From 104b3cc49885e087a0a5d97b707d016dfce2de39 Mon Sep 17 00:00:00 2001 From: gustaafj Date: Tue, 28 Feb 2023 11:27:01 +0100 Subject: [PATCH] add visibility restrictions (#98) * Add visibility restrictions (for Publisher visibility) * Introduced backward compatibility (for Subscriber visibility) * Review comments fixed --------- Co-authored-by: gustaaf jongbloed --- README.md | 68 +++++----- src/2.6.0/wso2apim.js | 13 +- src/3.2.0/wso2apim.js | 11 +- .../serverless.yml | 54 ++++++++ .../serverless.yml | 51 ++++++++ .../serverless.yml | 53 ++++++++ .../serverless.yml | 50 ++++++++ .../serverless.yml | 120 ++++++++++++++++++ .../serverless.yml | 84 ++++++++++++ src/index.js | 10 +- 10 files changed, 478 insertions(+), 36 deletions(-) create mode 100644 src/__tests__/e2e/invalid-publisher-visibility-invalid-roles/serverless.yml create mode 100644 src/__tests__/e2e/invalid-publisher-visibility-missing-roles/serverless.yml create mode 100644 src/__tests__/e2e/invalid-subscriber-visibility-invalid-roles/serverless.yml create mode 100644 src/__tests__/e2e/invalid-subscriber-visibility-missing-roles/serverless.yml create mode 100644 src/__tests__/e2e/valid-visibility-restricted/serverless.yml create mode 100644 src/__tests__/e2e/valid-visibility-unrestricted/serverless.yml diff --git a/README.md b/README.md index 9e3322d..4c7c7e6 100644 --- a/README.md +++ b/README.md @@ -149,38 +149,42 @@ Serverless Framework plugin to manage APIs on [WSO2 API Manager](https://wso2.co > ### **`custom.wso2apim.apidefs..*`** > -> | Parameter | What? | Usage Example | -> | :------------------------ | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------: | -> | `name` | (CANNOT BE UPDATED LATER)
Your API Name | `MyAwesomeAPI` | -> | `version` | (CANNOT BE UPDATED LATER)
Your API Version, which also forms a part of the API URL ultimately. | `v1` | -> | `rootContext` | (CANNOT BE UPDATED LATER)
Your API Context, which will be exposed by WSO2 API Gateway. Must be unique per Gateway Environment. | `/myawesomeapi` | -> | `description` | Free-form text | `My Awesome API` | -> | `visibility` | Supports `PUBLIC` (Visible to everyone) and `PRIVATE` (Visible to current tenant) | `PUBLIC` | -> | `backend` | Supports `http` and `jms` backends.
Note: One API definition supports only one backend. | | -> | `backend.http.baseUrl` | Your HTTP backend base URL.

It supports:
a. **URL** - Any valid HTTP URL.
b. **AWS CloudFormation Export** - Exported value must contain a valid HTTP URL. | `https://backend:port/123`
(or)
`!ImportValue xx` | -> | `backend.http.certChain` | Optional, your backend certificate chain in PEM (base64) format.

It supports:
a. **File system** - Path must be relative to where `serverless.yml` is located.
b. **AWS Certificate ARN**
c. **AWS CloudFormation Export** - Exported value must contain a valid AWS Certificate ARN. | `file://certs/backend.cer`
(or)
`arn:aws:acm:..`
(or)
`!ImportValue xx` | -> | `backend.jms.destination` | Your JMS Destination (queue or topic name) | `MY.BACKEND.TOPIC` | -> | `backend.jms.parameters` | List of JMS connection parameters to be used in `key`:`value` form as described [here](https://axis.apache.org/axis2/java/transports/jms.html). | `transport.jms.ConnectionFactory: 'My-ConnectionFactory'` | -> | `backend.endpointType` | Optional, defaults to `http`. If you are using a non standard WSO2 extension, you might want to be able to override this. | `http`, `jms`, `lambda` | -> | `securityScheme` | Optional, defaults to `oath2`. Supports `mutualssl` and `oauth2`.
. -> | `securityScheme.mutualssl` | Requires `securityScheme.mutualssl.enabled` and `securityScheme.mutualssl.clientCert` to be defined.
. -> | `securityScheme.mutualssl.clientCert` | Required with mutualssl, your client certificate chain in PEM (base64) format.

It supports:
a. **File system** - Path must be relative to where `serverless.yml` is located.
b. **AWS Certificate ARN**
c. **AWS CloudFormation Export** - Exported value must contain a valid AWS Certificate ARN. | `file://certs/backend.cer`
(or)
`arn:aws:acm:..`
(or)
`!ImportValue xx` | -> | `securityScheme.mutualssl.enabled` | Required with `securityScheme.mutualssl`. Expects `true` or `false`
. -> | `securityScheme.oauth2` | Requires `securityScheme.oauth2.enabled` to be defined.
. -> | `securityScheme.oauth2.enabled` | Required with `securityScheme.oauth2`. Expects `true` or `false`
. -> | `mediationPolicies` | Optional, your choice of mediation policies (or) sequences. They can manipulate input/output/fault messages as described [here](https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions). | | -> | `mediationPolicies.in` | Input mediation policy, it manipulates the request going to your backend. | `log_in_message` | -> | `mediationPolicies.out` | Output mediation policy, it manipulates the response going back to your API consumer. | `json_validator` | -> | `mediationPolicies.fault` | Fault mediation policy, it manipulates the fault handling. | `None` | -> | `apiProperties` | Optional, List of API properties to be used in `key`:`value` form as described [here](https://docs.wso2.com/display/AM260/Adding+Custom+Properties+to+APIs). | `'property1': 'value1'` | -> | `maxTps` | Max. Transactions per second, used for throttling. | `100` | -> | `cors` | Optional, a CORS configuration to enable. Omit this property to disable CORS. See below for properties. | | -> | `cors.origins` | String array of allowed origins. Default: `['*']` | | -> | `cors.headers` | String array of allowed headers. Default: `['Authorization', 'Access-Control-Allow-Origin', 'Content-Type', 'SOAPAction']` | | -> | `cors.methods` | String array of allowed methods. Default: `['GET', 'PUT', 'POST', 'DELETE', 'PATCH', 'OPTIONS']` | | -> | `cors.credentials` | Allow credentials (boolean). Default: `false` | `true` | -> | `tags` | Tags as an array that show up in WSO2 console. | | -> | `swaggerSpec` | Swagger 2.0 / OpenAPI 3.0 specification in YML | | +> | Parameter | What? | Usage Example | +> | :------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------: | +> | `name` | (CANNOT BE UPDATED LATER)
Your API Name | `MyAwesomeAPI` | +> | `version` | (CANNOT BE UPDATED LATER)
Your API Version, which also forms a part of the API URL ultimately. | `v1` | +> | `rootContext` | (CANNOT BE UPDATED LATER)
Your API Context, which will be exposed by WSO2 API Gateway. Must be unique per Gateway Environment. | `/myawesomeapi` | +> | `description` | Free-form text | `My Awesome API` | +> | `visibility` | Supports `PUBLIC` (Visible to everyone) and `PRIVATE` (Visible to current tenant). Kept in the api for backwards compatibility. Please use fields for `subscriberVisibility` and `publisherVisibility`. | `PUBLIC` | +> | `subscriberVisibility` | Visibility of the API in the developer portal. Supports `PUBLIC` (Visible to everyone) and `PRIVATE` (Visible to current tenant) and `RESTRICTED` (Visible to it's tenant domain and only to the user roles that you specify. You should provide the roles in the `subscriberVisibilityRoles`.). | `RESTRICTED` | +> | `subscriberVisibilityRoles` | The user roles that are able to access the API in Store. Only applicable in combination with `subscriberVisibility`. | `admin` | +> | `publisherVisibility` | Visibility of the API in the publisher portal. Supports `PRIVATE` (Visible to all publishers/creators) and `RESTRICTED` (Visible to publishers/creators with the roles that you specify. You should provide the roles in the `publisherVisibilityRoles`.). | `RESTRICTED` | +> | `publisherVisibilityRoles` | The user roles that are able to access the API in Store. Only applicable in combination with `publisherVisibility`. | `admin` | +> | `backend` | Supports `http` and `jms` backends.
Note: One API definition supports only one backend. | | +> | `backend.http.baseUrl` | Your HTTP backend base URL.

It supports:
a. **URL** - Any valid HTTP URL.
b. **AWS CloudFormation Export** - Exported value must contain a valid HTTP URL. | `https://backend:port/123`
(or)
`!ImportValue xx` | +> | `backend.http.certChain` | Optional, your backend certificate chain in PEM (base64) format.

It supports:
a. **File system** - Path must be relative to where `serverless.yml` is located.
b. **AWS Certificate ARN**
c. **AWS CloudFormation Export** - Exported value must contain a valid AWS Certificate ARN. | `file://certs/backend.cer`
(or)
`arn:aws:acm:..`
(or)
`!ImportValue xx` | +> | `backend.jms.destination` | Your JMS Destination (queue or topic name) | `MY.BACKEND.TOPIC` | +> | `backend.jms.parameters` | List of JMS connection parameters to be used in `key`:`value` form as described [here](https://axis.apache.org/axis2/java/transports/jms.html). | `transport.jms.ConnectionFactory: 'My-ConnectionFactory'` | +> | `backend.endpointType` | Optional, defaults to `http`. If you are using a non standard WSO2 extension, you might want to be able to override this. | `http`, `jms`, `lambda` | +> | `securityScheme` | Optional, defaults to `oath2`. Supports `mutualssl` and `oauth2`.
. | +> | `securityScheme.mutualssl` | Requires `securityScheme.mutualssl.enabled` and `securityScheme.mutualssl.clientCert` to be defined.
. | +> | `securityScheme.mutualssl.clientCert` | Required with mutualssl, your client certificate chain in PEM (base64) format.

It supports:
a. **File system** - Path must be relative to where `serverless.yml` is located.
b. **AWS Certificate ARN**
c. **AWS CloudFormation Export** - Exported value must contain a valid AWS Certificate ARN. | `file://certs/backend.cer`
(or)
`arn:aws:acm:..`
(or)
`!ImportValue xx` | +> | `securityScheme.mutualssl.enabled` | Required with `securityScheme.mutualssl`. Expects `true` or `false`
. | +> | `securityScheme.oauth2` | Requires `securityScheme.oauth2.enabled` to be defined.
. | +> | `securityScheme.oauth2.enabled` | Required with `securityScheme.oauth2`. Expects `true` or `false`
. | +> | `mediationPolicies` | Optional, your choice of mediation policies (or) sequences. They can manipulate input/output/fault messages as described [here](https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions). | | +> | `mediationPolicies.in` | Input mediation policy, it manipulates the request going to your backend. | `log_in_message` | +> | `mediationPolicies.out` | Output mediation policy, it manipulates the response going back to your API consumer. | `json_validator` | +> | `mediationPolicies.fault` | Fault mediation policy, it manipulates the fault handling. | `None` | +> | `apiProperties` | Optional, List of API properties to be used in `key`:`value` form as described [here](https://docs.wso2.com/display/AM260/Adding+Custom+Properties+to+APIs). | `'property1': 'value1'` | +> | `maxTps` | Max. Transactions per second, used for throttling. | `100` | +> | `cors` | Optional, a CORS configuration to enable. Omit this property to disable CORS. See below for properties. | | +> | `cors.origins` | String array of allowed origins. Default: `['*']` | | +> | `cors.headers` | String array of allowed headers. Default: `['Authorization', 'Access-Control-Allow-Origin', 'Content-Type', 'SOAPAction']` | | +> | `cors.methods` | String array of allowed methods. Default: `['GET', 'PUT', 'POST', 'DELETE', 'PATCH', 'OPTIONS']` | | +> | `cors.credentials` | Allow credentials (boolean). Default: `false` | `true` | +> | `tags` | Tags as an array that show up in WSO2 console. | | +> | `swaggerSpec` | Swagger 2.0 / OpenAPI 3.0 specification in YML | | ## 💡Tip : Organize your project files efficiently. diff --git a/src/2.6.0/wso2apim.js b/src/2.6.0/wso2apim.js index ea1b627..346ae13 100644 --- a/src/2.6.0/wso2apim.js +++ b/src/2.6.0/wso2apim.js @@ -211,7 +211,7 @@ function constructAPIDef(user, gatewayEnv, apiDef, apiId) { sandbox: (apiDef.maxTps) ? apiDef.maxTps : undefined, production: (apiDef.maxTps) ? apiDef.maxTps : undefined }, - visibility: apiDef.visibility, + visibility: apiDef.subscriberVisibility || apiDef.visibility, endpointConfig: JSON.stringify({ production_endpoints: { url: backendBaseUrl, @@ -239,6 +239,15 @@ function constructAPIDef(user, gatewayEnv, apiDef, apiId) { if (apiDef.cors) { wso2ApiDefinition.corsConfiguration = constructCorsConfiguration(apiDef); } + if (apiDef.subscriberVisibilityRoles) { + wso2ApiDefinition.visibleRoles = apiDef.subscriberVisibilityRoles; + } + if (apiDef.publisherVisibility) { + wso2ApiDefinition.accessControl = apiDef.publisherVisibility === 'PRIVATE' ? 'NONE' : apiDef.publisherVisibility; + } + if (apiDef.publisherVisibilityRoles) { + wso2ApiDefinition.accessControlRoles = apiDef.publisherVisibilityRoles; + } backendBaseUrl = ''; backendType = ''; @@ -578,7 +587,7 @@ async function listCertInfo(wso2APIM, accessToken, certAlias) { * @param {*} swaggerSpec * @returns */ - async function upsertSwaggerSpec(wso2APIM, accessToken, apiId, swaggerSpec) { +async function upsertSwaggerSpec(wso2APIM, accessToken, apiId, swaggerSpec) { try { const url = `https://${wso2APIM.host}:${wso2APIM.port}/api/am/publisher/${wso2APIM.versionSlug}/apis/${apiId}/swagger`; const config = { diff --git a/src/3.2.0/wso2apim.js b/src/3.2.0/wso2apim.js index 5c0cb30..0f9f873 100644 --- a/src/3.2.0/wso2apim.js +++ b/src/3.2.0/wso2apim.js @@ -224,7 +224,7 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) { maxTps: { production: (apiDef.maxTps) ? apiDef.maxTps : undefined }, - visibility: apiDef.visibility, + visibility: apiDef.subscriberVisibility || apiDef.visibility, endpointConfig: { production_endpoints: { url: backendBaseUrl }, @@ -250,6 +250,15 @@ async function constructAPIDef(user, gatewayEnv, apiDef, apiId) { if (apiDef.cors) { wso2ApiDefinition.corsConfiguration = constructCorsConfiguration(apiDef); } + if (apiDef.subscriberVisibilityRoles) { + wso2ApiDefinition.visibleRoles = apiDef.subscriberVisibilityRoles; + } + if (apiDef.publisherVisibility) { + wso2ApiDefinition.accessControl = apiDef.publisherVisibility === 'PRIVATE' ? 'NONE' : apiDef.publisherVisibility; + } + if (apiDef.publisherVisibilityRoles) { + wso2ApiDefinition.accessControlRoles = apiDef.publisherVisibilityRoles; + } backendBaseUrl = ''; backendType = ''; diff --git a/src/__tests__/e2e/invalid-publisher-visibility-invalid-roles/serverless.yml b/src/__tests__/e2e/invalid-publisher-visibility-invalid-roles/serverless.yml new file mode 100644 index 0000000..7e593d8 --- /dev/null +++ b/src/__tests__/e2e/invalid-publisher-visibility-invalid-roles/serverless.yml @@ -0,0 +1,54 @@ +service: serverless-wso2-apim +provider: + name: aws + stackName: ${env:STACK_NAME} + deploymentBucket: + name: ${env:TEST_ID_NORMALIZED} +plugins: + - serverless-localstack + - serverless-deployment-bucket + - "../../../../src" + +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case. +#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js` +custom: + wso2apim: + enabled: true + host: ${env:WSO2_HOST} + port: ${env:WSO2_PORT} + user: ${env:WSO2_USER} + pass: ${env:WSO2_PASS} + gatewayEnv: ${env:WSO2_ENV} + apidefs: + - name: ${env:TEST_ID}-1 + description: ${env:TEST_ID}-1 + rootContext: /${env:TEST_ID}-1 + version: "1" + subscriberVisibility: "RESTRICTED" + subscriberVisibilityRoles: + - "admin" + publisherVisibility: "RESTRICTED" + publisherVisibilityRoles: "admin" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-1 + swaggerSpec: + swagger: "2.0" + pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + +# Optionally, add your other AWS provider-specific resources below. +# Make sure there is at least one resource listed below, otherwise stack deployment would fail. +resources: + Resources: + Topic: + Type: AWS::SNS::Topic diff --git a/src/__tests__/e2e/invalid-publisher-visibility-missing-roles/serverless.yml b/src/__tests__/e2e/invalid-publisher-visibility-missing-roles/serverless.yml new file mode 100644 index 0000000..ff58ad6 --- /dev/null +++ b/src/__tests__/e2e/invalid-publisher-visibility-missing-roles/serverless.yml @@ -0,0 +1,51 @@ +service: serverless-wso2-apim +provider: + name: aws + stackName: ${env:STACK_NAME} + deploymentBucket: + name: ${env:TEST_ID_NORMALIZED} +plugins: + - serverless-localstack + - serverless-deployment-bucket + - "../../../../src" + +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case. +#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js` +custom: + wso2apim: + enabled: true + host: ${env:WSO2_HOST} + port: ${env:WSO2_PORT} + user: ${env:WSO2_USER} + pass: ${env:WSO2_PASS} + gatewayEnv: ${env:WSO2_ENV} + apidefs: + - name: ${env:TEST_ID}-1 + description: ${env:TEST_ID}-1 + rootContext: /${env:TEST_ID}-1 + version: "1" + subscriberVisibility: "PRIVATE" + publisherVisibility: "RESTRICTED" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-1 + swaggerSpec: + swagger: "2.0" + pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + +# Optionally, add your other AWS provider-specific resources below. +# Make sure there is at least one resource listed below, otherwise stack deployment would fail. +resources: + Resources: + Topic: + Type: AWS::SNS::Topic diff --git a/src/__tests__/e2e/invalid-subscriber-visibility-invalid-roles/serverless.yml b/src/__tests__/e2e/invalid-subscriber-visibility-invalid-roles/serverless.yml new file mode 100644 index 0000000..b7404be --- /dev/null +++ b/src/__tests__/e2e/invalid-subscriber-visibility-invalid-roles/serverless.yml @@ -0,0 +1,53 @@ +service: serverless-wso2-apim +provider: + name: aws + stackName: ${env:STACK_NAME} + deploymentBucket: + name: ${env:TEST_ID_NORMALIZED} +plugins: + - serverless-localstack + - serverless-deployment-bucket + - "../../../../src" + +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case. +#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js` +custom: + wso2apim: + enabled: true + host: ${env:WSO2_HOST} + port: ${env:WSO2_PORT} + user: ${env:WSO2_USER} + pass: ${env:WSO2_PASS} + gatewayEnv: ${env:WSO2_ENV} + apidefs: + - name: ${env:TEST_ID}-1 + description: ${env:TEST_ID}-1 + rootContext: /${env:TEST_ID}-1 + version: "1" + subscriberVisibility: "RESTRICTED" + subscriberVisibilityRoles: + - "admin" + - "non-existing-role" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-1 + swaggerSpec: + swagger: "2.0" + pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + +# Optionally, add your other AWS provider-specific resources below. +# Make sure there is at least one resource listed below, otherwise stack deployment would fail. +resources: + Resources: + Topic: + Type: AWS::SNS::Topic diff --git a/src/__tests__/e2e/invalid-subscriber-visibility-missing-roles/serverless.yml b/src/__tests__/e2e/invalid-subscriber-visibility-missing-roles/serverless.yml new file mode 100644 index 0000000..d1cd552 --- /dev/null +++ b/src/__tests__/e2e/invalid-subscriber-visibility-missing-roles/serverless.yml @@ -0,0 +1,50 @@ +service: serverless-wso2-apim +provider: + name: aws + stackName: ${env:STACK_NAME} + deploymentBucket: + name: ${env:TEST_ID_NORMALIZED} +plugins: + - serverless-localstack + - serverless-deployment-bucket + - "../../../../src" + +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case. +#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js` +custom: + wso2apim: + enabled: true + host: ${env:WSO2_HOST} + port: ${env:WSO2_PORT} + user: ${env:WSO2_USER} + pass: ${env:WSO2_PASS} + gatewayEnv: ${env:WSO2_ENV} + apidefs: + - name: ${env:TEST_ID}-1 + description: ${env:TEST_ID}-1 + rootContext: /${env:TEST_ID}-1 + version: "1" + subscriberVisibility: "RESTRICTED" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-1 + swaggerSpec: + swagger: "2.0" + pathsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + +# Optionally, add your other AWS provider-specific resources below. +# Make sure there is at least one resource listed below, otherwise stack deployment would fail. +resources: + Resources: + Topic: + Type: AWS::SNS::Topic diff --git a/src/__tests__/e2e/valid-visibility-restricted/serverless.yml b/src/__tests__/e2e/valid-visibility-restricted/serverless.yml new file mode 100644 index 0000000..6711ec1 --- /dev/null +++ b/src/__tests__/e2e/valid-visibility-restricted/serverless.yml @@ -0,0 +1,120 @@ +service: serverless-wso2-apim +provider: + name: aws + stackName: ${env:STACK_NAME} + deploymentBucket: + name: ${env:TEST_ID_NORMALIZED} +plugins: + - serverless-localstack + - serverless-deployment-bucket + - "../../../../src" + +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case. +#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js` +custom: + wso2apim: + enabled: true + host: ${env:WSO2_HOST} + port: ${env:WSO2_PORT} + user: ${env:WSO2_USER} + pass: ${env:WSO2_PASS} + gatewayEnv: ${env:WSO2_ENV} + apidefs: + - name: ${env:TEST_ID}-1 + description: ${env:TEST_ID}-1 + rootContext: /${env:TEST_ID}-1 + version: "v1" + subscriberVisibility: "RESTRICTED" + subscriberVisibilityRoles: + - "admin" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-1 + swaggerSpec: + swagger: "2.0" + info: + title: ${env:TEST_ID}-1 + version: "v1" + contact: + name: ${env:TEST_ID}-1 + email: ${env:TEST_ID}-1 + paths: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + - name: ${env:TEST_ID}-2 + description: ${env:TEST_ID}-2 + rootContext: /${env:TEST_ID}-2 + version: "1" + subscriberVisibility: "RESTRICTED" + subscriberVisibilityRoles: + - "admin" + - "Internal/subscriber" + publisherVisibility: "RESTRICTED" + publisherVisibilityRoles: + - "admin" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-2 + swaggerSpec: + openapi: 3.0.0 + info: + title: ${env:TEST_ID}-2 + version: "1" + contact: + name: ${env:TEST_ID}-2 + email: ${env:TEST_ID}-2 + paths: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + - name: ${env:TEST_ID}-3 + description: ${env:TEST_ID}-3 + rootContext: /${env:TEST_ID}-3 + version: "1" + visibility: "PRIVATE" + publisherVisibility: "RESTRICTED" + publisherVisibilityRoles: + - "admin" + - "Internal/publisher" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-3 + swaggerSpec: + openapi: 3.0.0 + info: + title: ${env:TEST_ID}-3 + version: "1" + contact: + name: ${env:TEST_ID}-3 + email: ${env:TEST_ID}-3 + paths: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + +# Optionally, add your other AWS provider-specific resources below. +# Make sure there is at least one resource listed below, otherwise stack deployment would fail. +resources: + Resources: + Topic: + Type: AWS::SNS::Topic diff --git a/src/__tests__/e2e/valid-visibility-unrestricted/serverless.yml b/src/__tests__/e2e/valid-visibility-unrestricted/serverless.yml new file mode 100644 index 0000000..cda6cb9 --- /dev/null +++ b/src/__tests__/e2e/valid-visibility-unrestricted/serverless.yml @@ -0,0 +1,84 @@ +service: serverless-wso2-apim +provider: + name: aws + stackName: ${env:STACK_NAME} + deploymentBucket: + name: ${env:TEST_ID_NORMALIZED} +plugins: + - serverless-localstack + - serverless-deployment-bucket + - "../../../../src" + +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ Modify the configuration below to suit your test case. +#⬇⬇⬇ START HERE ⬇⬇⬇⬇ Help: https://github.com/ramgrandhi/serverless-wso2-apim#configuration-reference +#⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇ For a full list of env vars that you can use, refer `src/__tests__/e2e/e2e.test.js` +custom: + wso2apim: + enabled: true + host: ${env:WSO2_HOST} + port: ${env:WSO2_PORT} + user: ${env:WSO2_USER} + pass: ${env:WSO2_PASS} + gatewayEnv: ${env:WSO2_ENV} + apidefs: + - name: ${env:TEST_ID}-1 + description: ${env:TEST_ID}-1 + rootContext: /${env:TEST_ID}-1 + version: "v1" + subscriberVisibility: "PUBLIC" + publisherVisibility: "PRIVATE" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-1 + swaggerSpec: + swagger: "2.0" + info: + title: ${env:TEST_ID}-1 + version: "v1" + contact: + name: ${env:TEST_ID}-1 + email: ${env:TEST_ID}-1 + paths: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + - name: ${env:TEST_ID}-2 + description: ${env:TEST_ID}-2 + rootContext: /${env:TEST_ID}-2 + version: "1" + visibility: "PRIVATE" + subscriberVisibility: "PRIVATE" + backend: + http: + baseUrl: "https://baseUrl" + maxTps: 10 + tags: + - ${env:TEST_ID}-2 + swaggerSpec: + openapi: 3.0.0 + info: + title: ${env:TEST_ID}-2 + version: "1" + contact: + name: ${env:TEST_ID}-2 + email: ${env:TEST_ID}-2 + paths: + /*: + post: + responses: + "201": + description: Created + x-auth-type: "None" + +# Optionally, add your other AWS provider-specific resources below. +# Make sure there is at least one resource listed below, otherwise stack deployment would fail. +resources: + Resources: + Topic: + Type: AWS::SNS::Topic diff --git a/src/index.js b/src/index.js index 473a516..cb18529 100644 --- a/src/index.js +++ b/src/index.js @@ -177,6 +177,12 @@ class Serverless_WSO2_APIM { (wso2APIM.apidefs.every(def => typeof def.cors === 'undefined' || (typeof def.cors.credentials === 'undefined' || typeof def.cors.credentials === 'boolean')) ), + (wso2APIM.apidefs.every(def => (!def.subscriberVisibility || + def.subscriberVisibility !== 'RESTRICTED' || (Array.isArray(def.subscriberVisibilityRoles) && def.subscriberVisibilityRoles.length > 0))) + ), + (wso2APIM.apidefs.every(def => (!def.publisherVisibility || + def.publisherVisibility !== 'RESTRICTED' || (Array.isArray(def.publisherVisibilityRoles) && def.publisherVisibilityRoles.length > 0))) + ) ]; const messagesArrayGeneric = [ @@ -187,7 +193,9 @@ class Serverless_WSO2_APIM { 'Invalid value assigned to `custom.wso2apim.pass`', 'Invalid value assigned to `custom.wso2apim.gatewayEnv`', 'No API definitions supplied `custom.wso2apim.apidefs`', - 'Invalid value assigned to `custom.wso2apim.apiDefs[i].cors.credentials`' + 'Invalid value assigned to `custom.wso2apim.apiDefs[i].cors.credentials`', + 'Invalid value assigned to `custom.wso2apim.subscriberVisibilityRoles`', + 'Invalid value assigned to `custom.wso2apim.publisherVisibilityRoles`' ]; if (conditionsArrayGeneric.indexOf(false) !== -1) {