On Wed, Jan 13, 2016 at 6:37 PM, Danushka Fernando <[email protected]> wrote:
> Hi Nuwan > The issue of adding extension to cloud is we have to add it to API cloud > and it will affect all API cloud users who don't use APP cloud also. > And since multiple groups per user seems to be a valid use case how > complex will this be to implement? > I have some more clarifications with the requirement as well. For example, if a user belongs to two groups, with which groups should his applications be shared with? With all? Anyhow, we have to analyse the requirement properly to say whether this is a simple feature or not. Even if it is simple, to complete the feature development, automation tests (including cluster automation) and doing the data migrations (if a schema change is involved) it will take at least 3 person weeks. > Thanks & Regards > Danushka Fernando > Senior Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 > > > On Jan 13, 2016 3:53 PM, "Lakshman Udayakantha" <[email protected]> > wrote: > >> Hi Nuwan, >> >> Even though we have extracted multiple group ids using group id >> extractor, DAO classes use one group id to extract the applications and >> subscriptions. I think we have to implement to get all the applications and >> subscriptions if user are in several groups. >> >> Thanks >> >> On Wed, Jan 13, 2016 at 2:18 PM, Nuwan Dias <[email protected]> wrote: >> >>> >>> >>> On Wed, Jan 13, 2016 at 12:32 PM, Amalka Subasinghe <[email protected]> >>> wrote: >>> >>>> Hi Nuwan, >>>> >>>> We need APIM support to show subscribed API, when there's 1 user >>>> assigned to 2 user groups. >>>> >>>> *Our current AF APIM integration flow works as follows.* >>>> >>>> let's say we have a tenant foo.com and users - appowner1 and developer1 >>>> App owner1 creates an AF application 'AFapp1' and assign devloper1 as a >>>> developer of that application. >>>> according to the current implementation only the appowner1 can >>>> subscribe to the APIM API. >>>> [When appowner1 login to the APIM, we create an application 'AFapp1' in >>>> APIM side and selecting that application appowner1 can subscribe to an API] >>>> Then appowner1 can see subscribed APIs in AF side, where developers >>>> can't see that API. >>>> >>>> So we need to implement APIM group subscriptions in AF. >>>> to implement it we have to set the organization claim (as eg: >>>> 'foo.com_AFapp1') for appowner1 and developer1. >>>> Then both users can see the subscribed API. >>>> >>>> *We have another use case;* >>>> basically our user grouping happens per AF application and 1 user can >>>> be in 2 groups >>>> >>>> Let's say appowner1 creates an another application AFapp2 >>>> then appowner1 is belongs to 2 user groups. So we need to assign two >>>> values for the organization claim. (foo.com_AFapp1, foo.com_AFapp2) >>>> appowner1 want to see subscribed API in APIM side based on that 2 >>>> organizations. >>>> >>>> As I know, APIM does not support this when there's a more than 1 group >>>> assigned for the organization claim. >>>> But this is a required use case for the AF/cloud, and we can't >>>> customize the GroupingExtractor due to maintainability issues in cloud. >>>> >>>> Can this improvement provide by APIM? >>>> >>> >>> It can be done. But we've already done product plans for releases >>> covering the year. It might take time to get this into the product as a GA >>> release. I guess the timely solution is to customize the GroupingExtractor. >>> >>> What maintainability concerns do you have? If a standard extension point >>> in the product is a maintainability concern it makes no sense to have those >>> extension points at all. So I would like to understand those concerns and >>> improve if possible. >>> >>>> >>>> Thanks >>>> Amalka >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Tue, Jan 12, 2016 at 1:42 PM, Amalka Subasinghe <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> Currently only the app owner allows to subscribed to an API, generate >>>>> keys and see subscribed APIs, where other users are not allowed as showed >>>>> in the below table. >>>>> >>>>> >>>>> Subscribe to API Generate Keys View subscribed APIs in AF side View >>>>> Prod keys in AF side View Sandbox keys in AF side App owner Y Y Y Y Y >>>>> Developer >>>>> >>>>> >>>>> >>>>> Y QA >>>>> >>>>> >>>>> >>>>> Y DevOps >>>>> >>>>> >>>>> Y Y >>>>> We want to improve the AF - APIM integration as follows. So we need >>>>> implement $subject. >>>>> 1. making both app owner and developer can subscribe to an API and >>>>> generate keys >>>>> 2. making all users to see subscribed API per application >>>>> >>>>> >>>>> Subscribe to API Generate Keys View subscribed APIs in AF side View >>>>> Prod keys in AF side View Sandbox keys in AF side App owner Y Y Y Y Y >>>>> Developer Y Y Y >>>>> Y QA >>>>> >>>>> Y >>>>> Y DevOps >>>>> >>>>> Y Y Y >>>>> *Things to do:* >>>>> >>>>> 1. All the users of a particular app we need to maintain as a group. >>>>> >>>>> In APIM side they uses http://wso2.org/claims/organization claim to >>>>> group the users. We have to set this claim (eg: app key as the value of >>>>> the >>>>> claim) when appowner or developer try to click on 'Go to API Manager' >>>>> button. >>>>> Currently we use a role app_appName to group the users of a particular >>>>> application in AF. If we use this we have to implement a custom grouping >>>>> extractor to get the users of a particular group. >>>>> >>>>> >>>>> *Issues: *a. Since we don't set the claim for QA and DevOps users, >>>>> they can't view subscribed APIs in AF side, and If we add the claim they >>>>> also will be able to subscribe to APIs and generate keys. So we need to >>>>> find a way to view subscribed api for a particular application by QA and >>>>> Devops users. >>>>> b. With this implementation Developer can see prod keys also. >>>>> >>>>> >>>>> 2. Make Go to API Manager and Sync Keys buttons enabled only to >>>>> appowner and developer. >>>>> For this we can use resource permissions we already have. >>>>> >>>>> >>>>> 3. Need to improve/test all the rest calls we do with APIM to work >>>>> with groups and fix if there's any issue. >>>>> >>>>> - Login - When user clicks on 'Go to API Manager' button of a >>>>> particular app, it should login to APIM and show the subscribed APIs, >>>>> listed under selected application. >>>>> - Create application >>>>> - Remove application >>>>> - Get published APIs by application >>>>> - List subscription >>>>> - Get applications >>>>> >>>>> [1] https://wso2.org/jira/browse/APPFAC-3217 >>>>> >>>>> Thanks >>>>> Amalka >>>>> >>>>> >>>> >>>> >>>> -- >>>> Amalka Subasinghe >>>> Senior Software Engineer >>>> WSO2 Inc. >>>> Mobile: +94 77 9401267 >>>> >>> >>> >>> >>> -- >>> Nuwan Dias >>> >>> Technical Lead - WSO2, Inc. http://wso2.com >>> email : [email protected] >>> Phone : +94 777 775 729 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Lakshman Udayakantha >> WSO2 Inc. www.wso2.com >> lean.enterprise.middleware >> Mobile: *0714388124* >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> -- Nuwan Dias Technical Lead - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
