add visibility restrictions (#98)

* Add visibility restrictions (for Publisher visibility)
* Introduced backward compatibility (for Subscriber visibility)
* Review comments fixed
---------
Co-authored-by: gustaaf jongbloed <[email protected]>

src/2.6.0/wso2apim.js

@@ -211,7 +211,7 @@ function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
         sandbox: (apiDef.maxTps) ? apiDef.maxTps : undefined,
         production: (apiDef.maxTps) ? apiDef.maxTps : undefined
       },
-      visibility: apiDef.visibility,
+      visibility: apiDef.subscriberVisibility || apiDef.visibility,
       endpointConfig: JSON.stringify({
         production_endpoints: {
           url: backendBaseUrl,
@@ -239,6 +239,15 @@ function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
     if (apiDef.cors) {
       wso2ApiDefinition.corsConfiguration = constructCorsConfiguration(apiDef);
     }
+    if (apiDef.subscriberVisibilityRoles) {
+      wso2ApiDefinition.visibleRoles = apiDef.subscriberVisibilityRoles;
+    }
+    if (apiDef.publisherVisibility) {
+      wso2ApiDefinition.accessControl = apiDef.publisherVisibility === 'PRIVATE' ? 'NONE' : apiDef.publisherVisibility;
+    }
+    if (apiDef.publisherVisibilityRoles) {
+      wso2ApiDefinition.accessControlRoles = apiDef.publisherVisibilityRoles;
+    }
 
     backendBaseUrl = '';
     backendType = '';
@@ -578,7 +587,7 @@ async function listCertInfo(wso2APIM, accessToken, certAlias) {
  * @param {*} swaggerSpec 
  * @returns 
  */
- async function upsertSwaggerSpec(wso2APIM, accessToken, apiId, swaggerSpec) {
+async function upsertSwaggerSpec(wso2APIM, accessToken, apiId, swaggerSpec) {
   try {
     const url = `https://${wso2APIM.host}:${wso2APIM.port}/api/am/publisher/${wso2APIM.versionSlug}/apis/${apiId}/swagger`;
     const config = {

src/3.2.0/wso2apim.js

@@ -224,7 +224,7 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
       maxTps: {
         production: (apiDef.maxTps) ? apiDef.maxTps : undefined
       },
-      visibility: apiDef.visibility,
+      visibility: apiDef.subscriberVisibility || apiDef.visibility,
       endpointConfig: {
         production_endpoints: {
           url: backendBaseUrl            },
@@ -250,6 +250,15 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) {
     if (apiDef.cors) {
       wso2ApiDefinition.corsConfiguration = constructCorsConfiguration(apiDef);
     }
+    if (apiDef.subscriberVisibilityRoles) {
+      wso2ApiDefinition.visibleRoles = apiDef.subscriberVisibilityRoles;
+    }
+    if (apiDef.publisherVisibility) {
+      wso2ApiDefinition.accessControl = apiDef.publisherVisibility === 'PRIVATE' ? 'NONE' : apiDef.publisherVisibility;
+    }
+    if (apiDef.publisherVisibilityRoles) {
+      wso2ApiDefinition.accessControlRoles = apiDef.publisherVisibilityRoles;
+    }
 
     backendBaseUrl = '';
     backendType = '';

