feat(mAPI): add PUT calls to update V4 APIs

Author: vikrantgravitee

gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/java/io/gravitee/rest/api/management/v2/rest/resource/api/ApiResource.java

@@ -21,8 +21,11 @@
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
 
+import io.gravitee.apim.core.api.domain_service.OAIDomainService;
+import io.gravitee.apim.core.api.exception.InvalidPathsException;
 import io.gravitee.apim.core.api.model.UpdateNativeApi;
 import io.gravitee.apim.core.api.model.crd.IDExportStrategy;
+import io.gravitee.apim.core.api.model.import_definition.ImportDefinition;
 import io.gravitee.apim.core.api.model.utils.MigrationResult;
 import io.gravitee.apim.core.api.use_case.DetachAutomatedApiUseCase;
 import io.gravitee.apim.core.api.use_case.ExportApiCRDUseCase;
@@ -31,6 +34,7 @@
 import io.gravitee.apim.core.api.use_case.GetExposedEntrypointsUseCase;
 import io.gravitee.apim.core.api.use_case.MigrateApiUseCase;
 import io.gravitee.apim.core.api.use_case.RollbackApiUseCase;
+import io.gravitee.apim.core.api.use_case.UpdateApiDefinitionUseCase;
 import io.gravitee.apim.core.api.use_case.UpdateFederatedApiUseCase;
 import io.gravitee.apim.core.api.use_case.UpdateNativeApiUseCase;
 import io.gravitee.apim.core.audit.model.AuditActor;
@@ -59,6 +63,8 @@
 import io.gravitee.rest.api.management.v2.rest.model.ApiTransferOwnership;
 import io.gravitee.rest.api.management.v2.rest.model.DuplicateApiOptions;
 import io.gravitee.rest.api.management.v2.rest.model.Error;
+import io.gravitee.rest.api.management.v2.rest.model.ExportApiV4;
+import io.gravitee.rest.api.management.v2.rest.model.ImportSwaggerDescriptor;
 import io.gravitee.rest.api.management.v2.rest.model.MigrationReportResponses;
 import io.gravitee.rest.api.management.v2.rest.model.MigrationReportResponsesIssuesInner;
 import io.gravitee.rest.api.management.v2.rest.model.MigrationStateType;
@@ -84,6 +90,7 @@
 import io.gravitee.rest.api.management.v2.rest.resource.documentation.ApiPagesResource;
 import io.gravitee.rest.api.management.v2.rest.resource.param.LifecycleAction;
 import io.gravitee.rest.api.management.v2.rest.resource.param.PaginationParam;
+import io.gravitee.rest.api.model.ImportSwaggerDescriptorEntity;
 import io.gravitee.rest.api.model.InlinePictureEntity;
 import io.gravitee.rest.api.model.MembershipMemberType;
 import io.gravitee.rest.api.model.RoleEntity;
@@ -127,6 +134,7 @@
 import io.gravitee.rest.api.service.v4.ApiLicenseService;
 import io.gravitee.rest.api.service.v4.ApiStateService;
 import io.gravitee.rest.api.service.v4.ApiWorkflowStateService;
+import io.gravitee.rest.api.service.v4.exception.InvalidPathException;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import jakarta.annotation.Nullable;
 import jakarta.inject.Inject;
@@ -247,6 +255,12 @@ public class ApiResource extends AbstractResource {
     @Inject
     private DetachAutomatedApiUseCase detachAutomatedApiUseCase;
 
+    @Inject
+    private UpdateApiDefinitionUseCase updateApiDefinitionUseCase;
+
+    @Inject
+    private OAIDomainService oaiDomainService;
+
     @Context
     protected UriInfo uriInfo;
 
@@ -322,6 +336,69 @@ public Response getApiById(@PathParam("apiId") String apiId) {
         return apiResponse(apiEntity);
     }
 
