apiops icon indicating copy to clipboard operation
apiops copied to clipboard

Published 20 hours ago verified publisher icon Azure

How can I override the Access Control/Groups in Product for upper environments.

Open vinilka8 opened this issue 2 years ago • 9 comments

Please describe the feature.

Hi Guys

How do we override the ACCESS CONTROL in the PRODUCT for the upper environment, from DEV to QA using configuration file?

DEV APIM Instance has a product, that has an access control assigned to Administrators and Developers image image

QA APIM Instance should also have a product BUT in this case the one of the roles should be different, instead of Developers we need ITOperations.

Thanks

vinilka8 avatar Dec 04 '23 21:12 vinilka8 

  Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
  Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.

github-actions[bot] avatar Dec 04 '23 21:12 github-actions[bot]

@vinilka8 - try overriding your QA configuration file like this:

products:
  - name: user
    groups:
      - administrators
      - ITOperations

guythetechie avatar Dec 05 '23 14:12 guythetechie

Hello @guythetechie

I have tried your suggestion it's something I was looking for, but it's not working, unfortunately. image

in my sample I have used Administrators and Developers, so in a DEV environment I have removed developers, but adding developers into QA environment image image

still only administrators in QA, image

vinilka8 avatar Dec 05 '23 21:12 vinilka8

Hi Guys

Any updates?

Thanks

vinilka8 avatar Dec 12 '23 18:12 vinilka8

  1. Can you check that the administrators group already exists in QA? ApiOps will not create groups for you, it will just link products to existing groups.
  2. You can enable debug logging to see which URLs get called by ApiOps. Can you look at your logs and see which calls are made when it processes product groups?

guythetechie avatar Dec 12 '23 19:12 guythetechie

  1. yes, I can confirm that the Administrators group already exists in QA, I have manually assigned administrators and developers to a product access control, BUT the APIOPS pipeline doesn't do that image
  2. by default I am running debug logging - in a new case I am trying to assign 'Guests' to my product, but the pipeline still doesn't do the work, I still don't see guests assigned to a product. image image

Yes, I am aware that APIOps will just link product to existing groups, but it's not the case

vinilka8 avatar Dec 12 '23 20:12 vinilka8

Can you share your publisher pipeline logs with any sensitive information scrubbed? If you're concerned about posting scrubbed logs here, feel free to create a private Git repo, put your logs there, and invite me.

guythetechie avatar Dec 12 '23 20:12 guythetechie

image those only debug logs I have obtained, I don't see what payload is passed into rest api

vinilka8 avatar Dec 12 '23 21:12 vinilka8

You need to enable trace logging to show the payload.

guythetechie avatar Mar 11 '24 14:03 guythetechie