Wednesday, January 22, 2014

API Manager 1.6.0 - tanancy


Came across a question on API Manager tenancy ...

As per docs [1]
"WSO2 API Manager supports creating multiple tenants and managing APIs in a tenant-isolated manner. When you create multiple tenants in an API Manager deployment, the API Stores of each tenant will be displayed in a muti-tenanted view for all users to browse and permitted users to subscribe to. "

Let's try it and see !!

Step 1 - Create a tenant

  • Login to management console - https://localhost:9443/carbon/
  • Create a new tenant from Home > Configure > Multitenancy > Add New Tenant - lets say my tenant is yumani.com. 
  • Now if you check in API Store, you will see tenant domains there.
When you click on yumani.com above, you will be taken to yumani.com's API store.
Lets try working within a tenant and see;
Step 2 - Create users within the tenant
We need 3 user roles - creator, publisher and subscriber
  • Login to management console, using tenant admin's credentials
  • Create a new user role from Home > Configure > Users and Roles > Roles
    • name - creator
    • permissions - as given in [2]
  • Create a role for subscriber
    • name -subscriber
    • permissions - login, Manage -> API ->Subscribe [3]
  • Create a role for publisher
    • name -publisher
    • permissions -login, Manage -> API ->Publish [4]
  • Create 3 users and assign them to each role.
Small test - if the permissions are correctly set as per above;
 
-  when you login to publisher (https://localhost:9443/publisher/) from creator's login- you should see an option to add APIs
 
 - When you login from publisher's login, you should not see an option to add APIs. You will only be able to list APIs and publish them.
 
- Finally, you will not have sufficient privileges to login to publisher using subscriber's login. 
Step 3 - Create and publish API
  • Login to 'API Publisher' from creator's account and create a new API.

 Step 4 - View the API from store
  • Now login to API Store using subscriber's account
  • You will see the above API.
Another test: 
- Create another tenant, try login to tenant 1's (yumani.com) store, you are not allowed!
 
- Login to tenan 3's store and see if you see any of tenant 1's APIs. No! because of tenancy.
NOTE: In earlier versions of APIM (APIM-1.4.0), we had a concept of allowing selected tenant's view other tenant's APIs. But it is not available in latest releases.
 
[2]- http://docs.wso2.org/display/AM160/User+Roles+in+the+API+Manager#UserRolesintheAPIManager-Addingthe creator role
[3] - http://docs.wso2.org/display/AM160/User+Roles+in+the+API+Manager#UserRolesintheAPIManager-Thedefault subscriber role
[4] - http://docs.wso2.org/display/AM160/User+Roles+in+the+API+Manager#UserRolesintheAPIManager-Addingthe publisher role

Featured

Selenium - Page Object Model and Action Methods

  How we change this code to PageObjectModel and action classes. 1 2 3 driver . findElement ( By . id ( "userEmail" )). sendKeys (...

Popular Posts