src/__tests__/e2e/invalid-publisher-visibility-invalid-roles/serverless.yml

@@ -0,0 +1,54 @@
+service: serverless-wso2-apim
+provider:
+  name: aws
+  stackName: ${env:STACK_NAME}
+  deploymentBucket:
+    name: ${env:TEST_ID_NORMALIZED}
+plugins:
+  - serverless-localstack
+  - serverless-deployment-bucket
+  - "../../../../src"
+
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case.
+#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js`
+custom:
+  wso2apim:
+    enabled: true
+    host: ${env:WSO2_HOST}
+    port: ${env:WSO2_PORT}
+    user: ${env:WSO2_USER}
+    pass: ${env:WSO2_PASS}
+    gatewayEnv: ${env:WSO2_ENV}
+    apidefs:
+      - name: ${env:TEST_ID}-1
+        description: ${env:TEST_ID}-1
+        rootContext: /${env:TEST_ID}-1
+        version: "1"
+        subscriberVisibility: "RESTRICTED"
+        subscriberVisibilityRoles:
+          - "admin"
+        publisherVisibility: "RESTRICTED"
+        publisherVisibilityRoles: "admin"
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-1
+        swaggerSpec:
+          swagger: "2.0"
+          pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+
+# Optionally, add your other AWS provider-specific resources below.
+# Make sure there is at least one resource listed below, otherwise stack deployment would fail.
+resources:
+  Resources:
+    Topic:
+      Type: AWS::SNS::Topic

src/__tests__/e2e/invalid-publisher-visibility-missing-roles/serverless.yml

@@ -0,0 +1,51 @@
+service: serverless-wso2-apim
+provider:
+  name: aws
+  stackName: ${env:STACK_NAME}
+  deploymentBucket:
+    name: ${env:TEST_ID_NORMALIZED}
+plugins:
+  - serverless-localstack
+  - serverless-deployment-bucket
+  - "../../../../src"
+
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case.
+#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js`
+custom:
+  wso2apim:
+    enabled: true
+    host: ${env:WSO2_HOST}
+    port: ${env:WSO2_PORT}
+    user: ${env:WSO2_USER}
+    pass: ${env:WSO2_PASS}
+    gatewayEnv: ${env:WSO2_ENV}
+    apidefs:
+      - name: ${env:TEST_ID}-1
+        description: ${env:TEST_ID}-1
+        rootContext: /${env:TEST_ID}-1
+        version: "1"
+        subscriberVisibility: "PRIVATE"
+        publisherVisibility: "RESTRICTED"
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-1
+        swaggerSpec:
+          swagger: "2.0"
+          pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+
+# Optionally, add your other AWS provider-specific resources below.
+# Make sure there is at least one resource listed below, otherwise stack deployment would fail.
+resources:
+  Resources:
+    Topic:
+      Type: AWS::SNS::Topic

src/__tests__/e2e/invalid-subscriber-visibility-invalid-roles/serverless.yml

@@ -0,0 +1,53 @@
+service: serverless-wso2-apim
+provider:
+  name: aws
+  stackName: ${env:STACK_NAME}
+  deploymentBucket:
+    name: ${env:TEST_ID_NORMALIZED}
+plugins:
+  - serverless-localstack
+  - serverless-deployment-bucket
+  - "../../../../src"
+
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case.
+#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js`
+custom:
+  wso2apim:
+    enabled: true
+    host: ${env:WSO2_HOST}
+    port: ${env:WSO2_PORT}
+    user: ${env:WSO2_USER}
+    pass: ${env:WSO2_PASS}
+    gatewayEnv: ${env:WSO2_ENV}
+    apidefs:
+      - name: ${env:TEST_ID}-1
+        description: ${env:TEST_ID}-1
+        rootContext: /${env:TEST_ID}-1
+        version: "1"
+        subscriberVisibility: "RESTRICTED"
+        subscriberVisibilityRoles:
+          - "admin"
+          - "non-existing-role"
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-1
+        swaggerSpec:
+          swagger: "2.0"
+          pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+
+# Optionally, add your other AWS provider-specific resources below.
+# Make sure there is at least one resource listed below, otherwise stack deployment would fail.
+resources:
+  Resources:
+    Topic:
+      Type: AWS::SNS::Topic