+    @PUT
+    @Path("/_import/definition")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Permissions({ @Permission(value = RolePermission.API_DEFINITION, acls = RolePermissionAction.UPDATE) })
+    public Response updateApiWithDefinition(@PathParam("apiId") String apiId, @Valid ExportApiV4 apiToImport) {
+        verifyApiImage(apiToImport.getApiPicture(), "picture");
+        verifyApiImage(apiToImport.getApiBackground(), "background");
+
+        ImportDefinition importDefinition = ImportExportApiMapper.INSTANCE.toImportDefinition(apiToImport);
+
+        try {
+            var audit = getAuditInfo();
+            UpdateApiDefinitionUseCase.Output output = updateApiDefinitionUseCase.execute(
+                new UpdateApiDefinitionUseCase.Input(apiId, importDefinition, audit)
+            );
+
+            boolean isSynchronized = apiStateService.isSynchronized(
+                GraviteeContext.getExecutionContext(),
+                getGenericApiEntityById(apiId, false)
+            );
+
+            return Response.ok().entity(ApiMapper.INSTANCE.map(output.apiWithFlows(), uriInfo, isSynchronized)).build();
+        } catch (InvalidPathsException e) {
+            throw new InvalidPathException("Cannot import API with invalid paths", e);
+        }
+    }
+
+    @PUT
+    @Path("/_import/swagger")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Permissions({ @Permission(value = RolePermission.API_DEFINITION, acls = RolePermissionAction.UPDATE) })
+    public Response updateApiFromSwagger(@PathParam("apiId") String apiId, @Valid @NotNull ImportSwaggerDescriptor descriptor) {
+        try {
+            var audit = getAuditInfo();
+            var importSwaggerDescriptor = ImportSwaggerDescriptorEntity.builder()
+                .payload(descriptor.getPayload())
+                .withDocumentation(Boolean.TRUE.equals(descriptor.getWithDocumentation()))
+                .build();
+
+            var importDefinition = oaiDomainService.convert(
+                audit.organizationId(),
+                audit.environmentId(),
+                importSwaggerDescriptor,
+                Boolean.TRUE.equals(descriptor.getWithDocumentation()),
+                Boolean.TRUE.equals(descriptor.getWithOASValidationPolicy())
+            );
+
+            UpdateApiDefinitionUseCase.Output output = updateApiDefinitionUseCase.execute(
+                new UpdateApiDefinitionUseCase.Input(apiId, importDefinition, audit)
+            );
+
+            boolean isSynchronized = apiStateService.isSynchronized(
+                GraviteeContext.getExecutionContext(),
+                getGenericApiEntityById(apiId, false)
+            );
+            return Response.ok().entity(ApiMapper.INSTANCE.map(output.apiWithFlows(), uriInfo, isSynchronized)).build();
+        } catch (InvalidPathsException e) {
+            throw new InvalidPathException("Cannot import API with invalid paths", e);
+        }
+    }
+
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
@@ -1169,4 +1246,13 @@ private void assertNoPrimaryOwnerReassignment(String poRole) {
             throw new TransferOwnershipNotAllowedException(poRole);
         }
     }
+
+    private static void verifyApiImage(String imageContent, String imageUsage) {
+        try {
+            ImageUtils.verify(imageContent);
+        } catch (InvalidImageException e) {
+            log.warn("Error while parsing {} while importing api", imageUsage, e);
+            throw new BadRequestException("Invalid image format for api " + imageUsage);
+        }
+    }
 }

gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/main/resources/openapi/openapi-apis.yaml

