graylog2-server

mirror of https://github.com/Graylog2/graylog2-server.git synced 2026-03-13 09:32:21 +08:00
Files
Othello Maurer 9c21cf70fa OpenAPI 3.1. spec generation (#23872 )
* Initial working state of OpenAPI spec generation

Generates an OpenAPI spec but still has lots of issues

* Fix wrong import

* Add NoAuditEvent annotation to test resource methods

* Add OpenAPI browser frontend (POC)

Add basic OpenAPI browser UI using Redoc loaded from CDN. This is a proof
of concept implementation not yet ready for production use.

- Loads Redoc from CDN to avoid webpack bundling complexity
- Displays OpenAPI spec from /api/openapi.yaml endpoint
- Accessible via Help menu → "OpenAPI browser"
- Route: /openapi-browser

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Make both json & yaml formats work

* Implement plugin path prefixing

+ configure the openAPI context directly to be able to
  use dependency injection

* Remove logging

* Migrate REST resources from Swagger to OpenAPI 3.x annotations

Migrated ~150 REST resource files from old Swagger annotations
(io.swagger.annotations.*) to OpenAPI 3.x annotations
(io.swagger.v3.oas.annotations.*).

Migration performed using OpenRewrite and manual fixes:
- @Api → @Tag
- @ApiOperation → @Operation
- @ApiParam → @Parameter
- @ApiResponse code → responseCode
- @ApiResponse message → description
- Removed invalid attributes (allowableValues, defaultValue, tags)
- Fixed nickname → operationId
- Removed response= attribute (needs manual restoration)

Note: Some information was intentionally lost and needs restoration:
- Response type schemas (33 instances)
- Parameter allowableValues constraints (58 instances)
- CLOUD_VISIBLE tags (82 instances)

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Restore response type information to OpenAPI annotations

Adds @ApiResponses with @Content and @Schema to restore the 33 instances
of response type information that were lost during the OpenAPI 3.x migration.

- Automated script restored 20 instances
- Manual additions for 8 instances with multi-line annotations
- 5 instances already fixed in previous commit
- All response codes verified against actual implementation
- Total: 33 response types restored with accurate HTTP status codes

Co-Authored-By: Claude <noreply@anthropic.com>

* Restore parameter allowableValues constraints for OpenAPI 3.x migration

Restore allowableValues constraints that were lost during OpenAPI 3.x
migration by converting from @ApiParam(allowableValues) to
@Parameter with @Schema(allowableValues).

This restores API documentation for parameter value constraints across
22 REST resource files, covering ~58 parameter instances.

Changes:
- Migrated allowableValues from Swagger 2.x @ApiParam to OpenAPI 3.x
  @Parameter with @Schema(allowableValues = {...})
- Added missing Schema imports where needed
- Fixed several bugs and inconsistencies from master branch

Summary of Semantic Differences (11 files):

Bug Fixes:
- AuthzRolesResource.getUsersForRole(): Fixed incorrect field list that
  had user fields (username,full_name,email) instead of role fields
  (id,name,description)
- DatanodeResource: Fixed completely wrong field list (title,description,
  type) to actual DataNodeDto fields (hostname,data_node_status,
  transport_address,cert_valid_until,datanode_version)
- IndexSetTemplateResource: Fixed "name" to "title" (correct field name)

Added Missing Valid Fields:
- DashboardsResource, SavedSearchesResource, ViewsResource: Added
  "last_updated_at" which exists in SEARCH_FIELD_MAPPING
- ViewsResource: Added "owner", "description", "summary" (was very
  incomplete in master)
- AuthzRolesResource (getList, getListForUser): Added "id" field
- GrokResource, IndexFieldTypeProfileResource: Added "id" and other
  valid fields from SEARCH_FIELD_MAPPING

Removed Invalid Fields:
- StreamResource: Removed "updated_at", "status" (not in
  SEARCH_FIELD_MAPPING, didn't work)
- GrokResource: Removed "pattern" (not in search mapping)
- IndexSetsMappingResource: Reduced to "field_name" only (other fields
  not implemented)

Fixed Constraint Type:
- ClusterLoggersResource: Removed inappropriate allowableValues range
  constraint for numeric limit parameter (already has @Min validation)

Files with Identical Field Lists (13 files):
EventDefinitionsResource, EventNotificationsResource, PipelineResource,
RuleResource, CollectorResource, ConfigurationResource, SidecarResource,
ScriptingApiResource, AuthServiceBackendsResource, UsersResource,
TokenUsageResource, LookupTableResource - all have identical semantics,
just migrated annotation syntax.

Rationale:
All semantic differences were introduced to correct API documentation to
match actual backend implementation. Changes ensure that:
1. All advertised sort fields actually work
2. All functional sort fields are advertised
3. API spec accurately reflects backend capabilities
4. Bugs in master branch are fixed

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Add replacement for CLOUD_VISIBLE tag

* Add @PublicCloudAPI annotation to cloud-visible REST resources

Add @PublicCloudAPI annotation to 82 REST resources that were previously
marked with tags = {CLOUD_VISIBLE} in Swagger 2.x @Api annotations.

