-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gateway Visibility Control in Dev Portal #3378
Comments
Did a background search for the gateway visibility control based on the regions and came up with the following approach. Introduce a new property to the gateway environment configurations at the
Provide a way to do a gateway-role mapping via the Admin portal as well. The roles incorporated to each gateway environment (via the deployment.toml or at the Admin portal UI) can be used to do the gateway visibility control for the APIs. If the visibility is set at the deployment.toml, it will be shown under the environments section in the Admin portal and wise versa. Filter and show the gateway URLs in the Dev Portal based on the roles assigned for the logged-in user. |
Sub Tasks -
|
Came up with the following DB schema changes for the feature.
|
Working on the backend implementation for the feature atm. Firstly the visibility configuration will be handled via the deployment.toml. |
I have completed the visibility configurations set via the deployment.toml and working on the GW URL retrieval part at the Dev Portal. |
I have completed the relevant backend API changes to handle the gateway environment visibility. Facing some issues when showing the environments at the API Console page in the Dev Portal as the environments are retrieved via the endpoints currently [1] and we are considering the visibility for the environments here. Checking the APIConsole page implementation [1] and relevant backend changes [2], [3] to get it fixed. [1] https://github.com/wso2/apim-apps/blob/main/portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/ApiConsole/ApiConsole.jsx#L189 |
Solved the issue faced while retrieving the GW environments at the Dev Portal. Added a draft PR [1] with the current implementation changes. Testing the flows atm and refactoring/improving the code changes. Will be starting with the Admin UI changes as the next step. |
Need to get the UI designs finalized before starting the implementation. Looking into the integration test failures occurred due to the PR wso2/carbon-apimgt#12722 atm. |
Did the UI modifications to show the GW environment visibility roles at the Deployments page of an API in the Publisher. Need to work on the Admin UI changes to add/update/remove GW visibility roles. |
Started working on the Admin rest API changes to support environment visibility changes in the Admin UI. |
As per the final discussion, it was decided to use a separate table to store GW visibility related data instead of having it in
Updated the same PR with the new DB and implementation related changes. |
Completed and tested the feature with all the backend + rest API changes by setting the visibility via the deployment.toml. Need to revamp the changes done in the Publisher UI to show GW visibility roles. Need to do the Admin UI changes as well. |
Revamped the Publisher UI changes to show the GW visibility as below. |
Did the Admin UI changes to add permissions for the Gateway as below. Roles can be set as follows in the same UI. The Gateway listing page in the Admin portal is also modified with the permissions as below. Updated the same wso2/apim-apps#848 with the new UI changes. |
The documentation changes + the integration tests are pending for the feature. |
Problem
Currently, there is no way to restrict access to the gateways based on the gateway deployment region for the APIs in the Dev Portal.
That means, for a User A who belongs to the region A, should only see the gateway belongs to region A, and not the gateways from regions B and C.
Solution
There should be a visibility control mechanism for the gateways based on the roles, so that the roles can be assigned to the users in each region and when showing the gateway URLs for the APIs in the Dev Portal, the visibility control can be done based on the regions.
Affected Component
APIM
Version
APIM 4.5.0
The text was updated successfully, but these errors were encountered: