* Initial working state of OpenAPI spec generation
Generates an OpenAPI spec but still has lots of issues
* Fix wrong import
* Add NoAuditEvent annotation to test resource methods
* Add OpenAPI browser frontend (POC)
Add basic OpenAPI browser UI using Redoc loaded from CDN. This is a proof
of concept implementation not yet ready for production use.
- Loads Redoc from CDN to avoid webpack bundling complexity
- Displays OpenAPI spec from /api/openapi.yaml endpoint
- Accessible via Help menu → "OpenAPI browser"
- Route: /openapi-browser
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Make both json & yaml formats work
* Implement plugin path prefixing
+ configure the openAPI context directly to be able to
use dependency injection
* Remove logging
* Migrate REST resources from Swagger to OpenAPI 3.x annotations
Migrated ~150 REST resource files from old Swagger annotations
(io.swagger.annotations.*) to OpenAPI 3.x annotations
(io.swagger.v3.oas.annotations.*).
Migration performed using OpenRewrite and manual fixes:
- @Api → @Tag
- @ApiOperation → @Operation
- @ApiParam → @Parameter
- @ApiResponse code → responseCode
- @ApiResponse message → description
- Removed invalid attributes (allowableValues, defaultValue, tags)
- Fixed nickname → operationId
- Removed response= attribute (needs manual restoration)
Note: Some information was intentionally lost and needs restoration:
- Response type schemas (33 instances)
- Parameter allowableValues constraints (58 instances)
- CLOUD_VISIBLE tags (82 instances)
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Restore response type information to OpenAPI annotations
Adds @ApiResponses with @Content and @Schema to restore the 33 instances
of response type information that were lost during the OpenAPI 3.x migration.
- Automated script restored 20 instances
- Manual additions for 8 instances with multi-line annotations
- 5 instances already fixed in previous commit
- All response codes verified against actual implementation
- Total: 33 response types restored with accurate HTTP status codes
Co-Authored-By: Claude <noreply@anthropic.com>
* Restore parameter allowableValues constraints for OpenAPI 3.x migration
Restore allowableValues constraints that were lost during OpenAPI 3.x
migration by converting from @ApiParam(allowableValues) to
@Parameter with @Schema(allowableValues).
This restores API documentation for parameter value constraints across
22 REST resource files, covering ~58 parameter instances.
Changes:
- Migrated allowableValues from Swagger 2.x @ApiParam to OpenAPI 3.x
@Parameter with @Schema(allowableValues = {...})
- Added missing Schema imports where needed
- Fixed several bugs and inconsistencies from master branch
Summary of Semantic Differences (11 files):
Bug Fixes:
- AuthzRolesResource.getUsersForRole(): Fixed incorrect field list that
had user fields (username,full_name,email) instead of role fields
(id,name,description)
- DatanodeResource: Fixed completely wrong field list (title,description,
type) to actual DataNodeDto fields (hostname,data_node_status,
transport_address,cert_valid_until,datanode_version)
- IndexSetTemplateResource: Fixed "name" to "title" (correct field name)
Added Missing Valid Fields:
- DashboardsResource, SavedSearchesResource, ViewsResource: Added
"last_updated_at" which exists in SEARCH_FIELD_MAPPING
- ViewsResource: Added "owner", "description", "summary" (was very
incomplete in master)
- AuthzRolesResource (getList, getListForUser): Added "id" field
- GrokResource, IndexFieldTypeProfileResource: Added "id" and other
valid fields from SEARCH_FIELD_MAPPING
Removed Invalid Fields:
- StreamResource: Removed "updated_at", "status" (not in
SEARCH_FIELD_MAPPING, didn't work)
- GrokResource: Removed "pattern" (not in search mapping)
- IndexSetsMappingResource: Reduced to "field_name" only (other fields
not implemented)
Fixed Constraint Type:
- ClusterLoggersResource: Removed inappropriate allowableValues range
constraint for numeric limit parameter (already has @Min validation)
Files with Identical Field Lists (13 files):
EventDefinitionsResource, EventNotificationsResource, PipelineResource,
RuleResource, CollectorResource, ConfigurationResource, SidecarResource,
ScriptingApiResource, AuthServiceBackendsResource, UsersResource,
TokenUsageResource, LookupTableResource - all have identical semantics,
just migrated annotation syntax.
