Re: [Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

On Tue, May 9, 2017 at 11:52 AM, Nuwan Dias wrote: > There are several problems in allowing to edit the Swagger file directly. > > 1. We change it on new product releases. So now users have to find a way > to merge whatever their changes when doing product upgrades. This is error > prone. > If we

Re: [Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

There are several problems in allowing to edit the Swagger file directly. 1. We change it on new product releases. So now users have to find a way to merge whatever their changes when doing product upgrades. This is error prone. 2. The Swagger file is 100s of lines long and it has lots of content

Re: [Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

IMO its more like keep different representation of same data in different location. To edit/update optional place you suggested user anyway need to refer swagger file. So why don't we simply let users to edit it self without having another file? Thanks, sanjeewa. On Tue, May 9, 2017 at 11:01 AM,

Re: [Architecture] [APIM][C5] - Handling Broker request failure during Gateway event publishing

On Mon, May 8, 2017 at 7:33 PM, Lakmal Warusawithana wrote: > Hi Thilini, > > We had an offline discussion. Please see following scenarios and flow. > Generally we need to add timestamp with the event. GW need to validate its > action with the API core with timestamp of the event. This is valid f

Re: [Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

On Tue, May 9, 2017 at 10:46 AM, Sanjeewa Malalgoda wrote: > > > On Tue, May 9, 2017 at 10:15 AM, Nuwan Dias wrote: > >> @Sanjeewa, if someone edits the Swagger file in conf, how do we ensure >> the next restart doesn't override that file? >> > If file exists it will not override else it will wr

Re: [Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

On Tue, May 9, 2017 at 10:15 AM, Nuwan Dias wrote: > @Sanjeewa, if someone edits the Swagger file in conf, how do we ensure the > next restart doesn't override that file? > If file exists it will not override else it will write to file system. If its containerized automated deployment then automa

Re: [Architecture] [APIM][C5] Subesource access permissions in store

I think what Bhathiya is suggesting is to bring in our usual permissions model (in APIM 3.0.0) to comments as well. This will require more data to be saved in the DB but will address the issue at hand. There are two levels of permissions required here. One is "who can add/update/remove comments in

Re: [Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

@Sanjeewa, if someone edits the Swagger file in conf, how do we ensure the next restart doesn't override that file? The root cause of the problem here is that the "resource to scope" mapping is both a server configuration as well as it might be a user configuration when users want to find/corse gr

Re: [Architecture] [APIM][C5] Subesource access permissions in store

This won't tackle the problem Musthaq suggested which requires validation in the backend. *Ayyoob Hamza* *Senior Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> On Tue, May 9, 2017 at 10:01 AM, Ayyoob Hamza wrote: > Hi, > > We had

Re: [Architecture] [APIM][C5] Subesource access permissions in store

Hi, We had a similar requirement to have a fine grained access for users in IoTS and we went with the approach of assigning permission for scope rather than roles. *Ayyoob Hamza* *Senior Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%20777949

Re: [Architecture] [APIM][C5] Subesource access permissions in store

Hi all, WDYT of a simple solution like this. We allow anyone who has subscriber role to read/write/delete (i.e. 7 in our permission model) their own comments. If the admin role needs the same permission, we can set 7 for admin role as well. Everyone else gets just read (i.e. 4.) Thanks, Bhathiya

Re: [Architecture] [APIM][C5] Subesource access permissions in store

Hi, IMO this should not be allowed. AFAIC we might have to go with user > validation. > If we can get the logged in user's roles and if that user has admin-role > or that particular comment is added by the logged in user we can allow this > user to update or delete the comment. WDYT? +1 for thi

Re: [Architecture] [APIM][C5] Subesource access permissions in store

Hi Mushthaq, On Tue, May 9, 2017 at 9:51 AM, Mushthaq Rumy wrote: > Hi Prasanna/Pubudu, > > I think if we use scope based validation there will be an issue here. Lets > take the same example. > > > > *GET /apis/{apiId}/comments/{commentId} - > comment-add-scopeDELETE /apis/{apiId}/

Re: [Architecture] [APIM][C5] Subesource access permissions in store

Hi Prasanna/Pubudu, I think if we use scope based validation there will be an issue here. Lets take the same example. *GET /apis/{apiId}/comments/{commentId} - comment-add-scopeDELETE /apis/{apiId}/documents/{documentId} - comment-delete-scopeUPDATE /apis/{apiId}/documents/{

