fix(scanoss): Make the API key an optional secret again

Before 40fa386 the API key effectively was optional as a missing key was
turned into an empty string via

    val apiKey = secrets[API_KEY_PROPERTY].orEmpty()

Restore that behavior by using the empty string as a default value.

Also, the API key actually was a secret instead of a regular option,
which is corrected now, too.

Signed-off-by: Sebastian Schuberth <[email protected]>

Author: sschuberth

plugins/scanners/scanoss/src/main/kotlin/ScanOss.kt

@@ -54,7 +54,7 @@ class ScanOss(
     private val service = ScanApi.builder()
         // As there is only a single endpoint, the SCANOSS API client expects the path to be part of the API URL.
         .url(config.apiUrl.removeSuffix("/") + "/scan/direct")
-        .apiKey(config.apiKey)
+        .apiKey(config.apiKey.value)
         .build()
 
     override val version: String by lazy {

plugins/scanners/scanoss/src/main/kotlin/ScanOssConfig.kt

@@ -20,14 +20,16 @@
 package org.ossreviewtoolkit.plugins.scanners.scanoss
 
 import org.ossreviewtoolkit.plugins.api.OrtPluginOption
+import org.ossreviewtoolkit.plugins.api.Secret
 
 data class ScanOssConfig(
     /** The URL of the ScanOSS server. */
     @OrtPluginOption(defaultValue = "https://api.osskb.org/")
     val apiUrl: String,
 
-    /** The API key required to authenticate with the ScanOSS server. */
-    val apiKey: String,
+    /** The API key used to authenticate with the ScanOSS server. */
+    @OrtPluginOption(defaultValue = "")
+    val apiKey: Secret,
 
     /**
      * A regular expression to match the scanner name when looking up scan results in the storage.

plugins/scanners/scanoss/src/test/kotlin/ScanOssScannerDirectoryTest.kt

@@ -42,6 +42,7 @@ import org.ossreviewtoolkit.model.SnippetFinding
 import org.ossreviewtoolkit.model.TextLocation
 import org.ossreviewtoolkit.model.VcsInfo
 import org.ossreviewtoolkit.model.VcsType
+import org.ossreviewtoolkit.plugins.api.Secret
 import org.ossreviewtoolkit.scanner.ScanContext
 import org.ossreviewtoolkit.utils.spdx.SpdxExpression
 
@@ -61,7 +62,7 @@ class ScanOssScannerDirectoryTest : StringSpec({
 
     beforeSpec {
         server.start()
-        scanner = spyk(ScanOssFactory.create(apiUrl = "http://localhost:${server.port()}", apiKey = ""))
+        scanner = spyk(ScanOssFactory.create(apiUrl = "http://localhost:${server.port()}", apiKey = Secret("")))
     }
 
     afterSpec {

plugins/scanners/scanoss/src/test/kotlin/ScanOssScannerFileTest.kt

@@ -36,6 +36,7 @@ import java.util.UUID
 import org.ossreviewtoolkit.model.LicenseFinding
 import org.ossreviewtoolkit.model.PackageType
 import org.ossreviewtoolkit.model.TextLocation
+import org.ossreviewtoolkit.plugins.api.Secret
 import org.ossreviewtoolkit.scanner.ScanContext
 
 private val TEST_FILE_TO_SCAN = File("src/test/assets/filesToScan/ScannerFactory.kt")
@@ -54,7 +55,7 @@ class ScanOssScannerFileTest : StringSpec({
 
     beforeSpec {
         server.start()
-        scanner = spyk(ScanOssFactory.create(apiUrl = "http://localhost:${server.port()}", apiKey = ""))
+        scanner = spyk(ScanOssFactory.create(apiUrl = "http://localhost:${server.port()}", apiKey = Secret("")))
     }
 
     afterSpec {