Hi Nuwan, We need APIM support to show subscribed API, when there's 1 user assigned to 2 user groups.
*Our current AF APIM integration flow works as follows.* let's say we have a tenant foo.com and users - appowner1 and developer1 App owner1 creates an AF application 'AFapp1' and assign devloper1 as a developer of that application. according to the current implementation only the appowner1 can subscribe to the APIM API. [When appowner1 login to the APIM, we create an application 'AFapp1' in APIM side and selecting that application appowner1 can subscribe to an API] Then appowner1 can see subscribed APIs in AF side, where developers can't see that API. So we need to implement APIM group subscriptions in AF. to implement it we have to set the organization claim (as eg: 'foo.com_AFapp1') for appowner1 and developer1. Then both users can see the subscribed API. *We have another use case;* basically our user grouping happens per AF application and 1 user can be in 2 groups Let's say appowner1 creates an another application AFapp2 then appowner1 is belongs to 2 user groups. So we need to assign two values for the organization claim. (foo.com_AFapp1, foo.com_AFapp2) appowner1 want to see subscribed API in APIM side based on that 2 organizations. As I know, APIM does not support this when there's a more than 1 group assigned for the organization claim. But this is a required use case for the AF/cloud, and we can't customize the GroupingExtractor due to maintainability issues in cloud. Can this improvement provide by APIM? Thanks Amalka On Tue, Jan 12, 2016 at 1:42 PM, Amalka Subasinghe <[email protected]> wrote: > Hi, > > Currently only the app owner allows to subscribed to an API, generate keys > and see subscribed APIs, where other users are not allowed as showed in the > below table. > > > Subscribe to API Generate Keys View subscribed APIs in AF side View Prod > keys in AF side View Sandbox keys in AF side App owner Y Y Y Y Y Developer > > > > Y QA > > > > Y DevOps > > > Y Y > We want to improve the AF - APIM integration as follows. So we need > implement $subject. > 1. making both app owner and developer can subscribe to an API and > generate keys > 2. making all users to see subscribed API per application > > > Subscribe to API Generate Keys View subscribed APIs in AF side View Prod > keys in AF side View Sandbox keys in AF side App owner Y Y Y Y Y Developer > Y Y Y > Y QA > > Y > Y DevOps > > Y Y Y > *Things to do:* > > 1. All the users of a particular app we need to maintain as a group. > > In APIM side they uses http://wso2.org/claims/organization claim to group > the users. We have to set this claim (eg: app key as the value of the > claim) when appowner or developer try to click on 'Go to API Manager' > button. > Currently we use a role app_appName to group the users of a particular > application in AF. If we use this we have to implement a custom grouping > extractor to get the users of a particular group. > > > *Issues: *a. Since we don't set the claim for QA and DevOps users, they > can't view subscribed APIs in AF side, and If we add the claim they also > will be able to subscribe to APIs and generate keys. So we need to find a > way to view subscribed api for a particular application by QA and Devops > users. > b. With this implementation Developer can see prod keys also. > > > 2. Make Go to API Manager and Sync Keys buttons enabled only to appowner > and developer. > For this we can use resource permissions we already have. > > > 3. Need to improve/test all the rest calls we do with APIM to work with > groups and fix if there's any issue. > > - Login - When user clicks on 'Go to API Manager' button of a > particular app, it should login to APIM and show the subscribed APIs, > listed under selected application. > - Create application > - Remove application > - Get published APIs by application > - List subscription > - Get applications > > [1] https://wso2.org/jira/browse/APPFAC-3217 > > Thanks > Amalka > > -- Amalka Subasinghe Senior Software Engineer WSO2 Inc. Mobile: +94 77 9401267
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
