mirror of
https://github.com/Graylog2/graylog2-server.git
synced 2026-03-13 09:32:21 +08:00
9c21cf70fa
* Initial working state of OpenAPI spec generation Generates an OpenAPI spec but still has lots of issues * Fix wrong import * Add NoAuditEvent annotation to test resource methods * Add OpenAPI browser frontend (POC) Add basic OpenAPI browser UI using Redoc loaded from CDN. This is a proof of concept implementation not yet ready for production use. - Loads Redoc from CDN to avoid webpack bundling complexity - Displays OpenAPI spec from /api/openapi.yaml endpoint - Accessible via Help menu → "OpenAPI browser" - Route: /openapi-browser 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Make both json & yaml formats work * Implement plugin path prefixing + configure the openAPI context directly to be able to use dependency injection * Remove logging * Migrate REST resources from Swagger to OpenAPI 3.x annotations Migrated ~150 REST resource files from old Swagger annotations (io.swagger.annotations.*) to OpenAPI 3.x annotations (io.swagger.v3.oas.annotations.*). Migration performed using OpenRewrite and manual fixes: - @Api → @Tag - @ApiOperation → @Operation - @ApiParam → @Parameter - @ApiResponse code → responseCode - @ApiResponse message → description - Removed invalid attributes (allowableValues, defaultValue, tags) - Fixed nickname → operationId - Removed response= attribute (needs manual restoration) Note: Some information was intentionally lost and needs restoration: - Response type schemas (33 instances) - Parameter allowableValues constraints (58 instances) - CLOUD_VISIBLE tags (82 instances) 🤖 Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Restore response type information to OpenAPI annotations Adds @ApiResponses with @Content and @Schema to restore the 33 instances of response type information that were lost during the OpenAPI 3.x migration. - Automated script restored 20 instances - Manual additions for 8 instances with multi-line annotations - 5 instances already fixed in previous commit - All response codes verified against actual implementation - Total: 33 response types restored with accurate HTTP status codes Co-Authored-By: Claude <noreply@anthropic.com> * Restore parameter allowableValues constraints for OpenAPI 3.x migration Restore allowableValues constraints that were lost during OpenAPI 3.x migration by converting from @ApiParam(allowableValues) to @Parameter with @Schema(allowableValues). This restores API documentation for parameter value constraints across 22 REST resource files, covering ~58 parameter instances. Changes: - Migrated allowableValues from Swagger 2.x @ApiParam to OpenAPI 3.x @Parameter with @Schema(allowableValues = {...}) - Added missing Schema imports where needed - Fixed several bugs and inconsistencies from master branch Summary of Semantic Differences (11 files): Bug Fixes: - AuthzRolesResource.getUsersForRole(): Fixed incorrect field list that had user fields (username,full_name,email) instead of role fields (id,name,description) - DatanodeResource: Fixed completely wrong field list (title,description, type) to actual DataNodeDto fields (hostname,data_node_status, transport_address,cert_valid_until,datanode_version) - IndexSetTemplateResource: Fixed "name" to "title" (correct field name) Added Missing Valid Fields: - DashboardsResource, SavedSearchesResource, ViewsResource: Added "last_updated_at" which exists in SEARCH_FIELD_MAPPING - ViewsResource: Added "owner", "description", "summary" (was very incomplete in master) - AuthzRolesResource (getList, getListForUser): Added "id" field - GrokResource, IndexFieldTypeProfileResource: Added "id" and other valid fields from SEARCH_FIELD_MAPPING Removed Invalid Fields: - StreamResource: Removed "updated_at", "status" (not in SEARCH_FIELD_MAPPING, didn't work) - GrokResource: Removed "pattern" (not in search mapping) - IndexSetsMappingResource: Reduced to "field_name" only (other fields not implemented) Fixed Constraint Type: - ClusterLoggersResource: Removed inappropriate allowableValues range constraint for numeric limit parameter (already has @Min validation) Files with Identical Field Lists (13 files): EventDefinitionsResource, EventNotificationsResource, PipelineResource, RuleResource, CollectorResource, ConfigurationResource, SidecarResource, ScriptingApiResource, AuthServiceBackendsResource, UsersResource, TokenUsageResource, LookupTableResource - all have identical semantics, just migrated annotation syntax. Rationale: All semantic differences were introduced to correct API documentation to match actual backend implementation. Changes ensure that: 1. All advertised sort fields actually work 2. All functional sort fields are advertised 3. API spec accurately reflects backend capabilities 4. Bugs in master branch are fixed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Add replacement for CLOUD_VISIBLE tag * Add @PublicCloudAPI annotation to cloud-visible REST resources Add @PublicCloudAPI annotation to 82 REST resources that were previously marked with tags = {CLOUD_VISIBLE} in Swagger 2.x @Api annotations. This annotation is used by