Skip to content

UNOMI-904: V2 API compatibility mode#762

Open
sergehuber wants to merge 3 commits into
UNOMI-139-platformfrom
UNOMI-904-v2-api-compatibility
Open

UNOMI-904: V2 API compatibility mode#762
sergehuber wants to merge 3 commits into
UNOMI-139-platformfrom
UNOMI-904-v2-api-compatibility

Conversation

@sergehuber
Copy link
Copy Markdown
Contributor

@sergehuber sergehuber commented May 19, 2026

Stacked PR (merge order)

Role Branch
Base (merge into) UNOMI-139-platform (#760)
Head (this PR) UNOMI-904-v2-api-compatibility

Merge #760 first (multi-tenant platform). This PR adds V2 compatibility on top of that line.

JIRA: UNOMI-904V2 API Compatibility mode (sub-task of UNOMI-875)

Problem

Unomi 3.x uses tenant-scoped API keys for REST access. Existing V2 clients expect:

  • Public endpoints (e.g. /cxs/context.json) with no authentication
  • Private endpoints with system administrator credentials (e.g. Karaf karaf/karaf)
  • Protected events validated via source IP and X-Unomi-Peer, using legacy third-party provider configuration

Without a compatibility path, every client must be rewritten before a V3 rollout—high risk, no incremental migration, and no way to validate V3 with production-like V2 traffic.

Solution

This PR introduces an optional V2 compatibility mode (off by default) on the REST layer:

  1. Configuration — OSGi org.apache.unomi.rest.authentication.cfg, Karaf system properties, and environment variables (UNOMI_REST_AUTHENTICATION_V2COMPATIBILITYMODEENABLED, UNOMI_REST_AUTHENTICATION_V2COMPATIBILITYDEFAULTTENANTID). Mode can be toggled at runtime via Configuration Admin without restarting bundles.

  2. Authentication behaviour (when enabled) — AuthenticationFilter + DefaultRestAuthenticationConfig:

    • Public paths — no API key; requests run under a configured default tenant
    • Private paths — JAAS system-admin authentication (V2-style), then default tenant context for data operations
    • Protected eventsV2ThirdPartyConfigService reads legacy org.apache.unomi.thirdparty settings (provider key, allowed IPs, allowed event types) and validates IP + X-Unomi-Peer like V2

  3. Packaging — REST auth config is deployed from the unomi-rest Karaf feature; defaults are documented in the cfg file and overridable in custom.system.properties.

Mapping to UNOMI-904 acceptance criteria

Criterion Status in this PR
V2 clients can use V3 without client code changes (auth patterns) ✅ Public / private / protected-event paths implemented
Public endpoints work without authentication
Private endpoints work with system administrator authentication
Protected events work with IP + X-Unomi-Peer ✅ via V2ThirdPartyConfigService
Mode enabled/disabled via configuration ✅ default off; runtime updates supported
Default tenant for all operations in compatibility mode v2.compatibilitymode.defaultTenantId
Supports gradual migration (test V3, migrate apps over time) ✅ operational goal; mode is temporary by design

Broader REST surface (profiles, segments, rules, schemas) continues to use the same CXS endpoints; with compatibility mode on, V2 auth rules apply before tenant API-key enforcement. Dedicated IT coverage focuses on context, configuration persistence, default tenant, and protected events.

Configuration (summary)

Setting Default Purpose
v2.compatibilitymode.enabled false Enable V2 compatibility mode
v2.compatibilitymode.defaultTenantId default Tenant used for all operations in V2 mode (should match migration target tenant)

Third-party providers (protected events): thirdparty.{name}.key, .ipAddresses, .allowedEvents in org.apache.unomi.thirdparty.cfg (unchanged V2 layout).

Tests

  • V2CompatibilityModeIT — registered in AllITs; Pax Exam / Karaf integration tests:
    • Switch V2 mode on/off and verify public vs private behaviour
    • Protected events (view event + third-party config)
    • Default tenant resolution
    • Configuration persistence via Configuration Admin
  • Full integration test suite run locally with OpenSearch (same harness as other platform ITs).

Licence

sergehuber added 3 commits May 19, 2026 06:34
@sergehuber
UNOMI-904: V2 API compatibility mode
3efda1a 
Let V2 client applications run on the V3 multi-tenant platform without
rewriting authentication first: compatibility mode can be toggled at runtime,
legacy third-party API keys and IP/X-Unomi-Peer checks apply for protected
events, and public endpoints such as /context.json stay usable without tenant
API keys while V3 tenant auth remains the default when the mode is off.

- V2ThirdPartyConfigService wired to org.apache.unomi.thirdparty.cfg
- REST authentication filter and config for V2 compatibility routing
- Event collector allowlist checks in RestServiceUtilsImpl
- Karaf packaging for org.apache.unomi.rest.authentication.cfg
- V2CompatibilityModeIT in the integration test suite
@sergehuber
UNOMI-904: Add viewEvent.json fixture for V2CompatibilityModeIT
04e59d7 
testV2CompatibilityModeWithProtectedEvents loads events/viewEvent.json;
resource was missing after V peel (Appendix J peel-fix).
@sergehuber
Merge branch 'UNOMI-139-platform' into UNOMI-904-v2-api-compatibility
c8a8f85
@sergehuber sergehuber requested a review from Copilot May 19, 2026 08:07
Copilot AI reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@sergehuber sergehuber mentioned this pull request May 19, 2026
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sergehuber