On Tue, Jun 9, 2020 at 6:01 PM Meruja Selvamanikkam <[email protected]> wrote:
> Hi all, > > Thanks for your comments. > > On Tue, Jun 9, 2020 at 5:10 PM Vithursa Mahendrarajah <[email protected]> > wrote: > >> Hi Meruja, >> >> On Tue, Jun 9, 2020 at 5:01 PM Thilini Shanika <[email protected]> wrote: >> >>> Please find my inline comments. >>> >>> On Tue, Jun 9, 2020 at 4:40 PM Meruja Selvamanikkam <[email protected]> >>> wrote: >>> >>>> Hi, >>>> We are planning to implement a REST API endpoint to APIM 3.2.0. This >>>> API is supposed to get the scope-role mapping. Earlier we implement this >>>> API under 'setting' resource and as per discussion, we planned to move it >>>> to 'system-scopes' with some modifications. >>>> We need to add a tag to classify the scopes according to the portal >>>> that belongs to. You can find the previous implementation here[1]. >>>> >>>> Please find the new OAS definition and resources below: >>>> >>>> /system-scopes/scopes: >>>> >>> Is /scopes subresource required? IMO, this seems to be repetitive. >>> >> > No, it is not required. I'll remove the sub-resource. > > #-------------------------------------------------- >>>> # Retrieve the list of role scope mapping >>>> #-------------------------------------------------- >>>> get: >>>> security: >>>> - OAuth2Security: >>>> - apim:scope_manage >>>> >>> >>> Shall we add the root scope apim:admin ? >>> >> > Sure, will do. > > >> >>> summary: | >>>> Get the list of role scope mapping. >>>> description: | >>>> This operation is used to get the list of role scope mapping >>>> from tenant-conf for the apim admin dashboard >>>> tags: >>>> - System Scopes >>>> responses: >>>> 200: >>>> description: | >>>> OK. >>>> The list of role scope mappings are returned. >>>> headers: >>>> Content-Type: >>>> description: | >>>> The content type of the body. >>>> type: string >>>> schema: >>>> $ref: '#/definitions/ScopeList' >>>> 400: >>>> description: | >>>> Bad Request. >>>> Invalid request or validation error >>>> schema: >>>> $ref: '#/definitions/Error' >>>> >>> >> 400 Bad Request is returned when the request is in malformed syntax - >> [1]. Since this is a GET request and we don't have any path/query >> parameters, shall we remove it? >> >> > Thanks for pointing out. I have to remove this as well > > >> 500: >>>> description: | >>>> Internal Server Error. >>>> An internal server error occurred while retrieving the role >>>> scope mapping. >>>> schema: >>>> $ref: '#/definitions/Error' >>>> >>>> #----------------------------------------------------- >>>> # The Role Scope Mapping List resource >>>> #----------------------------------------------------- >>>> ScopeList: >>>> title: Role Scope Mapping List >>>> properties: >>>> list: >>>> type: array >>>> items: >>>> $ref: '#/definitions/Scope' >>>> >>>> #----------------------------------------------------- >>>> # The Role Scope resource >>>> #----------------------------------------------------- >>>> Scope: >>>> >>> title: Role Scope >>>> properties: >>>> tag: >>>> type: string >>>> description: | >>>> Portal name. >>>> example: "publisher" >>>> scope: >>>> type: string >>>> description: | >>>> Scope name. >>>> example: "apim:api_publish" >>>> description: >>>> type: string >>>> description: | >>>> About scope. >>>> example: "Publish API" >>>> roles: >>>> type: string >>>> description: | >>>> Roles for the particular scope. >>>> example: "admin,Internal/publisher" >>>> >>> How about making this an array of strings? >>> >> >> +1 to define it as an array. >> > > It sounds good, need to change the schema to 'array' and item type to > 'string'. > > >> >>>> The flow of this API: >>>> >>>> - Get the scope list from tenant-conf. >>>> - Get the scope list of each portal from the YAML file. >>>> - For each portal-scope-list, set DTO with expected properties >>>> (tag, role, description and roles) in the response. >>>> >>>> Appreciate your thoughts on the above and correct me if I am wrong. >>>> >>>> [1] - https://github.com/wso2/carbon-apimgt/pull/8640 >>>> >>> >> [1] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1 >> >> Thanks, >> Vithursa >> >> >>>> Thanks & Regards, >>>> *S.Meruja* |Software Engineer | WSO2 Inc. >>>> (m) +94779650506 | Email: [email protected] >>>> Linkedin: https://www.linkedin.com/in/meruja >>>> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja> >>>> Medium: https://medium.com/@meruja >>>> <http://wso2.com/signature> >>>> >>> >>> >>> -- >>> Thilini Shanika >>> Technical Lead >>> WSO2, Inc.; http://wso2.com >>> 20, Palmgrove Avenue, Colombo 3 >>> Mobile: +94710892258 >>> >>> >>> >> >> -- >> *Vithursa Mahendrarajah* | Senior Software Engineer | WSO2 Inc >> (m) +94 766 695 643 | (e) [email protected] >> * <http://wso2.com/signature>[image: https://wso2.com/signature] >> <https://wso2.com/signature>* >> > Please find the corrected definition according to the comments below: > > /system-scopes/: > #-------------------------------------------------- > # Retrieve the list of role scope mapping > #-------------------------------------------------- > get: > security: > - OAuth2Security: > - apim:scope_manage > - apim:admin > summary: | > Get the list of role scope mapping. > description: | > This operation is used to get the list of role scope mapping from > tenant-conf for the apim admin dashboard > tags: > - System Scopes > responses: > 200: > description: | > OK. > The list of role scope mappings are returned. > headers: > Content-Type: > description: | > The content type of the body. > type: string > schema: > $ref: '#/definitions/ScopeList' > 500: > description: | > Internal Server Error. > An internal server error occurred while retrieving the role > scope mapping. > schema: > $ref: '#/definitions/Error' > > > #----------------------------------------------------- > # The Role Scope resource > #----------------------------------------------------- > Scope: > title: Role Scope > properties: > tag: > type: string > description: | > Portal name. > example: "publisher" > scope: > type: string > description: | > Scope name. > example: "apim:api_publish" > Shall we name this as "name:". ? description: > type: string > description: | > About scope. > example: "Publish API" > roles: > schema: > type: array > items: > type: string > description: | > Roles for the particular scope. > example: ["admin","Internal/publisher"] > > #----------------------------------------------------- > # The Role Scope Mapping List resource > #----------------------------------------------------- > ScopeList: > title: Role Scope Mapping List > properties: > list: > type: array > items: > $ref: '#/definitions/Scope' > Let's also have "count" property here like in other ListDTOs. Don't we need a /system-scopes/{scopeName}?{userName} Thanks! > > > Thanks & Regards, > *S.Meruja* |Software Engineer | WSO2 Inc. > (m) +94779650506 | Email: [email protected] > Linkedin: https://www.linkedin.com/in/meruja > <https://www.google.com/url?q=https://www.linkedin.com/in/meruja> > Medium: https://medium.com/@meruja > <http://wso2.com/signature> > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