Rationale:
All semantic differences were introduced to correct API documentation to
match actual backend implementation. Changes ensure that:
1. All advertised sort fields actually work
2. All functional sort fields are advertised
3. API spec accurately reflects backend capabilities
4. Bugs in master branch are fixed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add replacement for CLOUD_VISIBLE tag
* Add @PublicCloudAPI annotation to cloud-visible REST resources
Add @PublicCloudAPI annotation to 82 REST resources that were previously
marked with tags = {CLOUD_VISIBLE} in Swagger 2.x @Api annotations.
This annotation is used by CustomOpenAPIScanner to filter resources when
IS_CLOUD=true, ensuring only cloud-appropriate APIs are exposed in the
OpenAPI specification for cloud deployments.
Resources annotated:
- Events (4 resources): EventDefinitionsResource, EventNotificationsResource, etc.
- Pipeline Processor (5 resources): PipelineResource, RuleResource, SimulatorResource, etc.
- Sidecar (6 resources): SidecarResource, CollectorResource, ConfigurationResource, etc.
- Views/Search (15 resources): DashboardsResource, SavedSearchesResource, ViewsResource, etc.
- Security (6 resources): AuthzRolesResource, CAResource, ClientCertResource, etc.
- System (30+ resources): StreamResource, InputsResource, NotificationsResource, etc.
- Other resources (15+): MessageResource, EntitySuggestionResource, ContentPackResource, etc.
The @PublicCloudAPI annotation:
- Marks resources as available in public cloud deployments
- Does not appear in the generated OpenAPI specification
- Filters resources during OpenAPI generation when isCloud=true
- Replaces the old tags = {CLOUD_VISIBLE} approach from Swagger 2.x
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Migrate McpRestResource from Swagger 2.x to OpenAPI 3.x
Updates the MCP REST resource to use OpenAPI 3.x annotations, completing the migration of all REST resources in the project.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* WIP: add TODOS and subtype resolver prototype
* Add OpenAPI browser to help menu after merge conflict resolution
The OpenAPI browser menu item was lost during the merge when the help menu
was refactored from hardcoded items to a plugin-based registration system.
This restores the menu item in the new bindings.ts format.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Make legacy generator work with new annotations
* Remove unused CLOUD_VISIBLE flag
* Temporarily make test pass
* Use @RequestBody annotation instead of @Parameter
* Synchronize our not thread-safe custom reader
* Add discriminator mapping based on jackson annotations
* WIP command to generate a spec without a running server
* Add output file argument
* Don't hardcode any config parameters
* Add spec generation to maven build
* Move spec generation into profile
* Add generated spec to resources
* Attempt to stabilize spec format
* Adjust test to openapi 3.1 schema
* Resolve registered subtypes
* bind object mapper to provider
* don't skip empty subtype names
* update spec
* Revert extraction of ObjectMapperConfiguration
With the latest changes, it didn't have an effect
anymore.
* Expose OpenAPIContext to not hide the caching behavior
* Apply sorting for both web and command context
* use fully qualified type names in schema
* Fix broken discriminator mapping
* Add custom handling for ImmutableMap
* Split event expression types
Swagger can't deal with the generic type hierarchy.
It would generate faulty allOf's with refs to both
Expression<Boolean> and Expression<Number> in one
schema, e.g. for
`org.graylog.events.conditions.Expr.And`.