CustomOpenAPIScanner to filter resources when IS_CLOUD=true, ensuring only cloud-appropriate APIs are exposed in the OpenAPI specification for cloud deployments. Resources annotated: - Events (4 resources): EventDefinitionsResource, EventNotificationsResource, etc. - Pipeline Processor (5 resources): PipelineResource, RuleResource, SimulatorResource, etc. - Sidecar (6 resources): SidecarResource, CollectorResource, ConfigurationResource, etc. - Views/Search (15 resources): DashboardsResource, SavedSearchesResource, ViewsResource, etc. - Security (6 resources): AuthzRolesResource, CAResource, ClientCertResource, etc. - System (30+ resources): StreamResource, InputsResource, NotificationsResource, etc. - Other resources (15+): MessageResource, EntitySuggestionResource, ContentPackResource, etc. The @PublicCloudAPI annotation: - Marks resources as available in public cloud deployments - Does not appear in the generated OpenAPI specification - Filters resources during OpenAPI generation when isCloud=true - Replaces the old tags = {CLOUD_VISIBLE} approach from Swagger 2.x 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Migrate McpRestResource from Swagger 2.x to OpenAPI 3.x Updates the MCP REST resource to use OpenAPI 3.x annotations, completing the migration of all REST resources in the project. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * WIP: add TODOS and subtype resolver prototype * Add OpenAPI browser to help menu after merge conflict resolution The OpenAPI browser menu item was lost during the merge when the help menu was refactored from hardcoded items to a plugin-based registration system. This restores the menu item in the new bindings.ts format. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Make legacy generator work with new annotations * Remove unused CLOUD_VISIBLE flag * Temporarily make test pass * Use @RequestBody annotation instead of @Parameter * Synchronize our not thread-safe custom reader * Add discriminator mapping based on jackson annotations * WIP command to generate a spec without a running server * Add output file argument * Don't hardcode any config parameters * Add spec generation to maven build * Move spec generation into profile * Add generated spec to resources * Attempt to stabilize spec format * Adjust test to openapi 3.1 schema * Resolve registered subtypes * bind object mapper to provider * don't skip empty subtype names * update spec * Revert extraction of ObjectMapperConfiguration With the latest changes, it didn't have an effect anymore. * Expose OpenAPIContext to not hide the caching behavior * Apply sorting for both web and command context * use fully qualified type names in schema * Fix broken discriminator mapping * Add custom handling for ImmutableMap * Split event expression types Swagger can't deal with the generic type hierarchy. It would generate faulty allOf's with refs to both Expression<Boolean> and Expression<Number> in one schema, e.g. for `org.graylog.events.conditions.Expr.And`. * Prevent duplicate operation IDs * Skip NonApiResource annotated resources * Add validation to spec command * Replace terms "spec"/"specification" with "description" * Update openapi description * Switch to swagger-ui-react * Serve description at openapi.yaml / openapi.json again * Add missing license headers * Add security schemes but hide them in swagger ui * Update openapi description * configure swagger ui * add changelog * qualify url to openapi.yaml * Remove old api browser * Rudimentary styling for swagger ui * Fix broken handling of duplicate paths * update openapi description * fix changelog * Remove swagger CSP group & deprecate DocumentationResource * Update graylog2-server/src/main/java/org/graylog/api/GenerateOpenApiDescriptionCommand.java Co-authored-by: Kay Roepke <kroepke@googlemail.com> * create parent path if non-existent * Polish print statements * Remove term "Graylog" * adjust RequestBody annotations to include schema ref in each case * Update graylog2-server/src/main/java/org/graylog/api/GenerateOpenApiDescriptionCommand.java Co-authored-by: Kay Roepke <kroepke@googlemail.com> * Add annotations for success responses with declared response types * treat Immutable(List|Set) as the java.util equivalents * semver Version is serialized as a String in our api * extract helper method and add overrides for joda-time and threeten classes * HostAndPort is a string in openapi * for ImmutableMap treat keys with GRN or joda-time DateTime types as strings for schema generation * Add more missing response schemas * Remove swagger annotations from datanode resource * Add forbidden-apis rule for io.swagger.annotations.* * Get rid of remaining ImmutableMap instances * Remove openapi.yaml from VCS * Execute OpenAPI desc generation in separate JVM to avoid classloader issues due to bouncycastle registration during command startup * Add handling for java.time.Duration and simplify scalar type mapping * More custom handling for various types * `yarn format` * Add special handling for FormDataContentDisposition in old swagger specs --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Kay Roepke <kroepke@googlemail.com>