Merge branch 'master' of github.com:networknt/light-rest-4j

Author: stevehu

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change Log
 
+## [2.2.1](https://github.com/networknt/light-rest-4j/tree/2.2.1) (2025-03-22)
+
+
+**Merged pull requests:**
+
+
+- Added generated json-schema and yaml annotations to REST configs. [\#412](https://github.com/networknt/light-rest-4j/pull/412) ([KalevGonvick](https://github.com/KalevGonvick))
+
+
 ## [2.2.0](https://github.com/networknt/light-rest-4j/tree/2.2.0) (2025-02-12)
 
 

access-control/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>com.networknt</groupId>
         <artifactId>light-rest-4j</artifactId>
-        <version>2.2.1-SNAPSHOT</version>
+        <version>2.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

access-control/src/main/java/com/networknt/openapi/AccessControlConfig.java

@@ -18,6 +18,7 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.networknt.config.Config;
 import com.networknt.config.ConfigException;
+import com.networknt.config.schema.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -26,6 +27,13 @@
 import java.util.List;
 import java.util.Map;
 
+@ConfigSchema(
+        configName = "access-control",
+        configKey = "access-control",
+        configDescription = "AccessControlHandler will be the last middleware handler before the proxy on the sidecar or the last\n" +
+                "one before the business handler to handle the fine-grained authorization in the business domain.",
+        outputFormats = {OutputFormat.JSON_SCHEMA, OutputFormat.YAML}
+)
 class AccessControlConfig {
     private static final Logger logger = LoggerFactory.getLogger(AccessControlConfig.class);
     public static final String CONFIG_NAME = "access-control";
@@ -37,11 +45,48 @@ class AccessControlConfig {
     private Map<String, Object> mappedConfig;
     private final Config config;
 
+    @BooleanField(
+            configFieldName = ENABLED,
+            externalizedKeyName =  ENABLED,
+            externalized = true,
+            defaultValue = true,
+            description = "Enable Access Control Handler"
+    )
     boolean enabled;
+
+    @StringField(
+        configFieldName = ACCESS_RULE_LOGIC,
+        externalizedKeyName = ACCESS_RULE_LOGIC,
+        externalized = true,
+        defaultValue = "any",
+        description = "If there are multiple rules, the logic to combine them can be any or all. The default is any, and it\n" +
+                "means that any rule is satisfied, the access is granted. If all is set, all rules must be satisfied."
+    )
     String accessRuleLogic;
+
+    @BooleanField(
+            configFieldName = DEFAULT_DENY,
+            externalizedKeyName = DEFAULT_DENY,
+            externalized = true,
+            defaultValue = true,
+            description = "If there is no access rule defined for the endpoint, default access is denied. Users can overwrite\n" +
+                    "this default action by setting this config value to false. If true, the handle will force users to\n" +
+                    "define the rules for each endpoint when the access control handler is enabled."
+    )
     boolean defaultDeny;
-    private List<String> skipPathPrefixes;
 
+    @ArrayField(
+            configFieldName = SKIP_PATH_PREFIXES,
+            externalizedKeyName = SKIP_PATH_PREFIXES,
+            externalized = true,
+            description = "Define a list of path prefixes to skip the access-control to ease the configuration for the handler.yml\n" +
+                    "so that users can define some endpoint without fine-grained access-control security even through it uses\n" +
+                    "the default chain. This is useful if some endpoints want to skip the fine-grained access control in the\n" +
+                    "application. The format is a list of strings separated with commas or a JSON list in values.yml definition\n" +
+                    "from config server, or you can use yaml format in externalized access-control.yml file.",
+            items = String.class
+    )
+    private List<String> skipPathPrefixes;
 
     private AccessControlConfig() {
         this(CONFIG_NAME);