Re: [Architecture] [APIM][C5] - Handling Broker request failure during Gateway event publishing

Hi Pubudu, We did right [1] . When ever connection establish GWs will get the message. Yes there may be delays, but eventually they will get the updates. IMO it is temporary thing. Long running network issues should be monitored, alert and fix by operation team. What we discussed here to avoid so

Re: [Architecture] [APIM][C5] Subesource access permissions in store

Hi Fazlan, I think as Ishara and Pubudu have mentioned we can use the scope validation. On Tue, May 9, 2017 at 12:03 AM, Pubudu Gunatilaka wrote: > + Adding architecture mail group > > On Mon, May 8, 2017 at 11:59 PM, Pubudu Gunatilaka > wrote: > >> Hi Fazlan, >> >> As Ishara mentioned above,

Re: [Architecture] [APIM][C5] Subesource access permissions in store

+ Adding architecture mail group On Mon, May 8, 2017 at 11:59 PM, Pubudu Gunatilaka wrote: > Hi Fazlan, > > As Ishara mentioned above, we can do this with scope validation. Each and > every resource has a scope. The scope is associated with one or more roles. > Consider the following example. >

[Architecture] WSO2 IoT Server 3.1.0 M7 Released!

WSO2 IoT Server 3.1.0 Milestone 7 We are pleased to announce WSO2 IoT Server 3.1.0 Milestone 7 release. It can be downloaded from v3.1.0-M7 . WSO2 IoT Server is a complete solution that enables device manufacturers and enterprises to co

Re: [Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

On Mon, May 8, 2017 at 3:42 PM, Ishara Cooray wrote: > > > *Motivation:* > Before c5, API Manager product REST APIs resources have pre defined scopes > and they cannot be changed. > > But what if an admin needs to give access to Create, Update, Delete > actions to different users? > if he can cus

Re: [Architecture] [APIM][C5] - Handling Broker request failure during Gateway event publishing

Hi, I think we are trying to resolve the gateway getting the latest updates or the newly created APIs. We haven't considered the connection between broker and the gateway node. Although we successfully published the API created event to the broker doesn't guarantee gateway will get the updates. Th

Re: [Architecture] [APIM][C5] - Handling Broker request failure during Gateway event publishing

Hi Thilini, We had an offline discussion. Please see following scenarios and flow. Generally we need to add timestamp with the event. GW need to validate its action with the API core with timestamp of the event. This is valid for all event with relevant action. Believed these flow will solve the i

Re: [Architecture] [APIM][C5] - Handling Broker request failure during Gateway event publishing

+1 for Persist the API with a flag. In the Publisher these apis can be shown as "Publishing in progress". Then how those apis push to broker, when connection alive? Broker is pull apis or APIM is push? +1 Broker checks with intervals and pull form APIM. On Mon, May 8, 2017 at 2:38 PM, Thilini Sh

[Architecture] {APIM 3.0.0} Allowing admin user to customize Product REST APIs.

*Motivation:* Before c5, API Manager product REST APIs resources have pre defined scopes and they cannot be changed. But what if an admin needs to give access to Create, Update, Delete actions to different users? if he can customize the scopes associated with each resource, then he will be able to

Re: [Architecture] Device Connectivity Graph for IoT Server & related concerns

Hi Ruwan, +1 for this, Having the communication history through a common stream will help us to build an analytics solution for health status, anomaly detection .. etc. On Mon, May 8, 2017 at 12:35 PM, Ruwan Yatawara wrote: > Hi Everyone, > > I am working on $subject as part of the effort in tr

[Architecture] [APIM][C5] - Handling Broker request failure during Gateway event publishing

Hi All, As per the APIM 3.0.0 architecture, the events such as APIM create, update, delete, subscription create etc are notified to gateways through JMS Topic in the broker. Thus, we need to smoothly handle the scenarios like *broker not available* and *APIM to Broker connection(network) failure,*

Re: [Architecture] Device Connectivity Graph for IoT Server & related concerns

Hi Ruwan, +1 for having audit tables for recording system activities. I also propose that we, take out the option for users to enable/disable data publishing from the agent side, and make it implicit. The agent by default makes a call to the server to send device information, instead of making th

[Architecture] Device Connectivity Graph for IoT Server & related concerns

Hi Everyone, I am working on $subject as part of the effort in trying to provide dig down analytics for devices. The resulting graph would look something like the following (Please disregard portion reading connected-unterminated), with the help of [1] and will give an would indicate whether the