Hi all, During the code review that conducted today (15th May 2020), a question arose related to the scope that has been used in the REST API level. Currently, the below REST APIs have been implemented to import and export API Products with the scope apim:api_import_export.
During the import process, each of the dependent API will be imported when the */import/api-product* REST API is called. Please consider the below scenario which might be a problem here. Scenario: There can be users who are publishers who should only be allowed to create API Products but not APIs. Also, there can be users who are creators who should only be allowed to create APIs, not API Products. Since we are requesting apim:api_import_export scope in the above REST API resources, only a user who is both a creator and a publisher (eg:- admin) can use these 2 REST API resources. I would like to know whether this is fair when considering CI/CD flow and whether there is a practical situation that this problem may arise like mentioned here. WDYT? Thank you! On Fri, May 15, 2020 at 12:04 PM Wasura Wattearachchi <[email protected]> wrote: > Hi, > > >> If --update-apis == true { >> // Update th dependent APIs *AND* the respective API Product >> } else if --update-api-products == true { >> // Only update the respective API Product >> } >> >> So higher precedence is given to --update-apis=true and it by default >> results in updating the API Product as well(This prevents Products from >> becoming stale if the user changes a API resource's scope but forgets to >> specify that they want to update the API Product to get that change). Only >> --update-apis=true is not specified will we process >> --update-api-products=true to only update the Product. >> >> +1 for the suggestion. > > > Please find the updated scenarios below changed according to the > suggestion above. I added 3 more scenarios with --preserve-provider=false > to incorporate cross tenant API Product imports. > > > Scenario > > --update-api-products > > --update-apis > > - > > Import a fresh API Product with a fresh set of dependent APIs. > > Not set (by default false) > > Not set (by default false) > > - > > Import a fresh API Product when dependent APIs are already imported to > APIM successfully and you do not want to update those APIs. > > Not set (by default false) > > Not set (by default false) > > - > > Import a fresh API Product when dependent APIs are already imported to > APIM successfully and you want to update those APIs. > > Not set (by default false) > > Set (it will be true) > > - > > Update the API Product only by changing the meta information and by > adding/removing the resources of the API Product. > > Set (it will be true) > > Not set (by default false) > > - > > Update the API Product by adding new resources to both the API Product > and the API(s). > > Not set (by default false) > > Set (it will be true) > > - > > Update only the dependent APIs. > > Not set (by default false) > > Set (it will be true) > > - > > Import the API Product and its dependent APIs to another tenant (with > --preserve-provider=false) > > Not set (by default false) > > Not set (by default false) > > - > > Update only an already imported API Product and its dependent APIs in > another tenant (with --preserve-provider=false) > > Set (it will be true) > > Not set (by default false) > > - > > Update an already imported API Product and its dependent APIs in > another tenant (with --preserve-provider=false) > > Not set (by default false) > > Set (it will be true) > > Thank you! > > > *Wasura Wattearachchi* | Software Engineer | WSO2 Inc. > (m) +94775396038 | (e) [email protected] | (b) Medium > <https://medium.com/@wasuradananjith> > [image: http://wso2.com/signature] <http://wso2.com/signature> > > > -- *Wasura Wattearachchi* | Software Engineer | WSO2 Inc. (m) +94775396038 | (e) [email protected] | (b) Medium <https://medium.com/@wasuradananjith> [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
