When we return a 404, it implies that the URL (or the resource) does not
exist. Here the URL/resource is */validate-role *(a controller resource)
which always exists so it is wrong to return a 404 at any case.
Thanks!
On Thu, Aug 8, 2019 at 7:12 PM Menaka Jayawardena <men...@wso2.com> wrote:
> Hi Naduni,
>
> Wh the GET request always returns 200?
> Can't we set the status code 404 if the role is not found? So we can check
> the response status from the UI. We do not want to read the body then.
>
>
>
> On Thu, Aug 8, 2019 at 6:05 PM Naduni Pamudika <nad...@wso2.com> wrote:
>
>> Hi All,
>>
>> Thanks all for the suggestions. With the GET method @Bhathiya Jayasekara
>> <bhath...@wso2.com> suggested, we have the following 2 options now.
>>
>> 1. *HEAD /roles/{roleName}*
>> 2. *GET /validate-role?role=rolename*
>>
>>
>> If we go with the option 1, it will simplify the work in the UI side
>> while doing the role validations by using the Rest API since we can do the
>> validation by looking at the status code (If the role exists it is a 200
>> and if not it is a 404). If we go with the option 2, it will always return
>> a 200 status code and we need to check the response body to validate a
>> particular role name (We can send *isRoleExist=true* and
>> *isRoleExist=false* in the response body depending on the existence of a
>> role name).
>>
>> Since most of us are +1 with the option 2, shall we move forward with the
>> GET method?
>>
>> Thanks,
>> Naduni
>>
>> On Wed, Aug 7, 2019 at 7:27 PM Bhathiya Jayasekara <bhath...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Wed, Aug 7, 2019 at 6:24 PM Malintha Amarasinghe <malint...@wso2.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Aug 7, 2019 at 3:39 PM Harsha Kumara <hars...@wso2.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Wed, Aug 7, 2019 at 3:37 PM Malintha Amarasinghe <
>>>>> malint...@wso2.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 7, 2019 at 3:35 PM Harsha Kumara <hars...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Let's say if someone wants to check existence of role foo in user
>>>>>>> store TEST. He will do a call /roke/TEST/foo which isn't valid request
>>>>>>> right?
>>>>>>>
>>>>>> @Harsha Kumara <hars...@wso2.com> we need to URL encode the role
>>>>>> name. The request will become /roles/TEST%2Ffoo
>>>>>>
>>>>> Yes that's true. Again some customers might have different letters in
>>>>> their role names. Might note be a good idea to include as a path
>>>>> parameter.
>>>>>
>>>> Even if we add as a query param, that will go as part of the URL which
>>>> might lead to similar issues? We may need to test this for query parameters
>>>> as well.
>>>>
>>>> I preferred the HEAD method due to the simpleness ( only need to
>>>> respond with 204 or 404 without any payload based on the availability of
>>>> the role) and RESTfulness (consider a role as a resource and do a fetch on
>>>> it in the usual way). HEAD is the usual way for checking the existence of a
>>>> resource. However, we do not have the need for implementing a GET here for
>>>> now.
>>>>
>>>
>>> This is actually my worry is. I don't think we'll ever have to give a
>>> /roles/{role} in the publisher APIs. So having a HEAD without a GET feels
>>> strange to me. Maybe it's just me.
>>>
>>> Thanks,
>>> Bhathiya
>>>
>>>
>>>>
>>>>
>>>>
>>>>>>
>>>>>>>
>>>>>>> On Wed, Aug 7, 2019 at 3:33 PM Mushthaq Rumy <musht...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Adding [Architecture]
>>>>>>>>
>>>>>>>> On Wed, Aug 7, 2019 at 3:30 PM Mushthaq Rumy <musht...@wso2.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Since we will be UserStoreManager, this should cover the secondary
>>>>>>>>> user stores as well.
>>>>>>>>>
>>>>>>>>> Thanks & Regards,
>>>>>>>>> Mushthaq
>>>>>>>>>
>>>>>>>>> On Wed, Aug 7, 2019 at 3:28 PM Harsha Kumara <hars...@wso2.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> What happen if the role is from secondary user store?
>>>>>>>>>>
>>>>>>>>>> On Wed, Aug 7, 2019 at 3:24 PM Naduni Pamudika <nad...@wso2.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi All,
>>>>>>>>>>>
>>>>>>>>>>> We are planning to add a REST API endpoint to APIM 3.0 Publisher
>>>>>>>>>>> Rest APIs and the intention is to check the existence of a
>>>>>>>>>>> particular role
>>>>>>>>>>> name. This will be used in order to manage roles when enabling
>>>>>>>>>>> Publisher
>>>>>>>>>>> Access Control and Store Visibility and when adding Scopes.
>>>>>>>>>>>
>>>>>>>>>>> The swagger definition for the new endpoint would be as follows.
