Closed tgtshanika closed 10 months ago
Status Update
Design Review : Completed
Database layer : Completed
Backend Implementation : Ongoing
Summary of Design Review
API Schema changes : Adding an extra field "permissions" of type "permission" in keymanager requests to reflect the permissions that the keymanager has. The following is the api level schema of KeyManagerPermission
KeyManagerPermission:
title: Key Manager Permission
type: object
properties:
permissionType:
type: string
role:
type: string
Database Schema changes : The following table was proposed.
CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS (
UUID VARCHAR(50) NULL,
PERMISSIONS_TYPE VARCHAR(50) NULL,
ROLES VARCHAR(512) NULL,
PRIMARY KEY (UUID)
FOREIGN KEY (UUID) REFERENCES AM_KEY_MANAGER(UUID));
It was proposed to change the database schema as follows to store the roles in different records.
CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS (
KEY_MANAGER_PERMISSION_ID INT NOT NULL AUTO_INCREMENT,
KEY_MANAGER_UUID VARCHAR(50) NULL,
PERMISSIONS_TYPE VARCHAR(50) NULL,
ROLE VARCHAR(255) NULL,
PRIMARY KEY (KEY_MANAGER_PERMISSION_ID),
FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID));
Status of Backend Implementation
{
...
permissions : [
{
permission Type : <permissionType>,
role : <role>
},
{
permission Type : <permissionType>,
role : <role>
}
]
}
{
...
permissions : {
permissionType : <permissionType>
roles : []
}
}
Hi team,
Status of the Backend Implementation
Starting the UI Implementation
Thanks & Regards, Kirishikesan
Hi team,
Progress update
With this the implementation is completed and the code review is scheduled on 26.09.2023.
The Integration tests, documentation and the migration tasks is due for this week.
Thanks & Regards, Kirishikesan
Hi team,
The code review was completed on 27.09.2023 and the following decisions were taken.
CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS (
KEY_MANAGER_UUID VARCHAR(50) NULL,
PERMISSIONS_TYPE VARCHAR(50) NULL,
ROLE VARCHAR(255) NULL,
PRIMARY KEY (KEY_MANAGER_UUID, ROLE),
FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID));
Meeting notes : https://docs.google.com/document/d/1_N6QNuRyGTvc_4fQg1v8CDKeLdzlpzAcL9tC_jgYVZ0/edit#heading=h.53k25yfmsand
Thanks & Regards, Kirishikesan
Hi team,
The doc PR has been sent and the PRs are sent for Review. There are failures in the integration test for this issue. This issue will be complete as soon as that issue is resolved and the PRs merged.
Thanks & Regards, Kirishikesan
Problem
Currently, the key manager visibility cannot be controlled or restricted for different user groups(roles) of API consumers.
Solution
Introducing the capability of specifying role-based visibility restriction rules(Deny/Allow) for key manager definition via admin portal.
Affected Component
APIM
Version
4.3.0
Implementation
Related Issues
No response
Suggested Labels
No response