Need to know the roles that would grant access to this call.
Simple RBAC, API Checker need to be changed to accommodate relevant roles. Simple RBAC depends on API Validator, if API Checker changes and we pull those changes into API Validator.
There is API Checker work to be done before the relevant roles feature is ready for consumption.
- The rax:roles XSLT needs to be updated to add rax:captureHeader which will create the X-Relevant-Roles header and populate it with the intersection of X-Roles and the configured rax:roles.
- Tests must exist to prove that this functionality works. Be sure to test the case where multiple x-roles values would grant access to a resource.
- End-to-end (i.e., functional) tests need to be added to cover the remaining configuration combinations for rax:captureHeader. The test suite for rax:captureHeader should look pretty similar to the test suite for rax:assert except that rax:captureHeader cannot fail, and thus, the failure state and message do not need to be tested.
Jorge Williams has volunteered to finish the end-to-end tests for rax:captureHeader since he has already started them, and knows how to exercise the various ways to construct the state machine.
The work currently in progress can be found at:
Once the api-checker work is finished and released, Repose must bring in new version of the library. The feature will be on by default (i.e., no config updates in Repose to turn this on in API Validator).
- Work is in API Checker. Jorge has done the majority of the work, but the remainder should be finished and tested.
- Add to release notes
- Tests exist to prove we have implemented this feature correctly
See screenshots for additional context.