>>>>>>>>>>>
>>>>>>>>>>> ######################################################
>>>>>>>>>>> # The Role Name Existence
>>>>>>>>>>> ######################################################
>>>>>>>>>>> /roles/{roleName}:
>>>>>>>>>>> #-----------------------------------------------------
>>>>>>>>>>> # The role name existence check resource
>>>>>>>>>>> #-----------------------------------------------------
>>>>>>>>>>> head:
>>>>>>>>>>> security:
>>>>>>>>>>> - OAuth2Security:
>>>>>>>>>>> - apim:api_view
>>>>>>>>>>> summary: |
>>>>>>>>>>> Check given role name is already exist
>>>>>>>>>>> description: |
>>>>>>>>>>> Using this operation, you can check a given role
>>>>>>>>>>> name is already used. You need to provide the role name you want to
>>>>>>>>>>> check.
>>>>>>>>>>> parameters:
>>>>>>>>>>> - $ref : '#/parameters/roleName'
>>>>>>>>>>> responses:
>>>>>>>>>>> 200:
>>>>>>>>>>> description: |
>>>>>>>>>>> OK.
>>>>>>>>>>> Requested role name is returned.
>>>>>>>>>>> 404:
>>>>>>>>>>> description: |
>>>>>>>>>>> Not Found.
>>>>>>>>>>> Requested role name does not exist.
>>>>>>>>>>> ######################################################
>>>>>>>>>>> # Role Name
>>>>>>>>>>> roleName:
>>>>>>>>>>> name: roleName
>>>>>>>>>>> in: path
>>>>>>>>>>> description: |
>>>>>>>>>>> The role name
>>>>>>>>>>> required: true
>>>>>>>>>>> type: string
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> It is a HEAD method (*/roles/{roleName}*) which will return a
>>>>>>>>>>> 200 status code if the given role name exists and a 404 status code
>>>>>>>>>>> if the
>>>>>>>>>>> give role name is not found. Sample requests and responses are
>>>>>>>>>>> given below.
>>>>>>>>>>>
>>>>>>>>>>> Request:
>>>>>>>>>>> HEAD
>>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/valid-role
>>>>>>>>>>> HTTP/1.1
>>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>>>>>>>>>>>
>>>>>>>>>>> Response:
>>>>>>>>>>> HTTP/1.1 200 OK
>>>>>>>>>>> Connection: keep-alive
>>>>>>>>>>> Content-Length: 0
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Request:
>>>>>>>>>>> HEAD
>>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/invalid-role
>>>>>>>>>>> HTTP/1.1
>>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>>>>>>>>>>>
>>>>>>>>>>> Response:
>>>>>>>>>>> HTTP/1.1 404 Not Found
>>>>>>>>>>> Connection: keep-alive
>>>>>>>>>>> Content-Length: 0
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Are we good to have the endpoint definition as this? Appreciate
>>>>>>>>>>> your inputs to proceed further.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Naduni
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc.
>>>>>>>>>>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e)
>>>>>>>>>>> nad...@wso2.com
>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>
>>>>>>>>>> Technical Lead, WSO2 Inc.
>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>> Email: hars...@wso2.coim
>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>
>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Mushthaq Rumy
>>>>>>>>> *Senior Software Engineer*
>>>>>>>>> Mobile : +94 (0) 779 492140
>>>>>>>>> Email : musht...@wso2.com
>>>>>>>>> WSO2, Inc.; http://wso2.com/
>>>>>>>>> lean . enterprise . middleware.
>>>>>>>>>
>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Mushthaq Rumy
>>>>>>>> *Senior Software Engineer*
>>>>>>>> Mobile : +94 (0) 779 492140
>>>>>>>> Email : musht...@wso2.com
>>>>>>>> WSO2, Inc.; http://wso2.com/
>>>>>>>> lean . enterprise . middleware.
>>>>>>>>
>>>>>>>> <http://wso2.com/signature>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Harsha Kumara*
>>>>>>>
>>>>>>> Technical Lead, WSO2 Inc.
>>>>>>> Mobile: +94775505618
>>>>>>> Email: hars...@wso2.coim
>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>
>>>>>>> GET INTEGRATION AGILE
>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Malintha Amarasinghe
>>>>>> *WSO2, Inc. - lean | enterprise | middleware*
>>>>>> http://wso2.com/
>>>>>>
>>>>>> Mobile : +94 712383306
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Harsha Kumara*
>>>>>
>>>>> Technical Lead, WSO2 Inc.
>>>>> Mobile: +94775505618
>>>>> Email: hars...@wso2.coim
>>>>> Blog: harshcreationz.blogspot.com
>>>>>
>>>>> GET INTEGRATION AGILE
>>>>> Integration Agility for Digitally Driven Business
>>>>>
>>>>
>>>>
>>>> --
>>>> Malintha Amarasinghe
>>>> *WSO2, Inc. - lean | enterprise | middleware*
>>>> http://wso2.com/
>>>>
>>>> Mobile : +94 712383306
>>>>
>>>
>>>
>>> --
>>> *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc.
>>> (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com
>>>
>>>
>>>
>>
>> --
>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc.
>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) nad...@wso2.com
>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>
>>
>
> --
>
> *Menaka Jayawardena*
> Senior Software Engineer | WSO2 Inc.
> +94 71 350 5470 | +94 76 717 2511 | men...@wso2.com
>
> <https://wso2.com/signature>
>
>
--
Malintha Amarasinghe
*WSO2, Inc. - lean | enterprise | middleware*
http://wso2.com/
Mobile : +94 712383306
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
