Merge pull request #74 from samuzzal-choudhury/user_repo_api

Added dummy user-repo endpoints with swagger spec

src/rest_api.py

@@ -135,6 +135,78 @@ def report():
         return flask.jsonify(response), 404
 
 
+@app.route('/api/v1/user-repo/scan', methods=['POST'])
+@login_required
+def user_repo_scan():
+    """
+    Endpoint for scanning an OSIO user's repository.
+
+    Runs a scan to find out security vulnerability in a user's repository
+    """
+    resp_dict = {
+        "status": "success",
+        "summary": ""
+    }
+
+    if request.content_type != 'application/json':
+        resp_dict["status"] = "failure"
+        resp_dict["summary"] = "Set content type to application/json"
+        return flask.jsonify(resp_dict), 400
+
+    input_json = request.get_json()
+
+    # Return a dummy response for the endpoint while the development is in progress
+    return flask.jsonify({'summary': 'Repository scan initiated'}), 200
+
+
+@app.route('/api/v1/user-repo/notify', methods=['POST'])
+@login_required
+def notify_user():
+    """
+    Endpoint for notifying security vulnerability in a repository.
+
+    Runs a scan to find out security vulnerability in a user's repository
+    """
+    resp_dict = {
+        "status": "success",
+        "summary": ""
+    }
+
+    if request.content_type != 'application/json':
+        resp_dict["status"] = "failure"
+        resp_dict["summary"] = "Set content type to application/json"
+        return flask.jsonify(resp_dict), 400
+
+    input_json = request.get_json()
+
+    # Return a dummy response for the endpoint while the development is in progress
+    return flask.jsonify({'summary': 'Notification service called'}), 200
+
+
+@app.route('/api/v1/user-repo/drop', methods=['POST'])
+@login_required
+def drop():
+    """
+    Endpoint to stop monitoring OSIO users' repository.
+
+    Runs a scan to find out security vulnerability in a user's repository
+    """
+    resp_dict = {
+        "status": "success",
+        "summary": ""
+    }
+
+    if request.content_type != 'application/json':
+        resp_dict["status"] = "failure"
+        resp_dict["summary"] = "Set content type to application/json"
+        return flask.jsonify(resp_dict), 400
+
+    input_json = request.get_json()
+
+    # Return a dummy response for the endpoint while the development is in progress
+    return flask.jsonify({'summary': 'Repository scan unsubscribed'}), 200
+
+
 @app.errorhandler(HTTPError)
 def handle_error(e):  # pragma: no cover
     """Handle http error response."""

swagger.yaml

@@ -82,6 +82,90 @@ paths:
           description: Request unauthorized
         '404':
           description: Data not found
+  '/user-repo/scan':
+    post:
+      tags:
+        - Scan Services
+      operationId: f8a_scanner.api_v1.scan
+      summary: Scan an OSIO user repository. This will be called by the OSIO platform whenever a new repository is added to a space. The client request requires OSIO user token in the authorization header.
+      consumes:
+        - application/json
+      produces:
+        - application/json
+      parameters:
+        - in: body
+          name: repo
+          description: repository url
+          required: true
+          schema:
+            $ref: '#/definitions/UserRepoInput'
+      responses:
+        '200':
+          description: Repository scan initiated
+        '400':
+          description: Bad request from the client
+        '401':
+          description: Request unauthorized
+        '404':
+          description: Data not found
+        '500':
+          description: Internal server error
+  '/user-repo/notify':
+    post:
+      tags:
+        - Scan Services
+      operationId: f8a_scanner.api_v1.notify
+      summary: Call the notification service with the scan report.
+      consumes:
+        - application/json
+      produces:
+        - application/json
+      parameters:
+        - in: body
+          name: repo
+          description: List of ecosystem-package-version
+          required: true
+          schema:
+            $ref: '#/definitions/EPVList'
+      responses:
+        '200':
+          description: Notification service called
+        '400':
+          description: Bad request from the client
+        '401':
+          description: Request unauthorized
+        '404':
+          description: Data not found
+        '500':
+          description: Internal server error
+  '/user-repo/drop':
+    post:
+      tags:
+        - Scan Services
+      operationId: f8a_scanner.api_v1.drop
+      summary: Stop monitoring an OSIO user repository. This will be triggered by the platform whenever a codebase is removed from a space. The client request requires OSIO user token in the authorization header.
+      consumes:
+        - application/json
+      produces:
+        - application/json
+      parameters:
+        - in: body
+          name: repo
+          description: repository url and email id
+          required: true
+          schema:
+            $ref: '#/definitions/UserRepoInput'
+      responses:
+        '200':
+          description: Repository scan unsubscribed
+        '400':
+          description: Bad request from the client
+        '401':
+          description: Request unauthorized
+        '404':
+          description: Data not found
+        '500':
+          description: Internal server error
 definitions:
   RegisterResponse:
     title: Response Data for Register Endpoint
@@ -141,4 +225,31 @@ definitions:
         type: string
       git-sha:
         type: string
-
+  UserRepoInput:
+    title: User Repository Scan Inputs
+    description: Parameters to call user repository scan
+    properties:
+      git-url:
+        type: string
+      email-ids:
+        type: array
+        items:
+          type: string
+  EPV:
+    title: EPV
+    description: Describes EPV
+    properties:
+      ecosystem:
+        type: string
+      name:
+        type: string
+      version:
+        type: string
+  EPVList:
+    title: User Repository notify inputs
+    description: Parameters to call user repository notify
+    properties:
+      epv_list:
+        type: array
+        items:
+          $ref: '#/definitions/EPV'

tests/test_rest_api.py

@@ -14,6 +14,22 @@
     "git-sha": "sha"
 }
 
+payload_user_repo_scan_drop = {
+    "git-url": "test",
+    "email-ids": ["[email protected]"]
+}
+
+
+payload_user_repo_notify = {
+    "epv_list": [
+        {
+            "ecosystem": "maven",
+            "name": "io.vertx:vertx-core",
+            "version": "3.5.2"
+        }
+    ]
+}
+
 
 def api_route_for(route):
     """Construct an URL to the endpoint for given route."""
@@ -162,3 +178,27 @@ def test_register_endpoint_6(get_info, client):
                            data=json.dumps(payload),
                            content_type='application/json')
     assert reg_resp.status_code == 500
+
+
+def test_scan_endpoint(client):
+    """Test the /api/v1/user-repo/scan endpoint."""
+    reg_resp = client.post(api_route_for('user-repo/scan'),
+                           data=json.dumps(payload_user_repo_scan_drop),
+                           content_type='application/json')
+    assert reg_resp.status_code == 200
+
+
+def test_drop_endpoint(client):
+    """Test the /api/v1/user-repo/drop endpoint."""
+    reg_resp = client.post(api_route_for('user-repo/scan'),
+                           data=json.dumps(payload_user_repo_scan_drop),
+                           content_type='application/json')
+    assert reg_resp.status_code == 200
+
+
+def test_notify_endpoint(client):
+    """Test the /api/v1/user-repo/notify endpoint."""
+    reg_resp = client.post(api_route_for('user-repo/scan'),
+                           data=json.dumps(payload_user_repo_notify),
+                           content_type='application/json')
+    assert reg_resp.status_code == 200