search

Azure / apiops

APIOps applies the concepts of GitOps and DevOps to API deployment. By using practices from these two methodologies, APIOps can enable everyone involved in the lifecycle of API design, development, and deployment with self-service and automated tools to ensure the quality of the specifications and APIs that they’re building.
https://azure.github.io/apiops
MIT License
328 stars 193 forks source link

[BUG] Publisher removing groups from the Product #645

Closed kantipenko closed 1 month ago

kantipenko commented 2 months ago

Release version

6.0.1

Describe the bug

We are deploying specific API's and specific Products between environments using configuration file. On the push to the Test from Dev environment we can see that publisher is trying to remove users from product in the Test Environment.

Expected behavior

Product has reference to more than one API and users are different beetwen environments. Publisher should not delete users from the Product.

Actual behavior

Publisher is trying to delete users in the Products associated to the API: image

Reproduction Steps

Dev APIM with Products and users assigned to groups. Existing Product in Test with existing groups and users in them.

github-actions[bot] commented 2 months ago 
  Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
  Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.
felipementel commented 2 months ago

I have the same problem with the version 6.0.1.1

@kantipenko try to run the extractor process and verify the result. The files was transformed to folders ... there is a new structure. take a look

guythetechie commented 2 months ago

@kantipenko - when you create a new product, APIM automatically creates a subscription with the administrators group. This behavior is not necessarily desired when using ApiOps, as we want Git to be our source of truth. We don't want a subscription that doesn't exist in source control. That's why ApiOps removes the automatically created subscription if it creates a new product.

Note that this removal should only happen when ApiOps creates a product. If a product already exists, ApiOps won't remove its subscription.

Hope this helps. Please respond if you have concerns about this behavior.

felipementel commented 2 months ago

@kantipenko - when you create a new product, APIM automatically creates a subscription with the administrators group. This behavior is not necessarily desired when using ApiOps, as we want Git to be our source of truth. We don't want a subscription that doesn't exist in source control. That's why ApiOps removes the automatically created subscription if it creates a new product.

Note that this removal should only happen when ApiOps creates a product. If a product already exists, ApiOps won't remove its subscription.

Hope this helps. Please respond if you have concerns about this behavior.

I was using version 4.0.11 and then 5.1.4 and both had this behavior: When creating a product, a subscription was automatically created.

I understand what you said, that the APIOps process does not want anything to be created automatically, but rather that Git is the source of truth.

But, looking at the folder that contains the subscriptions, what rule is applied to create a new subscription (because the subscription-key now is the folder name). Just put a random guide, like the one generated via pscore, as New-Guid?

image

image

other question:

Inside each folder, there is a file. And how do we know which value to fill in for the ownerId information? I ask this because I have a process for creating items, such as products and subscriptions, before running the extractor. My process is independent.

{
  "properties": {
    "scope": "/subscriptions/0a63b4de-123/resourceGroups/rg-aaa/providers/Microsoft.ApiManagement/service/apim-bbb/products/name-app",
    "allowTracing": false,
    "ownerId": "/subscriptions/0a63b4de-123/resourceGroups/rg-aaa/providers/Microsoft.ApiManagement/service/apim-bbb/users/1",
    "state": "active"
  }
}
guythetechie commented 2 months ago

In previous versions, ApiOps did not support product subscriptions. The tool explicitly skipped extracting subscriptions that were scoped to a product. Support for product subscriptions was added in v6.

I have no idea what algorithm APIM uses for autogenerated subscription names. If you want to control what name is used, you can do these steps:

  1. Create the product. Subscription will be autogenerated.
  2. Delete the autogenerated subscription.
  3. Create a subscription with the name you want.
  4. Link the product to the subscription in step 3.

The ownerId represents the user who owns the subscription. It's tied to the field below in the Azure portal. It's not a mandatory property; you can just remove it if you want a subscription with no owners.

image
kantipenko commented 1 month ago

Many thanks for suggestions! They work as you suggested.