access-control/src/main/resources/config/access-control-schema.json

@@ -0,0 +1,29 @@
+{
+  "$schema" : "http://json-schema.org/draft-07/schema#",
+  "type" : "object",
+  "required" : [ "enabled", "accessRuleLogic", "defaultDeny", "skipPathPrefixes" ],
+  "properties" : {
+    "enabled" : {
+      "type" : "boolean",
+      "description" : "Enable Access Control Handler",
+      "default" : true
+    },
+    "accessRuleLogic" : {
+      "type" : "string",
+      "description" : "If there are multiple rules, the logic to combine them can be any or all. The default is any, and it\nmeans that any rule is satisfied, the access is granted. If all is set, all rules must be satisfied.",
+      "default" : "any"
+    },
+    "defaultDeny" : {
+      "type" : "boolean",
+      "description" : "If there is no access rule defined for the endpoint, default access is denied. Users can overwrite\nthis default action by setting this config value to false. If true, the handle will force users to\ndefine the rules for each endpoint when the access control handler is enabled.",
+      "default" : true
+    },
+    "skipPathPrefixes" : {
+      "type" : "array",
+      "description" : "Define a list of path prefixes to skip the access-control to ease the configuration for the handler.yml\nso that users can define some endpoint without fine-grained access-control security even through it uses\nthe default chain. This is useful if some endpoints want to skip the fine-grained access control in the\napplication. The format is a list of strings separated with commas or a JSON list in values.yml definition\nfrom config server, or you can use yaml format in externalized access-control.yml file.",
+      "items" : {
+        "type" : "string"
+      }
+    }
+  }
+}

access-control/src/main/resources/config/access-control.yaml

@@ -0,0 +1,17 @@
+# AccessControlHandler will be the last middleware handler before the proxy on the sidecar or the last
+# one before the business handler to handle the fine-grained authorization in the business domain.
+# Enable Access Control Handler
+enabled: ${access-control.enabled:true}
+# If there are multiple rules, the logic to combine them can be any or all. The default is any, and it
+# means that any rule is satisfied, the access is granted. If all is set, all rules must be satisfied.
+accessRuleLogic: ${access-control.accessRuleLogic:any}
+# If there is no access rule defined for the endpoint, default access is denied. Users can overwrite
+# this default action by setting this config value to false. If true, the handle will force users to
+# define the rules for each endpoint when the access control handler is enabled.
+defaultDeny: ${access-control.defaultDeny:true}
+# Define a list of path prefixes to skip the access-control to ease the configuration for the handler.yml
+# so that users can define some endpoint without fine-grained access-control security even through it uses
+# the default chain. This is useful if some endpoints want to skip the fine-grained access control in the
+# application. The format is a list of strings separated with commas or a JSON list in values.yml definition
+# from config server, or you can use yaml format in externalized access-control.yml file.
+skipPathPrefixes: ${access-control.skipPathPrefixes:}

openapi-config/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>com.networknt</groupId>
         <artifactId>light-rest-4j</artifactId>
-        <version>2.2.1-SNAPSHOT</version>
+        <version>2.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

openapi-config/src/main/java/com/networknt/openapi/OpenApiHandlerConfig.java

@@ -3,20 +3,63 @@
 import com.networknt.config.Config;
 import com.networknt.config.ConfigException;
 import com.networknt.config.JsonMapper;
+import com.networknt.config.schema.BooleanField;
+import com.networknt.config.schema.ConfigSchema;
+import com.networknt.config.schema.MapField;
+import com.networknt.config.schema.OutputFormat;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.util.*;
 
+@ConfigSchema(
+        configName = "openapi-handler",
+        configKey = "openapi-handler",
+        configDescription = "openapi-handler.yml",
+        outputFormats = {OutputFormat.JSON_SCHEMA, OutputFormat.YAML}
+)
 public class OpenApiHandlerConfig {
     private static final Logger logger = LoggerFactory.getLogger(OpenApiHandlerConfig.class);
     public static final String CONFIG_NAME = "openapi-handler";
     private static final String MULTIPLE_SPEC = "multipleSpec";
     private static final String IGNORE_INVALID_PATH = "ignoreInvalidPath";
     private static final String PATH_SPEC_MAPPING = "pathSpecMapping";
 
+    @BooleanField(
+        configFieldName = MULTIPLE_SPEC,
+        externalizedKeyName = MULTIPLE_SPEC,
+        externalized = true,
+        description = "This configuration file is used to support multiple OpenAPI " +
+                "specifications in the same light-rest-4j instance.\n" +
+                "An indicator to allow multiple openapi specifications. " +
+                "Default to false which only allow one spec named openapi.yml or openapi.yaml or openapi.json."
+    )
     boolean multipleSpec;
+
+    @BooleanField(
+            configFieldName = IGNORE_INVALID_PATH,
+            externalizedKeyName = IGNORE_INVALID_PATH,
+            externalized = true,
+            description = "When the OpenApiHandler is used in a shared gateway and some backend APIs have no " +
+                    "specifications deployed on the gateway, the handler will return\n" +
+                    "an invalid request path error to the client. " +
+                    "To allow the call to pass through the OpenApiHandler and route to the backend APIs, you can set this\n" +
+                    "flag to true. In this mode, the handler will only add the endpoint " +
+                    "specification to the auditInfo if it can find it. " +
+                    "Otherwise, it will pass through."
+    )
     boolean ignoreInvalidPath;
+
+    @MapField(
+            configFieldName = PATH_SPEC_MAPPING,
+            externalizedKeyName = PATH_SPEC_MAPPING,
+            externalized = true,
+            description = "Path to spec mapping. One or more base paths can map to the same specifications. " +
+                    "The key is the base path and the value is the specification name.\n" +
+                    "If users want to use multiple specification files in the same instance, " +
+                    "each specification must have a unique base path and it must be set as key.",
+            valueType = String.class
+    )
     Map<String, Object> pathSpecMapping;
 
     private final Config config;

openapi-config/src/main/resources/config/openapi-handler-schema.json

@@ -0,0 +1,22 @@
+{
+  "$schema" : "http://json-schema.org/draft-07/schema#",
+  "type" : "object",
+  "required" : [ "multipleSpec", "ignoreInvalidPath", "pathSpecMapping" ],
+  "properties" : {
+    "multipleSpec" : {
+      "type" : "boolean",
+      "description" : "This configuration file is used to support multiple OpenAPI specifications in the same light-rest-4j instance.\nAn indicator to allow multiple openapi specifications. Default to false which only allow one spec named openapi.yml or openapi.yaml or openapi.json."
+    },
+    "ignoreInvalidPath" : {
+      "type" : "boolean",
+      "description" : "When the OpenApiHandler is used in a shared gateway and some backend APIs have no specifications deployed on the gateway, the handler will return\nan invalid request path error to the client. To allow the call to pass through the OpenApiHandler and route to the backend APIs, you can set this\nflag to true. In this mode, the handler will only add the endpoint specification to the auditInfo if it can find it. Otherwise, it will pass through."
+    },
+    "pathSpecMapping" : {
+      "type" : "object",
+      "description" : "Path to spec mapping. One or more base paths can map to the same specifications. The key is the base path and the value is the specification name.\nIf users want to use multiple specification files in the same instance, each specification must have a unique base path and it must be set as key.",
+      "additionalProperties" : {
+        "type" : "string"
+      }
+    }
+  }
+}

openapi-config/src/main/resources/config/openapi-handler.yaml

@@ -0,0 +1,11 @@
+# openapi-handler.yml
+# This configuration file is used to support multiple OpenAPI specifications in the same light-rest-4j instance.
+# An indicator to allow multiple openapi specifications. Default to false which only allow one spec named openapi.yml or openapi.yaml or openapi.json.
+multipleSpec: ${openapi-handler.multipleSpec:false}
+# When the OpenApiHandler is used in a shared gateway and some backend APIs have no specifications deployed on the gateway, the handler will return
+# an invalid request path error to the client. To allow the call to pass through the OpenApiHandler and route to the backend APIs, you can set this
+# flag to true. In this mode, the handler will only add the endpoint specification to the auditInfo if it can find it. Otherwise, it will pass through.
+ignoreInvalidPath: ${openapi-handler.ignoreInvalidPath:false}
+# Path to spec mapping. One or more base paths can map to the same specifications. The key is the base path and the value is the specification name.
+# If users want to use multiple specification files in the same instance, each specification must have a unique base path and it must be set as key.
+pathSpecMapping: ${openapi-handler.pathSpecMapping:}

openapi-meta/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>com.networknt</groupId>
         <artifactId>light-rest-4j</artifactId>
-        <version>2.2.1-SNAPSHOT</version>
+        <version>2.2.1</version>
         <relativePath>../pom.xml</relativePath>
     </parent>