This annotation is used by CustomOpenAPIScanner to filter resources when
IS_CLOUD=true, ensuring only cloud-appropriate APIs are exposed in the
OpenAPI specification for cloud deployments.

Resources annotated:
- Events (4 resources): EventDefinitionsResource, EventNotificationsResource, etc.
- Pipeline Processor (5 resources): PipelineResource, RuleResource, SimulatorResource, etc.
- Sidecar (6 resources): SidecarResource, CollectorResource, ConfigurationResource, etc.
- Views/Search (15 resources): DashboardsResource, SavedSearchesResource, ViewsResource, etc.
- Security (6 resources): AuthzRolesResource, CAResource, ClientCertResource, etc.
- System (30+ resources): StreamResource, InputsResource, NotificationsResource, etc.
- Other resources (15+): MessageResource, EntitySuggestionResource, ContentPackResource, etc.

The @PublicCloudAPI annotation:
- Marks resources as available in public cloud deployments
- Does not appear in the generated OpenAPI specification
- Filters resources during OpenAPI generation when isCloud=true
- Replaces the old tags = {CLOUD_VISIBLE} approach from Swagger 2.x

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Migrate McpRestResource from Swagger 2.x to OpenAPI 3.x

Updates the MCP REST resource to use OpenAPI 3.x annotations, completing the migration of all REST resources in the project.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* WIP: add TODOS and subtype resolver prototype

* Add OpenAPI browser to help menu after merge conflict resolution

The OpenAPI browser menu item was lost during the merge when the help menu
was refactored from hardcoded items to a plugin-based registration system.
This restores the menu item in the new bindings.ts format.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Make legacy generator work with new annotations

* Remove unused CLOUD_VISIBLE flag

* Temporarily make test pass

* Use @RequestBody annotation instead of @Parameter

* Synchronize our not thread-safe custom reader

* Add discriminator mapping based on jackson annotations

* WIP command to generate a spec without a running server

* Add output file argument

* Don't hardcode any config parameters

* Add spec generation to maven build

* Move spec generation into profile

* Add generated spec to resources

* Attempt to stabilize spec format

* Adjust test to openapi 3.1 schema

* Resolve registered subtypes

* bind object mapper to provider

* don't skip empty subtype names

* update spec

* Revert extraction of ObjectMapperConfiguration

With the latest changes, it didn't have an effect
anymore.

* Expose OpenAPIContext to not hide the caching behavior

* Apply sorting for both web and command context

* use fully qualified type names in schema

* Fix broken discriminator mapping

* Add custom handling for ImmutableMap

* Split event expression types

Swagger can't deal with the generic type hierarchy.
It would generate faulty allOf's with refs to both
Expression<Boolean> and Expression<Number> in one
schema, e.g. for
`org.graylog.events.conditions.Expr.And`.

* Prevent duplicate operation IDs

* Skip NonApiResource annotated resources

* Add validation to spec command

* Replace terms "spec"/"specification" with "description"

* Update openapi description

* Switch to swagger-ui-react

* Serve description at openapi.yaml / openapi.json again

* Add missing license headers

* Add security schemes but hide them in swagger ui

* Update openapi description

* configure swagger ui

* add changelog

* qualify url to openapi.yaml

* Remove old api browser

* Rudimentary styling for swagger ui

* Fix broken handling of duplicate paths

* update openapi description

* fix changelog

* Remove swagger CSP group & deprecate DocumentationResource

* Update graylog2-server/src/main/java/org/graylog/api/GenerateOpenApiDescriptionCommand.java

Co-authored-by: Kay Roepke <kroepke@googlemail.com>

* create parent path if non-existent

* Polish print statements

* Remove term "Graylog"

* adjust RequestBody annotations to include schema ref in each case

* Update graylog2-server/src/main/java/org/graylog/api/GenerateOpenApiDescriptionCommand.java

Co-authored-by: Kay Roepke <kroepke@googlemail.com>

* Add annotations for success responses with declared response types

* treat Immutable(List|Set) as the java.util equivalents

* semver Version is serialized as a String in our api

* extract helper method and add overrides for joda-time and threeten classes

* HostAndPort is a string in openapi

* for ImmutableMap treat keys with GRN or joda-time DateTime types as strings for schema generation

* Add more missing response schemas

* Remove swagger annotations from datanode resource

* Add forbidden-apis rule for io.swagger.annotations.*

* Get rid of remaining ImmutableMap instances

* Remove openapi.yaml from VCS

* Execute OpenAPI desc generation in separate JVM

to avoid classloader issues due to bouncycastle
registration during command startup

* Add handling for java.time.Duration and simplify scalar type mapping

* More custom handling for various types

* `yarn format`

* Add special handling for FormDataContentDisposition in old swagger specs

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Kay Roepke <kroepke@googlemail.com>