[Draft] Add APIM Governance Implementation #12805

Avishka-Shamendra · 2025-01-30T09:18:36Z

Purpose

This PR introduces governance capabilities to the API Manager.

Goals

With this feature, organization admins will be able to govern the APIs created within the organization through rulesets and policies. This will help address issues such as inconsistent design, security risks, and poor consumer experience.

Approach

A new API is introduced to handle ruleset management, policy management, and artifact compliance and policy adherence.
The implementation and API modules contain the core logic for governance.
The engine module is designed in an extensible way and currently implements the GitHub repository wso2/rule-validator validation engine.

Documentation

Pending

Automation tests

Pending

Security checks

Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes
Ran FindSecurityBugs plugin and verified report? yes
Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes

Add Initial Governance Core Implementation

Add Async Validation Logic and Update APIM Governance Service

…pimgt into master-4.5.0 # Conflicts: # components/apimgt/org.wso2.carbon.apimgt.governance.impl/src/main/java/org/wso2/carbon/apimgt/governance/impl/util/GovernanceUtil.java

Improve TokenMergerInterceptor to support navigation between portals with governance

[Gov Feature Branch] Update Gov DB Structure

…pimgt into master-4.5.0 # Conflicts: # components/apimgt/org.wso2.carbon.apimgt.governance.impl/src/main/java/org/wso2/carbon/apimgt/governance/impl/service/APIMGovernanceServiceImpl.java

[Gov Feature Branch] Move Ruleset Content to New Table and Code Refactor

…pimgt into master-4.5.0

[Gov Feature Branch] Clean Up Governance Code Base and Add DB Scripts

…pimgt into master-4.5.0

Improve Scope validation for governance APIs

…aster-4.5.0 # Conflicts: # components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java # components/apimgt/org.wso2.carbon.apimgt.persistence/src/main/java/org/wso2/carbon/apimgt/persistence/RegistryPersistenceImpl.java # components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml # components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/webapp/WEB-INF/web.xml # components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/admin-api.yaml # components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml # components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/APIMappingUtil.java # components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java # components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml # components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/webapp/WEB-INF/web.xml

Improve Scope for API Governance

Update Delete queries in governance

Avishka-Shamendra and others added 30 commits January 20, 2025 11:03

Add initial impl for governance component

76c89f0

Add logic to create and get rulesets

a688b7b

Add code to add default rulesets

ebabacb

Add missing dependency

ccf08e7

Add rulesets endpoint implementation

9ff8c1f

Add policy endpoint implementation

129a7ee

Fix ruleset delete to check for policies

b1f3289

Add APIM client for governance

a67bf97

Fix ruleset and policy cruds

201f275

Add pagination and validation resource to api

b376713

Change attribute names of ruleset and policy

13e20f0

Add spectral interface

1697ce4

Change ruleset create, update to multipart

49815ee

Contd validation endpoint impl

6b5e074

Change db script

6b7b430

Start impl of scheduler

be62fc0

Contd impl

90fd834

Restructure code

75e701e

Restructure code

430ab79

Added service to call governance from apim

df3b9e1

Add rule category column

7bdbf76

Add validation engine as a service

00879dc

Add method to get governable states for artifact

5017d9a

Fix build issues

1bf9737

Merge pull request #12749 from Avishka-Shamendra/apim-governance-core

844cfa6

Add Initial Governance Core Implementation

Implement async validation flow

adac1eb

Update APIMGovernanceService

7ff8613

Merge pull request #12753 from Avishka-Shamendra/apim-governance-core

3a51dee

Add Async Validation Logic and Update APIM Governance Service

Add logs to verify governance invocation locations

ed4a5a8

Merge branch 'feature-governance' of https://github.com/wso2/carbon-a…

3f6edbf

…pimgt into master-4.5.0 # Conflicts: # components/apimgt/org.wso2.carbon.apimgt.governance.impl/src/main/java/org/wso2/carbon/apimgt/governance/impl/util/GovernanceUtil.java

Avishka-Shamendra and others added 30 commits February 4, 2025 22:23

Change gov ruleset result to remove duplicate entries

c0a4611

Fix db names

24b9fe0

Change result end points to support new DB structure

4663056

Update governance DBs h2 script

6270591

Update RestApiConstants.java

f6b5f4f

Merge pull request #12826 from AnuGayan/master-4.5.0

440b18c

Improve TokenMergerInterceptor to support navigation between portals with governance

Improve UI to support navigation between portals with governance

94d313d

Merge pull request #12832 from Avishka-Shamendra/apim-governance-core

be5ae4e

[Gov Feature Branch] Update Gov DB Structure

Merge branch 'feature-governance' of https://github.com/wso2/carbon-a…

15da247

…pimgt into master-4.5.0 # Conflicts: # components/apimgt/org.wso2.carbon.apimgt.governance.impl/src/main/java/org/wso2/carbon/apimgt/governance/impl/service/APIMGovernanceServiceImpl.java

Update artifact id to artifact reference id

0557219

Move ruleset content to new table

ca5b618

Merge pull request #12841 from Avishka-Shamendra/apim-governance-core

a68729a

[Gov Feature Branch] Move Ruleset Content to New Table and Code Refactor

Improve UI to support navigation between portals with governance

7b435b9

Improve Scope validation for governance APIs

e1f4512

Fix minor checkstyle issue

276bc96

Merge branch 'feature-governance' of https://github.com/wso2/carbon-a…

77962fd

…pimgt into master-4.5.0

Delete manager interfaces

87970ed

Update rule manager DAO

360eee6

Update DB scripts

899c172

Update gov APIM interface to detect labels attach and delete

0472339

Do code improvements

bdd3bdb

Improve scope implementation for API Governance

db77c6a

Merge pull request #12845 from Avishka-Shamendra/apim-governance-core

26bcf90

[Gov Feature Branch] Clean Up Governance Code Base and Add DB Scripts

Merge branch 'feature-governance' of https://github.com/wso2/carbon-a…

8f6d1a2

…pimgt into master-4.5.0

Merge pull request #12844 from AnuGayan/master-4.5.0

341b50a

Improve Scope validation for governance APIs

Improve scope implementation for API Governance

de581fc

Merge pull request #12848 from AnuGayan/master-4.5.0

19d8d89

Improve Scope for API Governance

Update Delete queries in governance

697a91f

Merge pull request #12850 from AnuGayan/master-4.5.0

b1f48b2

Update Delete queries in governance

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Draft] Add APIM Governance Implementation #12805

[Draft] Add APIM Governance Implementation #12805

Avishka-Shamendra commented Jan 30, 2025

[Draft] Add APIM Governance Implementation #12805

Are you sure you want to change the base?

[Draft] Add APIM Governance Implementation #12805

Conversation

Avishka-Shamendra commented Jan 30, 2025

Purpose

Goals

Approach

Documentation

Automation tests

Security checks