* Prevent duplicate operation IDs
* Skip NonApiResource annotated resources
* Add validation to spec command
* Replace terms "spec"/"specification" with "description"
* Update openapi description
* Switch to swagger-ui-react
* Serve description at openapi.yaml / openapi.json again
* Add missing license headers
* Add security schemes but hide them in swagger ui
* Update openapi description
* configure swagger ui
* add changelog
* qualify url to openapi.yaml
* Remove old api browser
* Rudimentary styling for swagger ui
* Fix broken handling of duplicate paths
* update openapi description
* fix changelog
* Remove swagger CSP group & deprecate DocumentationResource
* Update graylog2-server/src/main/java/org/graylog/api/GenerateOpenApiDescriptionCommand.java
Co-authored-by: Kay Roepke <kroepke@googlemail.com>
* create parent path if non-existent
* Polish print statements
* Remove term "Graylog"
* adjust RequestBody annotations to include schema ref in each case
* Update graylog2-server/src/main/java/org/graylog/api/GenerateOpenApiDescriptionCommand.java
Co-authored-by: Kay Roepke <kroepke@googlemail.com>
* Add annotations for success responses with declared response types
* treat Immutable(List|Set) as the java.util equivalents
* semver Version is serialized as a String in our api
* extract helper method and add overrides for joda-time and threeten classes
* HostAndPort is a string in openapi
* for ImmutableMap treat keys with GRN or joda-time DateTime types as strings for schema generation
* Add more missing response schemas
* Remove swagger annotations from datanode resource
* Add forbidden-apis rule for io.swagger.annotations.*
* Get rid of remaining ImmutableMap instances
* Remove openapi.yaml from VCS
* Execute OpenAPI desc generation in separate JVM
to avoid classloader issues due to bouncycastle
registration during command startup
* Add handling for java.time.Duration and simplify scalar type mapping
* More custom handling for various types
* `yarn format`
* Add special handling for FormDataContentDisposition in old swagger specs
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Kay Roepke <kroepke@googlemail.com>
* Configure build to create SBOM files for backend and frontend
* Update yarn.lock file
* Reorder imports to please the linter
* Don't modify yarn.lock to avoid conflicts
* Move CycloneDxWebpackPlugin to webpack/core.js
* Build SBOM for the vendor bundle
* Sync yarn.lock
* Use nested router on `ConfigurationsPage` to deep-link section.
* Show active state for section nav items.
* Showing active state for plugin nav items.
* Adjusting finder in test.
* Making sure that default section replaces history entry.
* Implement basic data nodes overview.
* Create foundation for CA configuration step.
* Implement hook to fetch available data nodes.
* Implement hook to fetch data nodes CA status.
* Display different configuration steps based on data nodes status.
* Fixing tests.
* Cleanup code.
* Improve styling of configuration steps overview.
* Fix theme spacing.
* Cleanup code.
* Improve styling of steps overview.
* Implement dropzone to upload CA.
* Improve overall styling.
* Unify text color.
* Implement configuration step for certificate provisioning.
* Implement configuration step for finished configuration.
* Improve headline styling.
* Fix naming.
* Add test for `useConfigurationStep` hook.
* Create components directory.
* ADding test for data nodes overview.
* Adding test for `DataNodesOverview`.
* Adding test for `ConfigurationWizard`.
* Improve usage of list items.
* Fixing rebase
* REmove dat nodes mocks and use actual API endpoint.
* Configure dev server for preflight UI webpack setup, to be able to proxy API requests.
* Update data nodes object structure.
* Configure timezone provider.
* Change structure of data nodes object.
* Improve layout
* Add missing timezone provider.
* Remove configuration wizard for now.
* Fix `useDataNodes` test.
* Remove further not needed code.
* Fix preflight status API routes.
* Display data nodes overview as list instead of table.
* Improve descriptions.
* Implement documentation links.
* Adding test
* Remove not needed timezone provider.
* Cleanup code.
* Improve wording.
* Add missing license header.
