Updated open api file for encryption parts #3250

mercedes-benz · Aug 2, 2024 · 34216e6 · 34216e6
1 parent a2177ba
commit 34216e6
Show file tree

Hide file tree

Showing 6 changed files with 160 additions and 33 deletions.
diff --git a/...va/com/mercedesbenz/sechub/restdoc/EncryptionAdministrationRestControllerRestDocTest.java b/...va/com/mercedesbenz/sechub/restdoc/EncryptionAdministrationRestControllerRestDocTest.java
@@ -40,11 +40,11 @@
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubCipherAlgorithm;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubCipherPasswordSourceType;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubDomainEncryptionData;
-import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubDomainEncryptionData.PasswordSourceData;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubDomainEncryptionStatus;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionData;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionDataValidator;
 import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubEncryptionStatus;
+import com.mercedesbenz.sechub.sharedkernel.encryption.SecHubPasswordSource;
 import com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc;
 import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminFetchesEncryptionStatus;
 import com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminStartsEncryptionRotation;
@@ -152,8 +152,8 @@ public void restdoc_admin_fetches_encryption_status() throws Exception {
                         fieldWithPath(domains+SecHubDomainEncryptionStatus.PROPERTY_NAME).description("Name of the domain which will provide this encryption data elements"),
                         fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_ID).description("Unique identifier"),
                         fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_ALGORITHM).description("Algorithm used for encryption"),
-                        fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_PASSWORDSOURCE+"."+ PasswordSourceData.PROPERTY_TYPE).description("Type of password source. Can be "+List.of(SecHubCipherPasswordSourceType.values())),
-                        fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_PASSWORDSOURCE+"."+ PasswordSourceData.PROPERTY_DATA).description("Data for password source. If type is "+SecHubCipherPasswordSourceType.ENVIRONMENT_VARIABLE+" then it is the the name of the environment variable."),
+                        fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_PASSWORDSOURCE+"."+ SecHubPasswordSource.PROPERTY_TYPE).description("Type of password source. Can be "+List.of(SecHubCipherPasswordSourceType.values())),
+                        fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_PASSWORDSOURCE+"."+ SecHubPasswordSource.PROPERTY_DATA).description("Data for password source. If type is "+SecHubCipherPasswordSourceType.ENVIRONMENT_VARIABLE+" then it is the the name of the environment variable."),
                         fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_USAGE).description("Map containing information about usage of this encryption"),
                         fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_USAGE+".*").description("Key value data"),
                         fieldWithPath(domainData+SecHubDomainEncryptionData.PROPERTY_CREATED).description("Creation timestamp"),

diff --git a/sechub-openapi-java/src/main/resources/openapi.yaml b/sechub-openapi-java/src/main/resources/openapi.yaml
@@ -30,6 +30,8 @@ tags:
     description: Operations relevant to testing
   - name: Configuration
     description: Operations relevant to configuration parts
+  - name: Encryption
+    description: Operations relevant to encryption
   - name: Other
     description: All other use cases
 
@@ -1641,7 +1643,97 @@ components:
       properties:
         cleanupTime:
           $ref: '#/components/schemas/CleanupTime'
-
+
+    ################
+    ## Encryption ##
+    ################
+    SecHubCipherPasswordSourceType:
+      title: SecHubCipherPasswordSourceType
+      type: string
+      enum:
+        - NONE
+        - ENVIRONMENT_VARIABLE
+
+    SecHubPasswordSource:
+      title: SecHubPasswordSource
+      type: object
+      properties: 
+         type:
+           type: object
+           $ref: '#/components/schemas/SecHubCipherPasswordSourceType'  
+         data:
+           type: string
+
+    SecHubCipherAlgorithm:
+      title: SecHubCipherAlgorithm
+      type: string
+      enum:
+        - NONE
+        - AES_GCM_SIV_128
+        - AES_GCM_SIV_256
+
+    SecHubDomainEncryptionData:
+      title: SecHubDomainEncryptionData
+      type: object
+      properties:
+        id: 
+          description: Identifer for encryption configuration inside the domain
+          type: string
+        algorithm:
+          type: object     
+          $ref: '#/components/schemas/SecHubCipherAlgorithm'     
+        passwordSource:
+          type: object
+          $ref: '#/components/schemas/SecHubPasswordSource'
+        created:
+          description: Creation timestamp
+          type: string
+          format: date-time
+        createdFrom:
+          description: User id of admin who has created the configuration
+          type: string
+        usage:
+          description: Generic information about encryption usages inside domain
+          type: object
+          additionalProperties: true
+
+    SecHubDomainEncryptionStatus:
+      title: SecHubDomainEncryptionStatus
+      type: object
+      properties:
+        name:
+          type: string
+        data:
+          type: array
+          items: 
+            $ref: '#/components/schemas/SecHubDomainEncryptionData'
+
+    SecHubEncryptionStatus:
+      title: SecHubEncryptionStatus
+      type: object
+      properties:
+        type: 
+          type: string
+        domains:
+          type: array
+          items:
+            $ref: '#/components/schemas/SecHubDomainEncryptionStatus'
+
+    SecHubEncryptionData:
+      title: SecHubEncryptionData
+      type: object
+      properties:
+        algorithm:
+          description: Algorithm to use for encryption rotation
+          type: object     
+          $ref: '#/components/schemas/SecHubCipherAlgorithm'   
+        passwordSourceType:
+          description: Password source type to use for algorithm
+          type: object
+          $ref: '#/components/schemas/SecHubCipherPasswordSourceType'    
+        passwordSourceData:
+          description: Password source data for used type. E.g. for ENVIRONMENT_VARIABLE the name of the variable
+          type: string
     ###########
     ## Other ##
     ###########
@@ -3250,6 +3342,40 @@ paths:
       tags:
         - Configuration
 
+  ################
+  ## Encryption ##
+  ################
+  /api/admin/encryption/status:
+    get:
+      summary: Admin fetches encryption status 
+      description: "An administrator fetches encryption status from all domains where encryption is used."
+      operationId: adminFetchesEncryptionStatus
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecHubEncryptionStatus'
+      tags:
+        - Encryption
+
+  /api/admin/encryption/rotate:
+    post:
+      summary: Admin starts encryption rotation
+      description: "An administrator starts encryption rotation."
+      operationId: adminStartsEncryptionRotation
+      requestBody:
+        content:
+          application/json;charset=UTF-8:
+            schema:
+              $ref: '#/components/schemas/SecHubEncryptionData'
+      responses:
+        "200":
+          description: "Ok"   
+      x-accepts: application/json
+      tags:
+        - Encryption
+
   ###########
   ## Other ##
   ###########

diff --git a/...main/java/com/mercedesbenz/sechub/sharedkernel/encryption/SecHubDomainEncryptionData.java b/...main/java/com/mercedesbenz/sechub/sharedkernel/encryption/SecHubDomainEncryptionData.java
@@ -18,38 +18,14 @@ public class SecHubDomainEncryptionData {
 
     private SecHubCipherAlgorithm algorithm;
 
-    private PasswordSourceData passwordSource = new PasswordSourceData();
+    private SecHubPasswordSource passwordSource = new SecHubPasswordSource();
 
     private Map<String, Long> usage = new TreeMap<>();
 
     private String createdFrom;
 
     private LocalDateTime created;
 
-    public class PasswordSourceData {
-        public static final String PROPERTY_TYPE = "type";
-        public static final String PROPERTY_DATA = "data";
-
-        private SecHubCipherPasswordSourceType type;
-        private String data;
-
-        public void setData(String data) {
-            this.data = data;
-        }
-
-        public void setType(SecHubCipherPasswordSourceType type) {
-            this.type = type;
-        }
-
-        public String getData() {
-            return data;
-        }
-
-        public SecHubCipherPasswordSourceType getType() {
-            return type;
-        }
-    }
-
     public String getId() {
         return id;
     }
@@ -66,11 +42,11 @@ public void setAlgorithm(SecHubCipherAlgorithm algorithm) {
         this.algorithm = algorithm;
     }
 
-    public PasswordSourceData getPasswordSource() {
+    public SecHubPasswordSource getPasswordSource() {
         return passwordSource;
     }
 
-    public void setPasswordSource(PasswordSourceData passwordSource) {
+    public void setPasswordSource(SecHubPasswordSource passwordSource) {
         this.passwordSource = passwordSource;
     }
 

diff --git a/...l/src/main/java/com/mercedesbenz/sechub/sharedkernel/encryption/SecHubPasswordSource.java b/...l/src/main/java/com/mercedesbenz/sechub/sharedkernel/encryption/SecHubPasswordSource.java
@@ -0,0 +1,25 @@
+package com.mercedesbenz.sechub.sharedkernel.encryption;
+
+public class SecHubPasswordSource {
+    public static final String PROPERTY_TYPE = "type";
+    public static final String PROPERTY_DATA = "data";
+
+    private SecHubCipherPasswordSourceType type;
+    private String data;
+
+    public void setData(String data) {
+        this.data = data;
+    }
+
+    public void setType(SecHubCipherPasswordSourceType type) {
+        this.type = type;
+    }
+
+    public String getData() {
+        return data;
+    }
+
+    public SecHubCipherPasswordSourceType getType() {
+        return type;
+    }
+}
diff --git a/...edesbenz/sechub/sharedkernel/usecases/encryption/UseCaseAdminFetchesEncryptionStatus.java b/...edesbenz/sechub/sharedkernel/usecases/encryption/UseCaseAdminFetchesEncryptionStatus.java
@@ -17,7 +17,7 @@
 @UseCaseDefinition(
 		id=UseCaseIdentifier.UC_ADMIN_FETCHES_ENCRYPTION_STATUS,
 		group=UseCaseGroup.ENCRYPTION,
-		apiName="adminFetchesEncryptionRotation",
+		apiName="adminFetchesEncryptionStatus",
 		title="Admin fetches encryption status",
 		description="An administrator fetches encryption status from all domains where encryption is used.")
 public @interface UseCaseAdminFetchesEncryptionStatus{

diff --git a/...desbenz/sechub/sharedkernel/usecases/encryption/UseCaseAdminStartsEncryptionRotation.java b/...desbenz/sechub/sharedkernel/usecases/encryption/UseCaseAdminStartsEncryptionRotation.java
@@ -19,7 +19,7 @@
 		group=UseCaseGroup.ENCRYPTION,
 		apiName="adminStartsEncryptionRotation",
 		title="Admin starts encryption rotation",
-		description="An administrator starts encryption rotation. A new cipher pool entry will be created.")
+		description="An administrator starts encryption rotation.")
 public @interface UseCaseAdminStartsEncryptionRotation{
 
 	Step value();