Hi Naduni,
Wh the GET request always returns 200?
Can't we set the status code 404 if the role is not found? So we can check
the response status from the UI. We do not want to read the body then.
On Thu, Aug 8, 2019 at 6:05 PM Naduni Pamudika <nad...@wso2.com> wrote:
> Hi All,
>
> Thanks all for the suggestions. With the GET method @Bhathiya Jayasekara
> <bhath...@wso2.com> suggested, we have the following 2 options now.
>
> 1. *HEAD /roles/{roleName}*
> 2. *GET /validate-role?role=rolename*
>
>
> If we go with the option 1, it will simplify the work in the UI side while
> doing the role validations by using the Rest API since we can do the
> validation by looking at the status code (If the role exists it is a 200
> and if not it is a 404). If we go with the option 2, it will always return
> a 200 status code and we need to check the response body to validate a
> particular role name (We can send *isRoleExist=true* and
> *isRoleExist=false* in the response body depending on the existence of a
> role name).
>
> Since most of us are +1 with the option 2, shall we move forward with the
> GET method?
>
> Thanks,
> Naduni
>
> On Wed, Aug 7, 2019 at 7:27 PM Bhathiya Jayasekara <bhath...@wso2.com>
> wrote:
>
>>
>>
>> On Wed, Aug 7, 2019 at 6:24 PM Malintha Amarasinghe <malint...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Wed, Aug 7, 2019 at 3:39 PM Harsha Kumara <hars...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Aug 7, 2019 at 3:37 PM Malintha Amarasinghe <malint...@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Wed, Aug 7, 2019 at 3:35 PM Harsha Kumara <hars...@wso2.com> wrote:
>>>>>
>>>>>> Let's say if someone wants to check existence of role foo in user
>>>>>> store TEST. He will do a call /roke/TEST/foo which isn't valid request
>>>>>> right?
>>>>>>
>>>>> @Harsha Kumara <hars...@wso2.com> we need to URL encode the role
>>>>> name. The request will become /roles/TEST%2Ffoo
>>>>>
>>>> Yes that's true. Again some customers might have different letters in
>>>> their role names. Might note be a good idea to include as a path parameter.
>>>>
>>> Even if we add as a query param, that will go as part of the URL which
>>> might lead to similar issues? We may need to test this for query parameters
>>> as well.
>>>
>>> I preferred the HEAD method due to the simpleness ( only need to respond
>>> with 204 or 404 without any payload based on the availability of the role)
>>> and RESTfulness (consider a role as a resource and do a fetch on it in the
>>> usual way). HEAD is the usual way for checking the existence of a resource.
>>> However, we do not have the need for implementing a GET here for now.
>>>
>>
>> This is actually my worry is. I don't think we'll ever have to give a
>> /roles/{role} in the publisher APIs. So having a HEAD without a GET feels
>> strange to me. Maybe it's just me.
>>
>> Thanks,
>> Bhathiya
>>
>>
>>>
>>>
>>>
>>>>>
>>>>>>
>>>>>> On Wed, Aug 7, 2019 at 3:33 PM Mushthaq Rumy <musht...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Adding [Architecture]
>>>>>>>
>>>>>>> On Wed, Aug 7, 2019 at 3:30 PM Mushthaq Rumy <musht...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Since we will be UserStoreManager, this should cover the secondary
>>>>>>>> user stores as well.
>>>>>>>>
>>>>>>>> Thanks & Regards,
>>>>>>>> Mushthaq
>>>>>>>>
>>>>>>>> On Wed, Aug 7, 2019 at 3:28 PM Harsha Kumara <hars...@wso2.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> What happen if the role is from secondary user store?
>>>>>>>>>
>>>>>>>>> On Wed, Aug 7, 2019 at 3:24 PM Naduni Pamudika <nad...@wso2.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi All,
>>>>>>>>>>
>>>>>>>>>> We are planning to add a REST API endpoint to APIM 3.0 Publisher
>>>>>>>>>> Rest APIs and the intention is to check the existence of a
>>>>>>>>>> particular role
>>>>>>>>>> name. This will be used in order to manage roles when enabling
>>>>>>>>>> Publisher
>>>>>>>>>> Access Control and Store Visibility and when adding Scopes.
>>>>>>>>>>
>>>>>>>>>> The swagger definition for the new endpoint would be as follows.
>>>>>>>>>>
>>>>>>>>>> ######################################################
>>>>>>>>>> # The Role Name Existence
>>>>>>>>>> ######################################################
>>>>>>>>>> /roles/{roleName}:
>>>>>>>>>> #-----------------------------------------------------
>>>>>>>>>> # The role name existence check resource
>>>>>>>>>> #-----------------------------------------------------
>>>>>>>>>> head:
>>>>>>>>>> security:
>>>>>>>>>> - OAuth2Security:
>>>>>>>>>> - apim:api_view
>>>>>>>>>> summary: |
>>>>>>>>>> Check given role name is already exist
>>>>>>>>>> description: |
>>>>>>>>>> Using this operation, you can check a given role name
>>>>>>>>>> is already used. You need to provide the role name you want to check.
