Closed mouligno closed 2 years ago
Sicofonia
commented
2 years ago @marcambier would be kind to link the original pull request for the original issue: https://github.com/gravitee-io/issues/issues/7824
https://github.com/gravitee-io/gravitee-api-management/pull/2186
marcambier
commented
2 years ago Note for QA team ; This is a refactoring of the security chain, so everything related to plans execution on the gateway side has to be tested. For example :
LiliaEn
commented
2 years ago Tested on the default env v3.19.0 The following scenarios (plan combinations) were covered:
:rainbow: Feature
As an API Publisher, I want to make sure that applications are using the correct plans it subscribed to
:sunrise_over_mountains: Additional information
The idea is to execute the plan based on the subscription instead of just checking the security technical requirements.
A first implementation of the security chain has been made and one issue has been discovered - https://gravitee.slab.com/posts/token-based-plan-issue-hwz47lst
Improvements required :
SecurityPolicyidfrom theSecurityPolicyfor the gateway to identify corresponding subscription without limiting it toclientIdwhich is tightly coupled to JWT / OAuth2 policies:link: Dependencies
https://github.com/gravitee-io/issues/issues/7995 https://github.com/gravitee-io/issues/issues/7824
:camera: Mockups
Insert screenshots, drawings...
:books: Documentation required
Provide link to the issue for documentation update
:superhero: Acceptance criteria
:warning: Potential impacts
Which other features may be impacted by this fix. This could be populated after fix
What are the impacted versions?
:rocket: