Add REST API endpoints for extensions (#1394)

Author: nscuro

api/src/main/openapi/components/schemas/extension-config-type.yaml

@@ -0,0 +1,33 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: string
+description: |-
+  The type of an extension config.
+  
+  * `BOOLEAN` represents a boolean value of either `true` or `false`.
+  * `DURATION` represents a duration in milliseconds, e.g. `500` for 500 milliseconds.
+  * `INSTANT` represents a timestamp in epoch milliseconds.
+  * `INTEGER` represents an integer, e.g. `666`.
+  * `PATH` represents a file path, e.g. `/foo/bar.baz`.
+  * `STRING` represents a simple string, e.g. `foo bar baz`.
+enum:
+- BOOLEAN
+- DURATION
+- INSTANT
+- INTEGER
+- PATH
+- STRING

api/src/main/openapi/components/schemas/extension-config.yaml

@@ -0,0 +1,48 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  name:
+    description: Name of the config.
+    type: string
+  description:
+    type: string
+  type:
+    $ref: "./extension-config-type.yaml"
+  is_required:
+    description: >-
+      Whether this configuration is required.
+      Required configs can not be set to `null`.
+    type: boolean
+  is_secret:
+    description: >-
+      Whether this configuration's value is to be treated as secret.
+      Secret values are stored encrypted and not readable by API clients.
+    type: boolean
+  value:
+    description: |-
+      Value of the config.
+      
+      If the config is a secret, and the value is non-`null`, the value
+      returned by the API will be `***SECRET-PLACEHOLDER***`.
+    type: string
+required:
+- name
+- description
+- type
+- is_required
+- is_secret

api/src/main/openapi/components/schemas/invalid-extension-config.yaml

@@ -0,0 +1,30 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  name:
+    type: string
+    description: Name of the config that was found to be invalid
+  value:
+    type: string
+    description: The invalid value, if applicable
+  message:
+    type: string
+    description: Message explaining the error
+required:
+- name
+- message

api/src/main/openapi/components/schemas/invalid-extension-configs-problem-details.yaml

@@ -0,0 +1,27 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+allOf:
+- $ref: "./problem-details.yaml"
+properties:
+  invalid_configs:
+    type: array
+    items:
+      $ref: "./invalid-extension-config.yaml"
+    minItems: 1
+required:
+- invalid_configs

api/src/main/openapi/components/schemas/list-extension-configs-response.yaml

@@ -0,0 +1,24 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  configs:
+    type: array
+    items:
+      $ref: "./extension-config.yaml"
+required:
+- configs

api/src/main/openapi/components/schemas/list-extension-points-response-item.yaml

@@ -0,0 +1,22 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  name:
+    type: string
+required:
+- name

api/src/main/openapi/components/schemas/list-extension-points-response.yaml

@@ -0,0 +1,24 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  extension_points:
+    type: array
+    items:
+      $ref: "./list-extension-points-response-item.yaml"
+required:
+- extension_points

api/src/main/openapi/components/schemas/list-extensions-response-item.yaml

@@ -0,0 +1,22 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  name:
+    type: string
+required:
+- name

api/src/main/openapi/components/schemas/list-extensions-response.yaml

@@ -0,0 +1,24 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  extensions:
+    type: array
+    items:
+      $ref: "./list-extensions-response-item.yaml"
+required:
+- extensions

api/src/main/openapi/components/schemas/update-extension-configs-request-item.yaml

@@ -0,0 +1,33 @@
+# This file is part of Dependency-Track.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+type: object
+properties:
+  name:
+    description: Name of the config.
+    type: string
+    minLength: 1
+  value:
+    description: |-
+      Value of the config. Must match the config's type.
+      
+      If the corresponding config is a secret, the value `***SECRET-PLACEHOLDER***`
+      may be used to prevent it from being overwritten without having
+      to provide the clear text secret again.
+    type: string
+required:
+- name
+- value