>>>>>>>>>> parameters:
>>>>>>>>>> - $ref : '#/parameters/roleName'
>>>>>>>>>> responses:
>>>>>>>>>> 200:
>>>>>>>>>> description: |
>>>>>>>>>> OK.
>>>>>>>>>> Requested role name is returned.
>>>>>>>>>> 404:
>>>>>>>>>> description: |
>>>>>>>>>> Not Found.
>>>>>>>>>> Requested role name does not exist.
>>>>>>>>>> ######################################################
>>>>>>>>>> # Role Name
>>>>>>>>>> roleName:
>>>>>>>>>> name: roleName
>>>>>>>>>> in: path
>>>>>>>>>> description: |
>>>>>>>>>> The role name
>>>>>>>>>> required: true
>>>>>>>>>> type: string
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> It is a HEAD method (*/roles/{roleName}*) which will return a
>>>>>>>>>> 200 status code if the given role name exists and a 404 status code
>>>>>>>>>> if the
>>>>>>>>>> give role name is not found. Sample requests and responses are given
>>>>>>>>>> below.
>>>>>>>>>>
>>>>>>>>>> Request:
>>>>>>>>>> HEAD
>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/valid-role
>>>>>>>>>> HTTP/1.1
>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>>>>>>>>>>
>>>>>>>>>> Response:
>>>>>>>>>> HTTP/1.1 200 OK
>>>>>>>>>> Connection: keep-alive
>>>>>>>>>> Content-Length: 0
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Request:
>>>>>>>>>> HEAD
>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/invalid-role
>>>>>>>>>> HTTP/1.1
>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>>>>>>>>>>
>>>>>>>>>> Response:
>>>>>>>>>> HTTP/1.1 404 Not Found
>>>>>>>>>> Connection: keep-alive
>>>>>>>>>> Content-Length: 0
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Are we good to have the endpoint definition as this? Appreciate
>>>>>>>>>> your inputs to proceed further.
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Naduni
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc.
>>>>>>>>>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) nad...@wso2.com
>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> *Harsha Kumara*
>>>>>>>>>
>>>>>>>>> Technical Lead, WSO2 Inc.
>>>>>>>>> Mobile: +94775505618
>>>>>>>>> Email: hars...@wso2.coim
>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>
>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Mushthaq Rumy
>>>>>>>> *Senior Software Engineer*
>>>>>>>> Mobile : +94 (0) 779 492140
>>>>>>>> Email : musht...@wso2.com
>>>>>>>> WSO2, Inc.; http://wso2.com/
>>>>>>>> lean . enterprise . middleware.
>>>>>>>>
>>>>>>>> <http://wso2.com/signature>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Mushthaq Rumy
>>>>>>> *Senior Software Engineer*
>>>>>>> Mobile : +94 (0) 779 492140
>>>>>>> Email : musht...@wso2.com
>>>>>>> WSO2, Inc.; http://wso2.com/
>>>>>>> lean . enterprise . middleware.
>>>>>>>
>>>>>>> <http://wso2.com/signature>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Harsha Kumara*
>>>>>>
>>>>>> Technical Lead, WSO2 Inc.
>>>>>> Mobile: +94775505618
>>>>>> Email: hars...@wso2.coim
>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>
>>>>>> GET INTEGRATION AGILE
>>>>>> Integration Agility for Digitally Driven Business
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Malintha Amarasinghe
>>>>> *WSO2, Inc. - lean | enterprise | middleware*
>>>>> http://wso2.com/
>>>>>
>>>>> Mobile : +94 712383306
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Harsha Kumara*
>>>>
>>>> Technical Lead, WSO2 Inc.
>>>> Mobile: +94775505618
>>>> Email: hars...@wso2.coim
>>>> Blog: harshcreationz.blogspot.com
>>>>
>>>> GET INTEGRATION AGILE
>>>> Integration Agility for Digitally Driven Business
>>>>
>>>
>>>
>>> --
>>> Malintha Amarasinghe
>>> *WSO2, Inc. - lean | enterprise | middleware*
>>> http://wso2.com/
>>>
>>> Mobile : +94 712383306
>>>
>>
>>
>> --
>> *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc.
>> (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com
>>
>>
>>
>
> --
> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc.
> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) nad...@wso2.com
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>
>
--
*Menaka Jayawardena*
Senior Software Engineer | WSO2 Inc.
+94 71 350 5470 | +94 76 717 2511 | men...@wso2.com
<https://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
