well. >>>>> >>>>> I preferred the HEAD method due to the simpleness ( only need to >>>>> respond with 204 or 404 without any payload based on the availability of >>>>> the role) and RESTfulness (consider a role as a resource and do a fetch on >>>>> it in the usual way). HEAD is the usual way for checking the existence of >>>>> a >>>>> resource. However, we do not have the need for implementing a GET here for >>>>> now. >>>>> >>>> >>>> This is actually my worry is. I don't think we'll ever have to give a >>>> /roles/{role} in the publisher APIs. So having a HEAD without a GET feels >>>> strange to me. Maybe it's just me. >>>> >>>> Thanks, >>>> Bhathiya >>>> >>>> >>>>> >>>>> >>>>> >>>>>>> >>>>>>>> >>>>>>>> On Wed, Aug 7, 2019 at 3:33 PM Mushthaq Rumy <musht...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Adding [Architecture] >>>>>>>>> >>>>>>>>> On Wed, Aug 7, 2019 at 3:30 PM Mushthaq Rumy <musht...@wso2.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Since we will be UserStoreManager, this should cover the >>>>>>>>>> secondary user stores as well. >>>>>>>>>> >>>>>>>>>> Thanks & Regards, >>>>>>>>>> Mushthaq >>>>>>>>>> >>>>>>>>>> On Wed, Aug 7, 2019 at 3:28 PM Harsha Kumara <hars...@wso2.com> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> What happen if the role is from secondary user store? >>>>>>>>>>> >>>>>>>>>>> On Wed, Aug 7, 2019 at 3:24 PM Naduni Pamudika <nad...@wso2.com> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi All, >>>>>>>>>>>> >>>>>>>>>>>> We are planning to add a REST API endpoint to APIM 3.0 >>>>>>>>>>>> Publisher Rest APIs and the intention is to check the existence of >>>>>>>>>>>> a >>>>>>>>>>>> particular role name. This will be used in order to manage roles >>>>>>>>>>>> when >>>>>>>>>>>> enabling Publisher Access Control and Store Visibility and when >>>>>>>>>>>> adding >>>>>>>>>>>> Scopes. >>>>>>>>>>>> >>>>>>>>>>>> The swagger definition for the new endpoint would be as follows. >>>>>>>>>>>> >>>>>>>>>>>> ###################################################### >>>>>>>>>>>> # The Role Name Existence >>>>>>>>>>>> ###################################################### >>>>>>>>>>>> /roles/{roleName}: >>>>>>>>>>>> #----------------------------------------------------- >>>>>>>>>>>> # The role name existence check resource >>>>>>>>>>>> #----------------------------------------------------- >>>>>>>>>>>> head: >>>>>>>>>>>> security: >>>>>>>>>>>> - OAuth2Security: >>>>>>>>>>>> - apim:api_view >>>>>>>>>>>> summary: | >>>>>>>>>>>> Check given role name is already exist >>>>>>>>>>>> description: | >>>>>>>>>>>> Using this operation, you can check a given role >>>>>>>>>>>> name is already used. You need to provide the role name you want >>>>>>>>>>>> to check. >>>>>>>>>>>> parameters: >>>>>>>>>>>> - $ref : '#/parameters/roleName' >>>>>>>>>>>> responses: >>>>>>>>>>>> 200: >>>>>>>>>>>> description: | >>>>>>>>>>>> OK. >>>>>>>>>>>> Requested role name is returned. >>>>>>>>>>>> 404: >>>>>>>>>>>> description: | >>>>>>>>>>>> Not Found. >>>>>>>>>>>> Requested role name does not exist. >>>>>>>>>>>> ###################################################### >>>>>>>>>>>> # Role Name >>>>>>>>>>>> roleName: >>>>>>>>>>>> name: roleName >>>>>>>>>>>> in: path >>>>>>>>>>>> description: | >>>>>>>>>>>> The role name >>>>>>>>>>>> required: true >>>>>>>>>>>> type: string >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> It is a HEAD method (*/roles/{roleName}*) which will return a >>>>>>>>>>>> 200 status code if the given role name exists and a 404 status >>>>>>>>>>>> code if the >>>>>>>>>>>> give role name is not found. Sample requests and responses are >>>>>>>>>>>> given below. >>>>>>>>>>>> >>>>>>>>>>>> Request: >>>>>>>>>>>> HEAD >>>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/valid-role >>>>>>>>>>>> HTTP/1.1 >>>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8 >>>>>>>>>>>> >>>>>>>>>>>> Response: >>>>>>>>>>>> HTTP/1.1 200 OK >>>>>>>>>>>> Connection: keep-alive >>>>>>>>>>>> Content-Length: 0 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Request: >>>>>>>>>>>> HEAD >>>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/invalid-role >>>>>>>>>>>> HTTP/1.1 >>>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8 >>>>>>>>>>>> >>>>>>>>>>>> Response: >>>>>>>>>>>> HTTP/1.1 404 Not Found >>>>>>>>>>>> Connection: keep-alive >>>>>>>>>>>> Content-Length: 0 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Are we good to have the endpoint definition as this? Appreciate >>>>>>>>>>>> your inputs to proceed further. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Naduni >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc. >>>>>>>>>>>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) >>>>>>>>>>>> nad...@wso2.com >>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> *Harsha Kumara* >>>>>>>>>>> >>>>>>>>>>> Technical Lead, WSO2 Inc. >>>>>>>>>>> Mobile: +94775505618 >>>>>>>>>>> Email: hars...@wso2.coim >>>>>>>>>>> Blog: harshcreationz.blogspot.com >>>>>>>>>>> >>>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Mushthaq Rumy >>>>>>>>>> *Senior Software Engineer* >>>>>>>>>> Mobile : +94 (0) 779 492140 >>>>>>>>>> Email : musht...@wso2.com >>>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>>> lean . enterprise . middleware. >>>>>>>>>> >>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Mushthaq Rumy >>>>>>>>> *Senior Software Engineer* >>>>>>>>> Mobile : +94 (0) 779 492140 >>>>>>>>> Email : musht...@wso2.com >>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>> lean . enterprise . middleware. >>>>>>>>> >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Harsha Kumara* >>>>>>>> >>>>>>>> Technical Lead, WSO2 Inc. >>>>>>>> Mobile: +94775505618 >>>>>>>> Email: hars...@wso2.coim >>>>>>>> Blog: harshcreationz.blogspot.com >>>>>>>> >>>>>>>> GET INTEGRATION AGILE >>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Malintha Amarasinghe >>>>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>>>> http://wso2.com/ >>>>>>> >>>>>>> Mobile : +94 712383306 >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Harsha Kumara* >>>>>> >>>>>> Technical Lead, WSO2 Inc. >>>>>> Mobile: +94775505618 >>>>>> Email: hars...@wso2.coim >>>>>> Blog: harshcreationz.blogspot.com >>>>>> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>> >>>>> >>>>> -- >>>>> Malintha Amarasinghe >>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>> http://wso2.com/ >>>>> >>>>> Mobile : +94 712383306 >>>>> >>>> >>>> >>>> -- >>>> *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc. >>>> (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com >>>> >>>> >>>> >>> >>> -- >>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc. >>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) nad...@wso2.com >>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>> >>> >> >> -- >> >> *Menaka Jayawardena* >> Senior Software Engineer | WSO2 Inc. >> +94 71 350 5470 | +94 76 717 2511 | men...@wso2.com >> >> <https://wso2.com/signature> >> >> > > -- > Malintha Amarasinghe > *WSO2, Inc. - lean | enterprise | middleware* > http://wso2.com/ > > Mobile : +94 712383306 > -- Thanks & regards, Nirmal *Nirmal Fernando* | Senior Lead Solutions Engineer | WSO2 Inc. (m) +1-929-2815806 | (e) nir...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture