Feature SDX

src/auth/methods.json

@@ -17,5 +17,9 @@
   "github": {
     "text": "Github",
     "description": ""
+  },
+  "digitalcredential": {
+    "text": "Digital Credential",
+    "description": "A digital credential that proves your identity and is issued by a trusted authority."
   }
 }

src/batch/data-rules.js

@@ -1,3 +1,4 @@
+
 const metadata = {
   Organization: {
     query: 'allOrganizations',
@@ -18,6 +19,7 @@ const metadata = {
         name: 'connectExclusiveListCreate',
         list: 'OrganizationUnit',
         syncFirst: true,
+        refKey: 'extForeignKey',
       },
     },
   },
@@ -387,7 +389,7 @@ const metadata = {
   Application: {
     query: 'allApplications',
     refKey: 'appId',
-    sync: ['name', 'description'],
+    sync: ['name', 'description', 'namespace'],
     transformations: {
       owner: { name: 'connectOne', list: 'allUsers', refKey: 'username' },
       organization: {
@@ -408,19 +410,32 @@ const metadata = {
     query: 'allProducts',
     refKey: 'appId',
     compositeRefKey: ['name', 'namespace'],
-    sync: ['name', 'description', 'namespace'],
+    sync: ['name', 'type', 'description', 'namespace', 'organization', 'openapiSpecs'],
     transformations: {
       dataset: { name: 'connectOne', list: 'allDatasets', refKey: 'name' },
+      openapiSpecs: { name: "toStringDefaultArray" },
       environments: {
         name: 'connectExclusiveListCreate',
         list: 'Environment',
         syncFirst: true,
         refKey: 'appId',
       },
+      organization: {
+        name: 'connectOne',
+        list: 'allOrganizations',
+        refKey: 'name',
+      },
+    },
+    validations: {
+      type: {
+        type: 'enum',
+        values: ['app', 'service'],
+      },
     },
     example: {
       name: 'my-new-product',
       appId: '000000000000',
+      type: 'service',
       environments: [
         {
           name: 'dev',
@@ -449,6 +464,9 @@ const metadata = {
         filterByNamespace: true,
       },
       legal: { name: 'connectOne', list: 'allLegals', refKey: 'reference' },
+      // exclude "spec" otherwise batch reading will automatically try to read it
+      // which we don't necessarily want
+      // spec: { name: 'connectOne', list: 'allBlobs', refKey: 'name' },
       credentialIssuer: {
         name: 'connectOne',
         list: 'allCredentialIssuers',
@@ -530,7 +548,7 @@ const metadata = {
       mode: { type: 'enum', values: ['auto'] },
       clientAuthenticator: {
         type: 'enum',
-        values: ['client-secret', 'client-jwt', 'client-jwt-jwks-url'],
+        values: ['client-secret', 'client-jwt', 'client-jwt-jwks-url', 'client-certificate'],
       },
       environmentDetails: {
         type: 'entityArray',

src/batch/feed-worker.ts

@@ -221,7 +221,7 @@ function buildQueryResponse(md: any, children: string[] = undefined): string[] {
     .slice();
   response.push(md.refKey);
 
-  logger.debug('[buildQueryResponse] DRAFT (%s) %j', md.query, response);
+  logger.debug('[buildQueryResponse] DRAFT (%s) (%s) %j', children, md.query, response);
   if (children) {
     relationshipFields.forEach((field: string) => {
       // populate the fields as well
@@ -511,6 +511,7 @@ export const syncRecords = async function (
           const transformInfo = md.transformations[transformKey];
           if (transformInfo.syncFirst) {
             // handle these children independently first - return a list of IDs
+
             const allIds = await syncListOfRecords(
               context,
               transformInfo,

src/controllers/ioc/keystoneInjector.ts

@@ -2,6 +2,7 @@ import { Keystone } from '@keystonejs/keystone';
 import { injectable } from 'tsyringe';
 import { scopes, scopesToRoles } from '../../auth/scope-role-utils';
 import { Logger } from '../../logger';
+import { lookupUserByUsername } from '../../services/keystone';
 
 const logger = Logger('controller');
 
@@ -38,6 +39,49 @@ export class KeystoneService {
     return this.keystone.createContext({ skipAccessControl: true });
   }
 
+  public async createContextithUser(
+    request: any,
+    skipAccessControl: boolean = false
+  ) {
+    const _scopes = scopes(request.user.scope);
+
+    const identityProvider = request.user.identity_provider;
+
+    if (!request.user && !request.user.preferred_username) {
+      throw new Error(
+        'User information is required to create context with user'
+      );
+    }
+    const tmpCtx = this.keystone.createContext({
+      skipAccessControl: true,
+    });
+    const users = await lookupUserByUsername(
+      tmpCtx,
+      request.user.preferred_username
+    );
+    if (!users) {
+      throw new Error(`User ${request.user.preferred_username} not found`);
+    }
+    const userId = users[0].id;
+
+    const identity = {
+      id: null,
+      name: resolveName(request.user),
+      username: resolveUsername(request.user),
+      namespace: request.params.ns || request.params.gatewayId,
+      roles: JSON.stringify(scopesToRoles(identityProvider, _scopes)),
+      scopes: _scopes,
+      userId,
+    } as any;
+    logger.debug('identity %j', identity);
+    const ctx = this.keystone.createContext({
+      skipAccessControl,
+      authentication: { item: identity },
+    });
+    ctx.req = request;
+    return ctx;
+  }
+
   public createContext(request: any, skipAccessControl: boolean = false): any {
     const _scopes = scopes(request.user.scope);
 

src/controllers/v2/openapi.yaml

@@ -352,6 +352,7 @@ components:
                         - client-secret
                         - client-jwt
                         - client-jwt-jwks-url
+                        - client-certificate
                 instruction:
                     type: string
                 environmentDetails:
@@ -579,13 +580,21 @@ components:
                     type: string
                 enabled:
                     type: boolean
+                permDataPlane:
+                    type: string
+                permDomains:
+                    items:
+                        type: string
+                    type: array
                 updatedAt:
                     type: number
                     format: double
             required:
                 - name
                 - orgUnit
                 - enabled
+                - permDataPlane
+                - permDomains
                 - updatedAt
             type: object
             additionalProperties: false
@@ -645,21 +654,33 @@ components:
                     type: string
                 name:
                     type: string
+                type:
+                    type: string
+                    enum:
+                        - app
+                        - service
                 description:
                     type: string
                 namespace:
                     type: string
+                openapiSpecs:
+                    items:
+                        type: string
+                    type: array
                 dataset:
                     $ref: '#/components/schemas/DraftDatasetRefID'
                 environments:
                     items:
                         $ref: '#/components/schemas/Environment'
                     type: array
+                organization:
+                    $ref: '#/components/schemas/OrganizationRefID'
             type: object
             additionalProperties: false
             example:
                 name: my-new-product
                 appId: '000000000000'
+                type: service
                 environments:
                     -
                         name: dev

src/controllers/v2/routes.ts

@@ -232,7 +232,7 @@ const models: TsoaRoute.Models = {
             "flow": {"dataType":"enum","enums":["client-credentials"]},
             "mode": {"dataType":"enum","enums":["auto"]},
             "authPlugin": {"dataType":"string"},
-            "clientAuthenticator": {"dataType":"union","subSchemas":[{"dataType":"enum","enums":["client-secret"]},{"dataType":"enum","enums":["client-jwt"]},{"dataType":"enum","enums":["client-jwt-jwks-url"]}]},
+            "clientAuthenticator": {"dataType":"union","subSchemas":[{"dataType":"enum","enums":["client-secret"]},{"dataType":"enum","enums":["client-jwt"]},{"dataType":"enum","enums":["client-jwt-jwks-url"]},{"dataType":"enum","enums":["client-certificate"]}]},
             "instruction": {"dataType":"string"},
             "environmentDetails": {"dataType":"array","array":{"dataType":"refObject","ref":"IssuerEnvironmentConfig"}},
             "resourceType": {"dataType":"string"},
@@ -373,6 +373,8 @@ const models: TsoaRoute.Models = {
             "name": {"dataType":"string","required":true},
             "orgUnit": {"dataType":"string","required":true},
             "enabled": {"dataType":"boolean","required":true},
+            "permDataPlane": {"dataType":"string","required":true},
+            "permDomains": {"dataType":"array","array":{"dataType":"string"},"required":true},
             "updatedAt": {"dataType":"double","required":true},
         },
         "additionalProperties": false,
@@ -414,10 +416,13 @@ const models: TsoaRoute.Models = {
         "properties": {
             "appId": {"dataType":"string"},
             "name": {"dataType":"string"},
+            "type": {"dataType":"union","subSchemas":[{"dataType":"enum","enums":["app"]},{"dataType":"enum","enums":["service"]}]},
             "description": {"dataType":"string"},
             "namespace": {"dataType":"string"},
+            "openapiSpecs": {"dataType":"array","array":{"dataType":"string"}},
             "dataset": {"ref":"DraftDatasetRefID"},
             "environments": {"dataType":"array","array":{"dataType":"refObject","ref":"Environment"}},
+            "organization": {"ref":"OrganizationRefID"},
         },
         "additionalProperties": false,
     },

src/controllers/v2/types.ts

@@ -263,6 +263,7 @@ export interface Application {
   appId?: string; // Primary Key
   name?: string;
   description?: string;
+  namespace?: string;
   owner?: UserRefID;
   organization?: OrganizationRefID;
   organizationUnit?: OrganizationUnitRefID;
@@ -274,6 +275,7 @@ export interface Application {
  * @example {
  *   "name": "my-new-product",
  *   "appId": "000000000000",
+ *   "type": "service",
  *   "environments": [
  *     {
  *       "name": "dev",
@@ -288,10 +290,13 @@ export interface Application {
 export interface Product {
   appId?: string; // Primary Key
   name?: string;
+  type?: "app" | "service";
   description?: string;
   namespace?: string;
+  openapiSpecs?: string[];
   dataset?: DraftDatasetRefID;
   environments?: Environment[];
+  organization?: OrganizationRefID;
 }
 
 
@@ -337,7 +342,7 @@ export interface CredentialIssuer {
   flow?: "client-credentials";
   mode?: "auto";
   authPlugin?: string;
-  clientAuthenticator?: "client-secret" | "client-jwt" | "client-jwt-jwks-url";
+  clientAuthenticator?: "client-secret" | "client-jwt" | "client-jwt-jwks-url" | "client-certificate";
   instruction?: string;
   environmentDetails?: IssuerEnvironmentConfig[];
   resourceType?: string;

src/controllers/v3/GatewayServicesController.ts

@@ -38,6 +38,7 @@ export class GatewayController extends Controller {
   @OperationId('publish-gateway-config')
   @Security('jwt', ['Gateway.Config'])
   public async put(
+    @Path() gatewayId: string,
     @FormField() dryRun: boolean,
     @UploadedFile() configFile: Express.Multer.File
   ): Promise<PublishResult> {

src/controllers/v3/OrgAPISpecController.ts

@@ -0,0 +1,69 @@
+import {
+  Controller,
+  Request,
+  OperationId,
+  Put,
+  Path,
+  Route,
+  Security,
+  Body,
+  Tags,
+  Get,
+} from 'tsoa';
+import { KeystoneService } from '../ioc/keystoneInjector';
+import { inject, injectable } from 'tsyringe';
+import { OrgAPISpecCreateInput } from './types-extra';
+import { Logger } from '../../logger';
+import { gql } from 'graphql-request';
+import { UpdateAPISpec, GetAPISpecsByOrg } from '../../services/workflow/api-specs';
+
+const logger = Logger('controllers.OrgAPISpec');
+
+@injectable()
+@Route('/organizations')
+@Tags('Organizations')
+export class OrgAPISpecController extends Controller {
+  private keystone: KeystoneService;
+  constructor(@inject('KeystoneService') private _keystone: KeystoneService) {
+    super();
+    this.keystone = _keystone;
+  }
+
+  /**
+   * Update API Specification for a Product Environment
+   * > `Required Scope:` Namespace.Assign
+   *
+   * @summary Manage Access Requests
+   * @param ns
+   * @param body
+   * @param request
+   */
+  @Put('/{org}/api_specs')
+  @OperationId('organization-put-access-requests')
+  @Security('jwt', ['Namespace.Assign'])
+  public async put(
+    @Path() org: string,
+    @Body() body: OrgAPISpecCreateInput,
+    @Request() request: any
+  ): Promise<{ id: string }> {
+    const ctx = await this.keystone.createContextithUser(request, true);
+
+    const result = await UpdateAPISpec(ctx, body.specUrl, body.productEnvAppId);
+    logger.debug('OrgAPISpecController: %j', result);
+    return { id: result.id };
+  }
+
+  @Get('/{org}/api_specs')
+  @OperationId('organization-get-api-specs')
+  //@Security('jwt', ['Namespace.Assign'])
+  public async get(
+    @Path() org: string,
+    @Request() request: any
+  ): Promise<{ prodEnvId: string; spec: string }> {
+    const ctx = this.keystone.sudo();    
+    //const ctx = await this.keystone.createContext(request, true);
+    const result = await GetAPISpecsByOrg(ctx, org);
+    logger.debug('OrgAPISpecController: %j', result);
+    return result;
+  }
+}