For viewing, shall we use a single scope: apim:mediation_policy_view
But, it make sense to have the apim:api_view scope to view mediation
policies of an api IMO
If not, a user with apim:api_view scope can see the api but unable to see
the mediation policies due to missing apim:mediation_policy_view scope. Do
we need a separation here?
Also for the tag: shall we simplify as "Mediation Policies"
+1
Thanks & Regards,
Ishara Cooray
Associate Technical Lead
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware
On Thu, Aug 15, 2019 at 2:32 PM Malintha Amarasinghe
wrote:
> Hi Ishara,
>
> +1 for the overall approach.
>
> For viewing, shall we use a single scope: apim:mediation_policy_view
>
> Also for the tag: shall we simplify as "Mediation Policies"
>
> Thanks!
>
>
> On Tue, Aug 13, 2019 at 1:18 PM Ishara Cooray wrote:
>
>> Hi,
>> I have started working on the $Subject and below is the rest api
>> definitions.
>>
>>
>>- To avoid string manipulations, Mediation policy post is done as a
>>file upload. Hence we can provide the sequence file(xml content) as an
>>input in the form of multipart/form-data
>>ex:
>>
>>curl -X POST
>> https://localhost:9443/api/am/publisher/v1.0/apis/2a3d5469-5394-4576-974a-5f8bf7e400bd/mediation-policies
>>-H "Authorization: Bearer 5cbc7d4f-d4f1-33c9-87e4-68a22ae7e602"
>>-F file=@sampleSeq2.xml
>>-H "Content-Type: multipart/form-data"
>>-F "type=in"
>>
>>- To retrieve a mediation sequence, a new REST api has been
>>introduced which will download sequence as a file. Where as in APIM 2.x
>>REST API it was returning as a string.
>>Please refer
>>/apis/{apiId}/mediation-policies/{mediationPolicyId}/content:
>>
>>
>> ##
>> # The "specific mediation policy" resource APIs
>> ##
>> '/apis/{apiId}/mediation-policies':
>>
>>
>> #-
>> # Retrieving the list of all API specific mediation sequences under a
>> given search condition
>>
>> #-
>> get:
>> security:
>> - OAuth2Security:
>> - apim:mediation_policy_view
>> x-examples:
>> $ref: docs/examples/apis/apis_id_mediationpolicies_get.yaml
>> summary: |
>> Get all mediation policies of an API
>> operationid: apisApiIdMediationPoliciesGet
>> description: |
>> This operation provides you a list of available mediation policies of
>> an API.
>> parameters:
>> - $ref: '#/parameters/apiId'
>> - $ref : '#/parameters/limit'
>> - $ref : '#/parameters/offset'
>> - name : query
>> in: query
>> description: "-Not supported yet-"
>> type: string
>> - $ref : "#/parameters/If-None-Match"
>> tags:
>> - Mediation Policies of an API
>> responses:
>> 200:
>> description: |
>> OK.
>> List of qualifying APIs is returned.
>> schema:
>> $ref: '#/definitions/MediationList'
>> headers:
>> Content-Type:
>> description: The content type of the body.
>> type: string
>> ETag:
>> description: |
>> Entity Tag of the response resource. Used by caches, or in
>> conditional requests (Will be supported in future).
>> type: string
>> 304:
>> description: |
>> Not Modified.
>> Empty body because the client has already the latest version of
>> the requested resource (Will be supported in future).
>> 406:
>> description: |
>> Not Acceptable.
>> The requested media type is not supported
>> schema:
>> $ref: '#/definitions/Error'
>>
>>
>> #
>> # Upload an API specific mediation policy
>>
>> #
>> post:
>> consumes:
>> - multipart/form-data
>> security:
>> - OAuth2Security:
>> - apim:mediation_policy_create
>> x-examples:
>> $ref: docs/examples/apis/apis_id_mediationpolicies_post.yaml
>> summary: Add an API specific mediation policy
>> operationid: apisApiIdMediationPoliciesPost
>> description: |
>> This operation can be used to add an API specifc mediation policy.
>> parameters:
>> - in: formData
>> name: file
>> description: Mediation Policy to upload
>> type: file
>> required: false
>> - in: formData
>> name: inlineContent
>> description: Inline content of the Mediation Policy
>> type: string
>> required: false
>> - in: formData
>> name: type
>> desc