admin/pos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Introduce new Access Management and Governance APIs in IAM Service

Browse Source 
- Added Access Requests, Access Reviews, Privileged Access Management, Audit Log, and Compliance APIs to enhance access management and governance capabilities.
- Updated the DbContext to include new entities for AuditLog and ComplianceReport, improving data handling for compliance and auditing.
- Enhanced Dependency Injection to support new repositories for the added functionalities, streamlining service operations.
This commit is contained in:
Ho Ngoc Hai
2026-01-14 19:26:26 +07:00
parent 8b7db56b79
commit f19a995b0d
21 changed files with 1024 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
docs/vi/architecture/iam-proposal.md
View File

@@ -290,57 +290,72 @@ graph TD
| `POST` | `/api/v1/verifications/email` | Yêu cầu xác thực email | ✅ |
| `POST` | `/api/v1/verifications/{id}/confirm` | Xác nhận với OTP code | ✅ |
### 4.10 Access Management APIs (Planned)
### 4.10 Access Requests APIs ✅ (New in Phase 3A)
| Method | Endpoint | Mô tả | Auth |
|--------|----------|-------|------|
| `POST` | `/api/v1/access-requests` | Tạo yêu cầu truy cập mới | ✅ |
| `GET` | `/api/v1/access-requests` | Lấy danh sách requests của user | ✅ |
| `GET` | `/api/v1/access-requests/{id}` | Lấy request theo ID | ✅ |
| `POST` | `/api/v1/access-requests/{id}/submit` | Submit request để phê duyệt | ✅ |
| `POST` | `/api/v1/access-requests/{id}/approve` | Phê duyệt request | ✅ |
| `POST` | `/api/v1/access-requests/{id}/reject` | Từ chối request | ✅ |
| `DELETE` | `/api/v1/access-requests/{id}` | Hủy request | ✅ |
| `GET` | `/api/v1/access-requests/pending` | Lấy requests đang chờ phê duyệt | ✅ |
### 4.11 Access Reviews APIs ✅ (New in Phase 3B)
| Method | Endpoint | Mô tả | Auth |
|--------|----------|-------|------|
| `POST` | `/api/v1/access-reviews` | Tạo access review mới | ✅ |
| `GET` | `/api/v1/access-reviews/{id}` | Lấy review theo ID | ✅ |
| `POST` | `/api/v1/access-reviews/{id}/items` | Thêm item vào review | ✅ |
| `POST` | `/api/v1/access-reviews/{id}/start` | Bắt đầu review campaign | ✅ |
| `POST` | `/api/v1/access-reviews/{id}/items/{itemId}/review` | Certify/Revoke item | ✅ |
| `POST` | `/api/v1/access-reviews/{id}/complete` | Hoàn thành review | ✅ |
### 4.12 Privileged Access Management (PAM) APIs ✅ (New in Phase 3B)
| Method | Endpoint | Mô tả | Auth |
|--------|----------|-------|------|
| `POST` | `/api/v1/privileged-access/request` | Yêu cầu JIT elevated access | ✅ |
| `GET` | `/api/v1/privileged-access/active` | Lấy grants đang active | ✅ |
| `POST` | `/api/v1/privileged-access/{id}/revoke` | Thu hồi privileged access | ✅ |
### 4.13 Audit Log APIs ✅ (New in Phase 4A)
| Method | Endpoint | Mô tả | Auth |
|--------|----------|-------|------|
| `GET` | `/api/v1/audit/logs` | Lấy audit logs (filtered, paginated) | ✅ |
### 4.14 Compliance APIs ✅ (New in Phase 4A)
| Method | Endpoint | Mô tả | Auth |
|--------|----------|-------|------|
| `POST` | `/api/v1/compliance/reports` | Tạo compliance report mới | ✅ |
| `GET` | `/api/v1/compliance/reports` | Lấy danh sách reports | ✅ |
| `GET` | `/api/v1/compliance/reports/{id}` | Lấy report chi tiết | ✅ |
| `POST` | `/api/v1/compliance/reports/{id}/complete` | Hoàn thành report | ✅ |
| `GET` | `/api/v1/compliance/violations` | Lấy violations chưa giải quyết | ✅ |
### 4.15 Governance APIs (Planned - Phase 4B)
> [!NOTE]
> Các APIs dưới đây là tính năng **đang được lên kế hoạch**, chưa triển khai.
> Các APIs dưới đây là tính năng **đang được lên kế hoạch** cho Phase 4B.
```
# Access Requests
GET /api/v1/access/requests
POST /api/v1/access/requests
PUT /api/v1/access/requests/:id/approve
PUT /api/v1/access/requests/:id/reject
# Access Reviews
GET /api/v1/access/reviews
POST /api/v1/access/reviews
POST /api/v1/access/reviews/:id/start
POST /api/v1/access/reviews/:id/complete
GET /api/v1/access/reviews/:id/items
# Access Analytics
GET /api/v1/access/analytics/usage
GET /api/v1/access/analytics/permissions
GET /api/v1/access/analytics/risks
```
### 4.8 Governance APIs (Planned)
> [!NOTE]
> Các APIs dưới đây là tính năng **đang được lên kế hoạch**, chưa triển khai.
```
# Compliance Reports
GET /api/v1/governance/compliance/reports
POST /api/v1/governance/compliance/reports/generate
GET /api/v1/governance/compliance/reports/:id/export
# Policy Governance
GET /api/v1/governance/policies/templates
POST /api/v1/governance/policies/templates
GET /api/v1/governance/policies/:id/versions
POST /api/v1/governance/policies/:id/test
GET /api/v1/policies
POST /api/v1/policies
GET /api/v1/policies/:id/versions
POST /api/v1/policies/:id/activate
# Risk Management
GET /api/v1/governance/risk/scores
GET /api/v1/governance/risk/scores/:userId
POST /api/v1/governance/risk/calculate
GET /api/v1/risk/scores/:userId
POST /api/v1/risk/calculate
# Reporting
GET /api/v1/governance/reports/access-summary
GET /api/v1/governance/reports/user-activity
GET /api/v1/governance/reports/security-events
# Security Dashboard
GET /api/v1/dashboard/security
```
---
@@ -368,17 +383,24 @@ GET /api/v1/governance/reports/security-events
- ✅ Organization & Group management
- ✅ Profile management with extended attributes (ProfileAttribute entity)
### Phase 3: Access Management (Planned)
- 🔄 Access request/approval workflows
- 🔄 Access review & certification system
- 🔄 Access analytics
- 🔄 Privileged Access Management (PAM)
### Phase 3: Access Management ✅ (Completed)
- Access request/approval workflows (Create → Submit → Approve/Reject)
- Access review & certification system (Certify/Revoke decisions)
- ✅ Privileged Access Management (PAM) với JIT elevated access
- ✅ Entity configurations với EF Core Value Conversion
### Phase 4: Governance (Planned)
- 🔄 Compliance reporting engine
- 🔄 Policy governance & versioning
- 🔄 Risk scoring & management
- 🔄 Reporting dashboards
### Phase 4: Governance (In Progress)
#### Phase 4A: Audit & Compliance ✅ (Completed)
- `AuditLog` aggregate với 18 event types
- `ComplianceReport` aggregate (GDPR, SOC2, ISO27001, HIPAA)
- ✅ Audit log search & filtering
- ✅ Compliance report generation & violations tracking
#### Phase 4B: Policy & Risk (Planned)
- 🔄 PolicyTemplate aggregate với versioning
- 🔄 RiskScore aggregate & calculation
- 🔄 Security posture dashboard
### Phase 5: Advanced Features (Planned)
- 🔄 Workflow engine