src/__tests__/e2e/invalid-subscriber-visibility-missing-roles/serverless.yml

@@ -0,0 +1,50 @@
+service: serverless-wso2-apim
+provider:
+  name: aws
+  stackName: ${env:STACK_NAME}
+  deploymentBucket:
+    name: ${env:TEST_ID_NORMALIZED}
+plugins:
+  - serverless-localstack
+  - serverless-deployment-bucket
+  - "../../../../src"
+
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case.
+#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js`
+custom:
+  wso2apim:
+    enabled: true
+    host: ${env:WSO2_HOST}
+    port: ${env:WSO2_PORT}
+    user: ${env:WSO2_USER}
+    pass: ${env:WSO2_PASS}
+    gatewayEnv: ${env:WSO2_ENV}
+    apidefs:
+      - name: ${env:TEST_ID}-1
+        description: ${env:TEST_ID}-1
+        rootContext: /${env:TEST_ID}-1
+        version: "1"
+        subscriberVisibility: "RESTRICTED"
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-1
+        swaggerSpec:
+          swagger: "2.0"
+          pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+
+# Optionally, add your other AWS provider-specific resources below.
+# Make sure there is at least one resource listed below, otherwise stack deployment would fail.
+resources:
+  Resources:
+    Topic:
+      Type: AWS::SNS::Topic

src/__tests__/e2e/valid-visibility-restricted/serverless.yml

@@ -0,0 +1,120 @@
+service: serverless-wso2-apim
+provider:
+  name: aws
+  stackName: ${env:STACK_NAME}
+  deploymentBucket:
+    name: ${env:TEST_ID_NORMALIZED}
+plugins:
+  - serverless-localstack
+  - serverless-deployment-bucket
+  - "../../../../src"
+
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case.
+#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference
+#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js`
+custom:
+  wso2apim:
+    enabled: true
+    host: ${env:WSO2_HOST}
+    port: ${env:WSO2_PORT}
+    user: ${env:WSO2_USER}
+    pass: ${env:WSO2_PASS}
+    gatewayEnv: ${env:WSO2_ENV}
+    apidefs:
+      - name: ${env:TEST_ID}-1
+        description: ${env:TEST_ID}-1
+        rootContext: /${env:TEST_ID}-1
+        version: "v1"
+        subscriberVisibility: "RESTRICTED"
+        subscriberVisibilityRoles:
+          - "admin"
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-1
+        swaggerSpec:
+          swagger: "2.0"
+          info:
+            title: ${env:TEST_ID}-1
+            version: "v1"
+            contact:
+              name: ${env:TEST_ID}-1
+              email: ${env:TEST_ID}-1
+          paths:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+      - name: ${env:TEST_ID}-2
+        description: ${env:TEST_ID}-2
+        rootContext: /${env:TEST_ID}-2
+        version: "1"
+        subscriberVisibility: "RESTRICTED"
+        subscriberVisibilityRoles:
+          - "admin"
+          - "Internal/subscriber"
+        publisherVisibility: "RESTRICTED"
+        publisherVisibilityRoles:
+          - "admin"
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-2
+        swaggerSpec:
+          openapi: 3.0.0
+          info:
+            title: ${env:TEST_ID}-2
+            version: "1"
+            contact:
+              name: ${env:TEST_ID}-2
+              email: ${env:TEST_ID}-2
+          paths:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+      - name: ${env:TEST_ID}-3
+        description: ${env:TEST_ID}-3
+        rootContext: /${env:TEST_ID}-3
+        version: "1"
+        visibility: "PRIVATE"
+        publisherVisibility: "RESTRICTED"
+        publisherVisibilityRoles:
+          - "admin"
+          - "Internal/publisher"
+        backend:
+          http:
+            baseUrl: "https://baseUrl"
+        maxTps: 10
+        tags:
+          - ${env:TEST_ID}-3
+        swaggerSpec:
+          openapi: 3.0.0
+          info:
+            title: ${env:TEST_ID}-3
+            version: "1"
+            contact:
+              name: ${env:TEST_ID}-3
+              email: ${env:TEST_ID}-3
+          paths:
+            /*:
+              post:
+                responses:
+                  "201":
+                    description: Created
+                x-auth-type: "None"
+
+# Optionally, add your other AWS provider-specific resources below.
+# Make sure there is at least one resource listed below, otherwise stack deployment would fail.
+resources:
+  Resources:
+    Topic:
+      Type: AWS::SNS::Topic