@@ -561,6 +561,66 @@ paths:
                                 $ref: "#/components/schemas/ExportApiV4"
                 default:
                     $ref: "#/components/responses/Error"
+    /environments/{envId}/apis/{apiId}/_import/definition:
+        parameters:
+            - $ref: "#/components/parameters/envIdParam"
+            - $ref: "#/components/parameters/apiIdParam"
+        put:
+            tags:
+                - APIs
+            summary: Update API from definition
+            description: |-
+                Update an existing API by importing a Gravitee API definition.<br>
+                This definition can be retrieved from `GET /environments/{envId}/apis/{apiId}/_export/definition`
+
+                User must have the API_DEFINITION[UPDATE] permission.
+            operationId: updateApiWithDefinition
+            requestBody:
+                content:
+                    application/json:
+                        schema:
+                            $ref: "#/components/schemas/ExportApiV4"
+                required: true
+            responses:
+                "200":
+                    description: API successfully updated
+                    content:
+                        application/json:
+                            schema:
+                                $ref: "#/components/schemas/ApiV4"
+                default:
+                    $ref: "#/components/responses/Error"
+
+    /environments/{envId}/apis/{apiId}/_import/swagger:
+        parameters:
+            - $ref: "#/components/parameters/envIdParam"
+            - $ref: "#/components/parameters/apiIdParam"
+        put:
+            tags:
+                - APIs
+            summary: Update API from OpenAPI descriptor
+            description: |-
+                Update an existing API by importing an OpenAPI (Swagger) descriptor.<br>
+                The descriptor payload must be a valid OpenAPI 2.x or 3.x document in JSON or YAML format.
+
+                User must have the API_DEFINITION[UPDATE] permission.
+            operationId: updateApiFromSwagger
+            requestBody:
+                content:
+                    application/json:
+                        schema:
+                            $ref: "#/components/schemas/ImportSwaggerDescriptor"
+                required: true
+            responses:
+                "200":
+                    description: API successfully updated
+                    content:
+                        application/json:
+                            schema:
+                                $ref: "#/components/schemas/ApiV4"
+                default:
+                    $ref: "#/components/responses/Error"
+
     /environments/{envId}/apis/{apiId}/_start:
         parameters:
             - $ref: "#/components/parameters/envIdParam"

gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/resource/AbstractResourceTest.java

@@ -39,8 +39,10 @@
 import inmemory.UserCrudServiceInMemory;
 import inmemory.UserDomainServiceInMemory;
 import io.gravitee.apim.core.api.domain_service.CategoryDomainService;
+import io.gravitee.apim.core.api.domain_service.OAIDomainService;
 import io.gravitee.apim.core.api.domain_service.VerifyApiPathDomainService;
 import io.gravitee.apim.core.api.use_case.ExportApiUseCase;
+import io.gravitee.apim.core.api.use_case.UpdateApiDefinitionUseCase;
 import io.gravitee.apim.core.group.model.Group;
 import io.gravitee.apim.core.specgen.use_case.SpecGenRequestUseCase;
 import io.gravitee.apim.core.user.model.BaseUserEntity;
@@ -122,6 +124,12 @@ public abstract class AbstractResourceTest extends JerseySpringTest {
     @Autowired
     protected ExportApiUseCase exportApiUseCase;
 
+    @Autowired
+    protected UpdateApiDefinitionUseCase updateApiDefinitionUseCase;
+
+    @Autowired
+    protected OAIDomainService oaiDomainService;
+
     @Autowired
     protected PermissionService permissionService;
 

gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/resource/api/ApiResourceTest.java

@@ -53,7 +53,9 @@ public void init() throws TechnicalException {
             apiWorkflowStateService,
             roleService,
             apiDuplicatorService,
-            apiDuplicateService
+            apiDuplicateService,
+            updateApiDefinitionUseCase,
+            oaiDomainService
         );
         GraviteeContext.cleanContext();
 

gravitee-apim-rest-api/gravitee-apim-rest-api-management-v2/gravitee-apim-rest-api-management-v2-rest/src/test/java/io/gravitee/rest/api/management/v2/rest/resource/api/ApiResource_UpdateApiFromSwaggerTest.java

@@ -0,0 +1,115 @@
+/*
+ * Copyright © 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.rest.api.management.v2.rest.resource.api;
+
+import static io.gravitee.common.http.HttpStatusCode.BAD_REQUEST_400;
+import static io.gravitee.common.http.HttpStatusCode.FORBIDDEN_403;
+import static io.gravitee.common.http.HttpStatusCode.NOT_FOUND_404;
+import static io.gravitee.common.http.HttpStatusCode.OK_200;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+import fixtures.core.model.ApiFixtures;
+import io.gravitee.apim.core.api.exception.ApiNotFoundException;
+import io.gravitee.apim.core.api.exception.InvalidPathsException;
+import io.gravitee.apim.core.api.model.ApiWithFlows;
+import io.gravitee.apim.core.api.model.import_definition.ImportDefinition;
+import io.gravitee.apim.core.api.use_case.UpdateApiDefinitionUseCase;
+import io.gravitee.rest.api.management.v2.rest.model.ApiV4;
+import io.gravitee.rest.api.management.v2.rest.model.ImportSwaggerDescriptor;
+import io.gravitee.rest.api.model.permissions.RolePermission;
+import io.gravitee.rest.api.model.permissions.RolePermissionAction;
+import io.gravitee.rest.api.service.common.GraviteeContext;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import org.junit.jupiter.api.Test;
+
+class ApiResource_UpdateApiFromSwaggerTest extends ApiResourceTest {
+
+    @Override
+    protected String contextPath() {
+        return "/environments/" + ENVIRONMENT + "/apis/" + API + "/_import/swagger";
+    }
+
+    @Test
+    void should_return_403_when_no_definition_update_permission() {
+        when(
+            permissionService.hasPermission(
+                GraviteeContext.getExecutionContext(),
+                RolePermission.API_DEFINITION,
+                API,
+                RolePermissionAction.UPDATE
+            )
+        ).thenReturn(false);
+
+        Response response = rootTarget().request().put(Entity.json(new ImportSwaggerDescriptor()));
+
+        assertThat(response.getStatus()).isEqualTo(FORBIDDEN_403);
+    }
+
+    @Test
+    void should_return_404_when_api_not_found() {
+        when(oaiDomainService.convert(any(), any(), any(), any(Boolean.class), any(Boolean.class))).thenReturn(
+            ImportDefinition.builder().build()
+        );
+        when(updateApiDefinitionUseCase.execute(any())).thenThrow(new ApiNotFoundException(API));
+
+        Response response = rootTarget().request().put(Entity.entity(buildDescriptor("{}"), MediaType.APPLICATION_JSON));
+
+        assertThat(response.getStatus()).isEqualTo(NOT_FOUND_404);
+    }
+
+    @Test
+    void should_return_200_and_updated_api_on_success() {
+        var existingApi = ApiFixtures.aProxyApiV4().toBuilder().id(API).environmentId(ENVIRONMENT).build();
+        var apiWithFlows = new ApiWithFlows(existingApi, java.util.List.of());
+
+        when(oaiDomainService.convert(any(), any(), any(), any(Boolean.class), any(Boolean.class))).thenReturn(
+            ImportDefinition.builder().build()
+        );
+        when(updateApiDefinitionUseCase.execute(any())).thenReturn(new UpdateApiDefinitionUseCase.Output(apiWithFlows));
+        when(apiSearchServiceV4.findById(GraviteeContext.getExecutionContext(), API)).thenReturn(
+            io.gravitee.rest.api.model.v4.api.ApiEntity.builder().id(API).name("Test API").apiVersion("1.0").build()
+        );
+
+        Response response = rootTarget().request().put(Entity.entity(buildDescriptor("{}"), MediaType.APPLICATION_JSON));
+
+        assertThat(response.getStatus()).isEqualTo(OK_200);
+        var body = response.readEntity(ApiV4.class);
+        assertThat(body).isNotNull();
+        assertThat(body.getId()).isEqualTo(API);
+    }
+
+    @Test
+    void should_return_400_when_invalid_paths_exception() {
+        when(oaiDomainService.convert(any(), any(), any(), any(Boolean.class), any(Boolean.class))).thenReturn(
+            ImportDefinition.builder().build()
+        );
+        when(updateApiDefinitionUseCase.execute(any())).thenThrow(new InvalidPathsException("Path [/foo] already exists"));
+
+        Response response = rootTarget().request().put(Entity.entity(buildDescriptor("{}"), MediaType.APPLICATION_JSON));
+
+        assertThat(response.getStatus()).isEqualTo(BAD_REQUEST_400);
+    }
+
+    private ImportSwaggerDescriptor buildDescriptor(String payload) {
+        var descriptor = new ImportSwaggerDescriptor();
+        descriptor.setPayload(payload);
+        return descriptor;
+    }
+}