Re: [Architecture] [APIM] Admin REST API to get the list of scope mapping

Tue, 09 Jun 2020 05:33:18 -0700 

Hi all,

Thanks for your comments.

On Tue, Jun 9, 2020 at 5:10 PM Vithursa Mahendrarajah <[email protected]>
wrote:

> Hi Meruja,
>
> On Tue, Jun 9, 2020 at 5:01 PM Thilini Shanika <[email protected]> wrote:
>
>> Please find my inline comments.
>>
>> On Tue, Jun 9, 2020 at 4:40 PM Meruja Selvamanikkam <[email protected]>
>> wrote:
>>
>>> Hi,
>>> We are planning to implement a REST API endpoint to APIM 3.2.0. This API
>>> is supposed to get the scope-role mapping. Earlier we implement this API
>>> under 'setting' resource and as per discussion, we planned to move it to
>>> 'system-scopes' with some modifications.
>>> We need to add a tag to classify the scopes according to the portal that
>>> belongs to. You can find the previous implementation here[1].
>>>
>>> Please find the new OAS definition and resources below:
>>>
>>> /system-scopes/scopes:
>>>
>> Is /scopes subresource required? IMO, this seems to be repetitive.
>>
>
No, it is not required. I'll remove the sub-resource.

    #--------------------------------------------------
>>>     # Retrieve the list of role scope mapping
>>>     #--------------------------------------------------
>>>     get:
>>>       security:
>>>         - OAuth2Security:
>>>             - apim:scope_manage
>>>
>>
>> Shall we add the root scope apim:admin ?
>>
>
Sure, will do.


>
>>       summary: |
>>>         Get the list of role scope mapping.
>>>       description: |
>>>         This operation is used to get the list of role scope mapping
>>> from tenant-conf for the apim admin dashboard
>>>       tags:
>>>         - System Scopes
>>>       responses:
>>>         200:
>>>           description: |
>>>             OK.
>>>             The list of role scope mappings are returned.
>>>           headers:
>>>             Content-Type:
>>>               description: |
>>>                 The content type of the body.
>>>               type: string
>>>           schema:
>>>             $ref: '#/definitions/ScopeList'
>>>         400:
>>>           description: |
>>>             Bad Request.
>>>             Invalid request or validation error
>>>           schema:
>>>             $ref: '#/definitions/Error'
>>>
>>
> 400 Bad Request is returned when the request is in malformed syntax - [1].
> Since this is a GET request and we don't have any path/query parameters,
> shall we remove it?
>
>
Thanks for pointing out. I have to remove this as well


>         500:
>>>           description: |
>>>             Internal Server Error.
>>>             An internal server error occurred while retrieving the role
>>> scope mapping.
>>>           schema:
>>>             $ref: '#/definitions/Error'
>>>
>>> #-----------------------------------------------------
>>> # The Role Scope Mapping List resource
>>> #-----------------------------------------------------
>>>   ScopeList:
>>>     title: Role Scope Mapping List
>>>     properties:
>>>       list:
>>>         type: array
>>>         items:
>>>           $ref: '#/definitions/Scope'
>>>
>>> #-----------------------------------------------------
>>> # The Role Scope resource
>>> #-----------------------------------------------------
>>> Scope:
>>>
>>     title: Role Scope
>>>     properties:
>>>       tag:
>>>         type: string
>>>         description: |
>>>           Portal name.
>>>         example: "publisher"
>>>       scope:
>>>         type: string
>>>         description: |
>>>           Scope name.
>>>         example: "apim:api_publish"
>>>       description:
>>>         type: string
>>>         description: |
>>>           About scope.
>>>         example: "Publish API"
>>>       roles:
>>>         type: string
>>>         description: |
>>>           Roles for the particular scope.
>>>         example: "admin,Internal/publisher"
>>>
>> How about making this an array of strings?
>>
>
> +1 to define it as an array.
>

It sounds good,  need to change the schema to 'array' and item type to
'string'.


>
>>> The flow of this API:
>>>
>>>    - Get the scope list from tenant-conf.
>>>    - Get the scope list of each portal from the YAML file.
>>>    - For each portal-scope-list, set DTO with expected properties (tag,
>>>    role, description and roles) in the response.
>>>
>>> Appreciate your thoughts on the above and correct me if I am wrong.
>>>
>>> [1] - https://github.com/wso2/carbon-apimgt/pull/8640
>>>
>>
> [1] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1
>
> Thanks,
> Vithursa
>
>
>>> Thanks & Regards,
>>> *S.Meruja* |Software Engineer | WSO2 Inc.
>>> (m) +94779650506 | Email: [email protected]
>>> Linkedin:   https://www.linkedin.com/in/meruja
>>> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
>>> Medium: https://medium.com/@meruja
>>> <http://wso2.com/signature>
>>>
>>
>>
>> --
>> Thilini Shanika
>> Technical Lead
>> WSO2, Inc.; http://wso2.com
>> 20, Palmgrove Avenue, Colombo 3
>> Mobile: +94710892258
>>
>>
>>
>
> --
> *Vithursa Mahendrarajah* | Senior Software Engineer | WSO2 Inc
> (m) +94 766 695 643 | (e) [email protected]
> * <http://wso2.com/signature>[image: https://wso2.com/signature]
> <https://wso2.com/signature>*
>
Please find the corrected definition according to the comments below:

/system-scopes/:
    #--------------------------------------------------
    # Retrieve the list of role scope mapping
    #--------------------------------------------------
    get:
      security:
        - OAuth2Security:
            - apim:scope_manage
            - apim:admin
      summary: |
        Get the list of role scope mapping.
      description: |
        This operation is used to get the list of role scope mapping from
tenant-conf for the apim admin dashboard
      tags:
        - System Scopes
      responses:
        200:
          description: |
            OK.
            The list of role scope mappings are returned.
          headers:
            Content-Type:
              description: |
                The content type of the body.
              type: string
          schema:
            $ref: '#/definitions/ScopeList'
        500:
          description: |
            Internal Server Error.
            An internal server error occurred while retrieving the role
scope mapping.
          schema:
            $ref: '#/definitions/Error'


#-----------------------------------------------------
# The Role Scope resource
#-----------------------------------------------------
  Scope:
    title: Role Scope
    properties:
      tag:
        type: string
        description: |
          Portal name.
        example: "publisher"
      scope:
        type: string
        description: |
          Scope name.
        example: "apim:api_publish"
      description:
        type: string
        description: |
          About scope.
        example: "Publish API"
      roles:
        schema:
          type: array
          items:
            type: string
        description: |
          Roles for the particular scope.
        example: ["admin","Internal/publisher"]

  #-----------------------------------------------------
  # The Role Scope Mapping List resource
  #-----------------------------------------------------
  ScopeList:
    title: Role Scope Mapping List
    properties:
      list:
        type: array
        items:
          $ref: '#/definitions/Scope'


Thanks & Regards,
*S.Meruja* |Software Engineer | WSO2 Inc.
(m) +94779650506 | Email: [email protected]
Linkedin:   https://www.linkedin.com/in/meruja
<https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
Medium: https://medium.com/@meruja
<http://wso2.com/signature>

_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to