Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add visibility restrictions in the developer portal based on the Organizations #3061

Closed
5 tasks done
chamilaadhi opened this issue Aug 13, 2024 · 23 comments
Closed
5 tasks done

Comments

@chamilaadhi
Copy link
Contributor

chamilaadhi commented Aug 13, 2024

Problem

Need to restrict API and applications based on the user organization. Refer https://docs.google.com/document/d/1U_rYpwpKyvM_hEzUzUVHJ7Gu-N-xu7Of97r4cRxlMQM/edit

Tasks

  • Add the capability to set API’s organization visibility from the publisher portal
  • Dev portal search based on organization.
  • Resolve user organization when login into the developer portal
  • Capability to create Application sharable to the organization.
  • Set available organizations for business plans
@chamilaadhi
Copy link
Contributor Author

Initial implementation wso2/carbon-apimgt#12512

This PR set visibility restriction for API using organization and filter API in the dev portal listing page based on the user organization

@chamilaadhi
Copy link
Contributor Author

Add Application sharing for with the organization wso2/carbon-apimgt#12517

@chamilaadhi
Copy link
Contributor Author

Publisher side UI changes to set organization visibility to APIs wso2/apim-apps#729

Screenshot 2024-08-21 at 10 29 39 AM

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Aug 21, 2024

Additional fixes wso2/carbon-apimgt#12519 wso2/carbon-apimgt#12521

@chamilaadhi
Copy link
Contributor Author

Add application sharing with the organization wso2/apim-apps#730

Screenshot 2024-08-22 at 10 40 06 AM

@chamilaadhi
Copy link
Contributor Author

Add capability to add organizations to business plans and filter it in the devportal for the API based on user organization wso2/carbon-apimgt#12523

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Aug 28, 2024

Moving to registry property to store organization information instead of introducing new field to rxt.
wso2/carbon-apimgt#12528

Above change needs carbon-registry fix wso2/carbon-registry#440 as well. Currently we can only search with one registry property. with this we can use multiple properties

@chamilaadhi
Copy link
Contributor Author

Since there is a new property added to the API, we need to do a registry resource migration. To prevent this, we could add a default property value to all the migrated API when generating the indexed data. Following PRs do this

wso2/carbon-apimgt#12529
wso2/carbon-registry#441

When migrating to the new version, with this change, we have to do a reindexing only

@chamilaadhi
Copy link
Contributor Author

Setup IS 7.0 with APIM developer portal. IS 7 is setup as a federated authenticator. We need to add custom oidc claims to retrieve organization and organization id since it is not available in APIM

Following flow is configured
Screenshot 2024-09-04 at 5 38 12 PM

Steps on configuring can be found in https://docs.google.com/document/d/1MpsVrYCL4lT5p6rjB_ViAbU09yCCyzTLuDII9Clcsq0/edit?usp=sharing

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Sep 9, 2024

Add organization visibility for subscription policy in admin porta

Screenshot 2024-09-09 at 2 04 44 PM

wso2/apim-apps#738

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Sep 13, 2024

Show organization name in dev portal UI from wso2/apim-apps#742

Screenshot 2024-09-13 at 11 07 40 AM

Additional bug fixes wso2/carbon-apimgt#12559

@chamilaadhi
Copy link
Contributor Author

Based on the review , moved the org visibility to its own field in publisher portal configuration section https://git
hub.com/wso2/apim-apps/pull/742/commits/cc7cf140b7a7beb129cb8eee93ca55b41d3665d2

Screenshot 2024-09-18 at 6 10 50 PM

Additionally, introduced a config to enable org feature

    [apim.organization_based_access_control]
    enable = true

carbon-apimgt related changes for above two changes wso2/carbon-apimgt#12572

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Sep 24, 2024

Fix logout issue wso2/apim-apps#751

Additionally, Provide capability to show organization specific token and authorization endpoint in the dev portal
wso2/carbon-apimgt#12592

For this to work, need to provide a templated url to the keymanager connector display url.
Screenshot 2024-09-24 at 12 08 46 PM

Screenshot 2024-09-24 at 12 08 16 PM

@chamilaadhi
Copy link
Contributor Author

After discussion, planned to get implement keymanager visibilty based on user organization. This way, we will have to register keymanager per organization.

Backend pr for this wso2/carbon-apimgt#12592

This introduces new table

    CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_ALLOWED_ORGS (
      KEY_MANAGER_UUID VARCHAR(50) NOT NULL,
      ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL,
      PRIMARY KEY (KEY_MANAGER_UUID, ALLOWED_ORGANIZATIONS),
      FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE
    );

@chamilaadhi
Copy link
Contributor Author

Add keymanager visibility UI wso2/apim-apps#780

Screenshot 2024-10-04 at 10 44 06 AM

@chamilaadhi
Copy link
Contributor Author

Add capability to enable/disable feature wso2/apim-apps#783

config

  [apim.organization_based_access_control]
  enable = true

@chamilaadhi
Copy link
Contributor Author

Refactor business plans wso2/carbon-apimgt#12634

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Oct 9, 2024

Add capability to use multiple keymanagers with same issuer with wso2/carbon-apimgt#12652

To differentiate the keymanage, Need to configure 'Token Handling Options' section in the keymanager

Ex:
Screenshot 2024-10-09 at 4 09 13 PM

This example, based on organization filed in the access token, relavant KM is selected

@chamilaadhi
Copy link
Contributor Author

Add support for orgs with spaces in the name
wso2/carbon-apimgt#12653
wso2/apim-apps#791

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Oct 11, 2024

Fix logout issue for publisher wso2/apim-apps#795

Bug fixes wso2/carbon-apimgt#12655

@chamilaadhi
Copy link
Contributor Author

Provide a config to change the claim that is used for organization resolving. wso2/carbon-apimgt#12670

Now you can set organization id or any claim as the organization

    [apim.organization_based_access_control]
    enable = true
    organization_selector_local_claim = "http://wso2.org/claims/organizationId" # optional

@chamilaadhi
Copy link
Contributor Author

chamilaadhi commented Oct 31, 2024

Pending Tasks

  • Support unified search, definition search (Support swagger document content search via Publisher/Developer Portal search #3103), etc and tag listing
  • UI revamp
  • On the fly migration using CustomAPIIndexer. add default 'all' to the org property in the API
  • Enabling Application sharing feature with org feature
  • Update db schemas for all the database types
  • Handle apictl related scenarios
  • Analytics related data population
  • Integration test and unit test fixing
  • Working with scopes

@HiranyaKavishani
Copy link

Closing the issue as the pending tasks are added to major task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants