Fix OpenAPI annotation problems for GitLab REST API
What does this MR do and why?
Annotations have been added to the REST API endpoints to allow for automatic generation of OpenAPI specifications. The module used to produce the OpenAPI documents does not have good guardrails against producing invalid documents. This has lead to a miss-use of the annotations in two places. This MR corrects the miss-uses.
Currently this bug does not impact users, only our internal usage of the document for performing security scans of our REST API, which is a requirement dictated by policies.
- This bug does not impact users, only internal usage of the document.
- No changelog is needed.
- No tests have been added
Verification
The goal of this change is to be able to perform DAST API against GitLab Rest API by using OpenAPI v2 file. The issue was that OpenAPI v2 file was generated using models, and the models used an array in one property instead of a string property. To ensure the file is properly parsed and can be consumed by DAST API, this MR has been set up.
The commit e2da145754e0fa8e8a7960be5845f9e8a8f94f8b has updated the openapi_v2.yaml
that is consumed by start-review-app-pipeline
-> dast_rest_api
. dast_rest_api
has been set up to use DAST API, and with latest generated openapi_v2.yaml
did not report any parsing error.
Here is the related pipeline
How to set up and validate locally
- Modify
lib/api/api.rb
to include modules. (SeeAdd Endpoints
, item 2.3 from this README. In my case I used latest modules frommaster
branch. The following modules were excluded since they were throwing errors when running locally:mount ::API::Members mount ::API::Templates
- regenerate
openapi_v2.yaml
. In my case, I normally delete the previous version, to ensure a new one gets created.bundle exec rake --trace gitlab:openapi:generate
- Use newly generated
doc/api/openapi/openapi_v2.yaml
in DAST API. the simplest way is to set up a project and use DAST API. - Execute the pipeline, and the
dast_api
job should not fail due to parsing errors.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #379037 (closed)