8.7 KiB
8.7 KiB
OpenAPI Specification Completion
Date: 2024-01-13
Last Updated: 2024-01-13
Status: ✅ Complete
Overview
The OpenAPI specification for the Attune API has been fully annotated with utoipa::path attributes on all route handlers. The API now provides comprehensive, interactive documentation accessible via Swagger UI at /docs.
Completed Work
1. Route Annotations
All API endpoints have been annotated with #[utoipa::path] attributes including:
- HTTP method and path
- Tag categorization
- Request/response schemas
- Security requirements (JWT bearer auth where applicable)
- Parameter descriptions
- Example values
2. Endpoints Documented (86 operations across 62 paths)
The API has 62 unique paths with 86 total operations (HTTP methods). Multiple operations on the same path (e.g., GET, POST, PUT, DELETE) count as separate operations.
Health Check (4 endpoints)
GET /health- Basic health checkGET /health/detailed- Detailed health with database connectivityGET /health/ready- Readiness probeGET /health/live- Liveness probe
Authentication (5 endpoints)
POST /auth/login- User loginPOST /auth/register- User registrationPOST /auth/refresh- Refresh access tokenGET /auth/me- Get current user infoPOST /auth/change-password- Change password
Packs (7 endpoints)
GET /packs- List all packsPOST /packs- Create new packGET /packs/{ref}- Get pack by referencePUT /packs/{ref}- Update packDELETE /packs/{ref}- Delete packPOST /packs/{ref}/sync-workflows- Sync workflows from pack directoryGET /packs/{ref}/validate-workflows- Validate workflows in pack directory
Actions (8 endpoints)
GET /actions- List all actionsPOST /actions- Create new actionGET /actions/{ref}- Get action by referencePUT /actions/{ref}- Update actionDELETE /actions/{ref}- Delete actionGET /actions/id/{id}- Get action by IDGET /packs/{pack_ref}/actions- List actions by packGET /actions/{ref}/queue-stats- Get queue statistics for action
Triggers (10 endpoints)
GET /triggers- List all triggersGET /triggers/enabled- List enabled triggersPOST /triggers- Create new triggerGET /triggers/{ref}- Get trigger by referencePUT /triggers/{ref}- Update triggerDELETE /triggers/{ref}- Delete triggerPOST /triggers/{ref}/enable- Enable triggerPOST /triggers/{ref}/disable- Disable triggerGET /triggers/id/{id}- Get trigger by IDGET /packs/{pack_ref}/triggers- List triggers by pack
Sensors (11 endpoints)
GET /sensors- List all sensorsGET /sensors/enabled- List enabled sensorsPOST /sensors- Create new sensorGET /sensors/{ref}- Get sensor by referencePUT /sensors/{ref}- Update sensorDELETE /sensors/{ref}- Delete sensorPOST /sensors/{ref}/enable- Enable sensorPOST /sensors/{ref}/disable- Disable sensorGET /sensors/id/{id}- Get sensor by IDGET /packs/{pack_ref}/sensors- List sensors by packGET /triggers/{trigger_ref}/sensors- List sensors by trigger
Rules (11 endpoints)
GET /rules- List all rulesGET /rules/enabled- List enabled rulesPOST /rules- Create new ruleGET /rules/{ref}- Get rule by referencePUT /rules/{ref}- Update ruleDELETE /rules/{ref}- Delete rulePOST /rules/{ref}/enable- Enable rulePOST /rules/{ref}/disable- Disable ruleGET /rules/id/{id}- Get rule by IDGET /packs/{pack_ref}/rules- List rules by packGET /actions/{action_ref}/rules- List rules by actionGET /triggers/{trigger_ref}/rules- List rules by trigger
Executions (5 endpoints)
GET /executions- List all executions (with filters)GET /executions/{id}- Get execution by IDGET /executions/stats- Get execution statisticsGET /executions/status/{status}- List executions by statusGET /executions/enforcement/{enforcement_id}- List executions by enforcement
Events (2 endpoints)
GET /events- List all events (with filters)GET /events/{id}- Get event by ID
Enforcements (2 endpoints)
GET /enforcements- List all enforcements (with filters)GET /enforcements/{id}- Get enforcement by ID
Inquiries (8 endpoints)
GET /inquiries- List all inquiries (with filters)POST /inquiries- Create new inquiryGET /inquiries/{id}- Get inquiry by IDPUT /inquiries/{id}- Update inquiryDELETE /inquiries/{id}- Delete inquiryGET /inquiries/status/{status}- List inquiries by statusGET /executions/{execution_id}/inquiries- List inquiries for executionPOST /inquiries/{id}/respond- Respond to inquiry
Keys/Secrets (5 endpoints)
GET /keys- List all keysPOST /keys- Create new keyGET /keys/{ref}- Get key by referencePUT /keys/{ref}- Update keyDELETE /keys/{ref}- Delete key
Workflows (7 endpoints)
GET /workflows- List all workflows (with filtering by tags, enabled status, search)POST /workflows- Create new workflowGET /workflows/{ref}- Get workflow by referencePUT /workflows/{ref}- Update workflowDELETE /workflows/{ref}- Delete workflowGET /workflows/id/{id}- Get workflow by IDGET /packs/{pack_ref}/workflows- List workflows by pack
3. DTO Schemas
All Data Transfer Objects (DTOs) are properly documented with ToSchema or IntoParams attributes:
Request DTOs:
- Authentication: LoginRequest, RegisterRequest, RefreshTokenRequest, ChangePasswordRequest
- Packs: CreatePackRequest, UpdatePackRequest
- Actions: CreateActionRequest, UpdateActionRequest
- Triggers: CreateTriggerRequest, UpdateTriggerRequest
- Sensors: CreateSensorRequest, UpdateSensorRequest
- Rules: CreateRuleRequest, UpdateRuleRequest
- Inquiries: CreateInquiryRequest, UpdateInquiryRequest, RespondToInquiryRequest
- Keys: CreateKeyRequest, UpdateKeyRequest
Response DTOs:
- Full responses: PackResponse, ActionResponse, TriggerResponse, SensorResponse, RuleResponse, ExecutionResponse, EventResponse, EnforcementResponse, InquiryResponse, KeyResponse
- Summary responses: PackSummary, ActionSummary, TriggerSummary, SensorSummary, RuleSummary, ExecutionSummary, EventSummary, EnforcementSummary, InquirySummary, KeySummary
- Auth: TokenResponse, CurrentUserResponse
- Workflow: WorkflowResponse, WorkflowSummary
- Queue Stats: QueueStatsResponse
Query Parameter DTOs (IntoParams):
- PaginationParams
- EventQueryParams
- EnforcementQueryParams
- ExecutionQueryParams
- InquiryQueryParams
- KeyQueryParams
- WorkflowSearchParams
Common DTOs:
- ApiResponse
- PaginatedResponse
- PaginationMeta
- SuccessResponse
4. Security Schemes
JWT Bearer authentication is properly configured and referenced in protected endpoints:
- Security scheme:
bearer_auth - Format: JWT
- Header:
Authorization: Bearer <token>
Protected endpoints include the security(("bearer_auth" = [])) attribute.
5. Tags
Endpoints are organized by logical tags:
health- Health check endpointsauth- Authentication and authorizationpacks- Pack managementactions- Action managementtriggers- Trigger managementsensors- Sensor managementrules- Rule managementexecutions- Execution queriesevents- Event queriesenforcements- Enforcement queriesinquiries- Inquiry (human-in-the-loop) managementsecrets- Secret/key management
Accessing the Documentation
Once the API server is running, the interactive Swagger UI documentation is available at:
http://localhost:8080/docs
The raw OpenAPI JSON specification is available at:
http://localhost:8080/api-spec/openapi.json
Testing
All OpenAPI annotations have been validated:
- ✅ Compilation succeeds without errors
- ✅ OpenAPI spec generation test passes
- ✅ All DTOs properly implement required traits
- ✅ Path count test confirms 62 unique paths
- ✅ Operation count test confirms 86 total operations
Benefits
- Interactive Documentation: Developers can explore and test API endpoints directly in the browser
- Auto-Generated Client SDKs: The OpenAPI spec can be used to generate client libraries in multiple languages
- API Contract: Serves as the source of truth for API structure and behavior
- Validation: Request/response schemas are explicitly defined and validated
- Discoverability: All endpoints, parameters, and response formats are self-documented
Future Enhancements
Potential improvements for future iterations:
- Add more detailed examples for complex request bodies
- Include error response schemas for specific error cases
- Add response headers documentation where relevant
- Document rate limiting headers
- Add webhook documentation if/when implemented