This is a guide to migrate the platform to the v5 version.
The main difference between the two versions of the platform relies in the API authorization checking method.
Previously the authorization rules were checked in
session-manager (called by
api-gateway auth request) through an acl expression. The acl expression was evaluated using the information contained in the session token and various other metadata included in the headers.
The correct expression was mapped in the api-gateway, given the method and the path. The
session-manager always answer 200 with an header identifying if the user was allowed or not. The
api-gateway checks the correct api host in proxyName map.
session manager is replaced in v5 by the
authorization-service. To see how this service works, read the authorization service docs. However, the
api-gateway continues to verify the correct api host in proxyName map (which has changed, as following point 1 explains).
When you go to the Design section of the DevOps Console v5 and you open a project that has not been updated yet, The DevOps Console v5 automatically handles some changes:
backofficeProxyNameto the new map. Changed from
api-gatewaygroup expressions into
microservice-gatewaywas enabled, authorization-service is set as enabled in the MongoDB of the project.
Before saving and deploying the new configuration, you MUST verify the correctness of the automatic upgrades. You should also test the permission to the api, since it has changed the way it is computed.