I don't think this is the purpose of the owner flag. Even APIM does not support users in the same tenant deleting Apps created by another user. I think the reason the owner flag is because different users can create Apps having the same name.
For example, all users have a DefaultApplication created for them when they login to the store. So you can have UserA and UserB both having their own DefaultApplication. So if you try to delete the DefaultApplication from apictl, you need to specify the owner correctly so that APIM will know which instance of the DefaultApplication that it needs to delete. On Mon, 6 Jul 2020 at 16:40, Wasura Wattearachchi <[email protected]> wrote: > Hi all, > > Currently, the API Controller provides “apictl delete app” command which > consists of the below flags [1]. > > Flags: > > -e, --environment string Environment from which the Application should > be deleted > > -h, --help help for app > > -n, --name string Name of the Application to be deleted > > -o, --owner string Owner of the Application to be deleted > > In this mail, we will be focussing on the functionality of the -o > (--owner) flag. The expected functionality of this flag is to allow a > user (assume User A) to provide the facility to delete an application > created by another user (assume User B) who is in the same tenant. But, > the current REST APIs do not provide adequate support for this > functionality [2]. > > Deleting an application consists of two (2) main steps and for those two > (2) steps, two (2) REST API resources are being used currently, which have > some drawbacks when it comes to fulfilling the functionality expected from > the -o (--owner) flag. > > > Step > > REST API > > Drawback > > Solution(s) > > 1. Retrieving the applicationId based on the application name (-n/--name > flag) and the owner’s name (-o/--owner flag) > > Store v1 GET /applications > > This resource only provides the facility to retrieve an application by > querying using the application name. Support to query by the owner’s name > is not provided here. We need the functionality to query by both the > application name and the owner’s name. But, searching by anyone else’s > name is not suitable to have in Store REST API. Thus proves that we need to > have another REST API resource that has the expected functionality which > can be defined in Admin v1. > > Solution 1 > > There is an existing resource in Admin v1 as GET /applications which has > the ability to “Retrieve a list of all applications of a certain subscriber > (but not the owner)”. The name of the subscriber can be passed to this as a > parameter specified by “user=”. We can enhance this further by providing > the ability to pass the owner’s name as “owner=” as a new optional > parameter. WDYT? > > Solution 2 > > Define a new REST API resource in Admin v1 without changing any existing > resources as mentioned in Solution 1. WDYT? > > 2. Deleting the application specified by the applicationId. > > Store v1 DELETE /applications/{applicationid} > > This resource does not allow us to delete applications that belong to > other users. It provides an output as > > {"code":403,"message":"Forbidden","description":"You don't have permission > to access the application with Id <aaplicationId>","moreInfo":"","error":[]} > > when we try to delete anyone else’s application. > > Solution > > Define a new REST API resource that allows deleting applications belong > to other users who are in the same tenant. WDYT? > > > > It would be much appreciated if you can share your thoughts when deciding > the solutions to the above two (2) steps. Please feel free to include any > new/additional solutions if you have any. > > [1] > https://apim.docs.wso2.com/en/next/learn/api-controller/getting-started-with-wso2-api-controller/#delete-an-apiapi-productapplication-in-an-environment > > [2] https://github.com/wso2/product-apim-tooling/issues/335 > > Thank you! > -- > *Wasura Wattearachchi* | Software Engineer | WSO2 Inc. > (m) +94775396038 | (e) [email protected] | (b) Medium > <https://medium.com/@wasuradananjith> > [image: http://wso2.com/signature] <http://wso2.com/signature> > > > -- Regards, Uvindra Mobile: 777733962
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
