Skip to content

HYPERFLEET-978 - feat: (1/2) Include routes in API for PUT status updates #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
ma-hill wants to merge 1 commit into
base: main
Choose a base branch
from
+123 −49
Draft

HYPERFLEET-978 - feat: (1/2) Include routes in API for PUT status updates #121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cmd/hyperfleet-api/server/api_server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ func NewAPIServer(tracingEnabled bool) Server {
http.MethodGet,
http.MethodPatch,
http.MethodPost,
http.MethodPut,
}),
gorillahandlers.AllowedHeaders([]string{
"Authorization",
Expand Down
73 changes: 72 additions & 1 deletion openapi/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
openapi: 3.0.0
info:
title: HyperFleet API
version: 1.0.8
version: 1.0.9
contact:
name: HyperFleet Team
license:
Expand Down Expand Up @@ -494,6 +494,7 @@ paths:
- name: nodepool_id
in: path
required: true
description: Nodepool ID
schema:
type: string
responses:
Expand All @@ -515,6 +516,45 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatusCreateRequest'
security:
- BearerAuth: []
put:
operationId: putNodePoolStatuses
Copy link
Copy Markdown
Contributor

@tirthct tirthct May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re: openshift-hyperfleet/hyperfleet-api-spec#36 (comment)

summary: Adapter creates or updates resource nodepool status
Comment on lines +521 to +523
Copy link
Copy Markdown

@pnguyen44 pnguyen44 May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing description.

parameters:
- name: cluster_id
in: path
required: true
description: Cluster ID
schema:
type: string
- name: nodepool_id
in: path
required: true
description: Nodepool ID
schema:
type: string
responses:
'201':
description: The request has succeeded and a new resource has been created as a result.
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatus'
'400':
description: The server could not understand the request due to invalid syntax.
'404':
description: The server cannot find the requested resource.
'409':
description: The request conflicts with the current state of the server.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatusCreateRequest'
Comment on lines +521 to +555
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add BearerAuth to the new nodepool status PUT operation.

plugins/clusters/plugin.go, Lines 89-90, protects all /clusters routes with auth middleware, but this new operation is published without security. That makes the OpenAPI contract and generated docs/client surface claim the endpoint is unauthenticated when it is not.

Suggested spec fix 
     put:
       operationId: putNodePoolStatuses
       summary: Adapter creates or updates resource nodepool status
       parameters:
         - name: cluster_id
           in: path
           required: true
           description: Cluster ID
           schema:
             type: string
         - name: nodepool_id
           in: path
           required: true
           schema:
             type: string
       responses:
         '201':
           description: The request has succeeded and a new resource has been created as a result.
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/AdapterStatus'
         '400':
           description: The server could not understand the request due to invalid syntax.
         '404':
           description: The server cannot find the requested resource.
         '409':
           description: The request conflicts with the current state of the server.
       requestBody:
         required: true
         content:
           application/json:
             schema:
               $ref: '#/components/schemas/AdapterStatusCreateRequest'
+      security:
+        - BearerAuth: []
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
put:
operationId: putNodePoolStatuses
summary: Adapter creates or updates resource nodepool status
parameters:
- name: cluster_id
in: path
required: true
description: Cluster ID
schema:
type: string
- name: nodepool_id
in: path
required: true
schema:
type: string
responses:
'201':
description: The request has succeeded and a new resource has been created as a result.
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatus'
'400':
description: The server could not understand the request due to invalid syntax.
'404':
description: The server cannot find the requested resource.
'409':
description: The request conflicts with the current state of the server.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatusCreateRequest'
put:
operationId: putNodePoolStatuses
summary: Adapter creates or updates resource nodepool status
parameters:
- name: cluster_id
in: path
required: true
description: Cluster ID
schema:
type: string
- name: nodepool_id
in: path
required: true
schema:
type: string
responses:
'201':
description: The request has succeeded and a new resource has been created as a result.
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatus'
'400':
description: The server could not understand the request due to invalid syntax.
'404':
description: The server cannot find the requested resource.
'409':
description: The request conflicts with the current state of the server.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatusCreateRequest'
security:
- BearerAuth: []
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@openapi/openapi.yaml` around lines 518 - 551, The new PUT operation
(operationId putNodePoolStatuses) is missing the OpenAPI security declaration;
add a security block referencing the existing BearerAuth scheme (e.g., security:
- BearerAuth: []) to the operation so the generated docs/clients show it
requires authentication and aligns with the middleware protecting the /clusters
routes.

Comment on lines +537 to +555
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Document the 204 No Content success case for these PUT upserts.

These endpoints already return 204 for valid no-op/discarded updates; test/integration/adapter_status_test.go, Lines 495-501 and 566-572, asserts that behavior. Leaving 204 out here makes a normal successful outcome undocumented in the generated client and API docs.

Also applies to: 637-656

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@openapi/openapi.yaml` around lines 533 - 551, The OpenAPI spec omits the
documented 204 No Content success response for the PUT upsert endpoints; update
the responses block for the PUT endpoints that currently reference
AdapterStatus/AdapterStatusCreateRequest to include a '204' response entry
(description: successful no-op/discarded update, content: none) so the generated
client/docs reflect the actual behavior (e.g., where AdapterStatus and
AdapterStatusCreateRequest are used); apply the same change to the other
occurrence noted (around the second block at lines 637-656).

security:
- BearerAuth: []
get:
operationId: getNodePoolsStatuses
summary: List all adapter statuses for nodepools
Expand Down Expand Up @@ -589,6 +629,37 @@ paths:
$ref: '#/components/schemas/AdapterStatusCreateRequest'
security:
- BearerAuth: []
put:
operationId: putClusterStatuses
summary: Adapter creates or updates resource cluster status
parameters:
Comment on lines +632 to +635
Copy link
Copy Markdown

@pnguyen44 pnguyen44 May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new PUT operations only have a summary and no description. Since PUT
will eventually replace POST, it should carry the same (or better) documentation.

- name: cluster_id
in: path
required: true
description: Cluster ID
schema:
type: string
responses:
'201':
description: The request has succeeded and a new resource has been created as a result.
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatus'
'400':
description: The server could not understand the request due to invalid syntax.
'404':
description: The server cannot find the requested resource.
'409':
description: The request conflicts with the current state of the server.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AdapterStatusCreateRequest'
security:
- BearerAuth: []
get:
operationId: getClusterStatuses
summary: List all adapter statuses for cluster
Expand Down
2 changes: 2 additions & 0 deletions plugins/clusters/plugin.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ func init() {
clusterStatusHandler := handlers.NewClusterStatusHandler(adapterStatus.Service(envServices), Service(envServices))
clustersRouter.HandleFunc("/{id}/statuses", clusterStatusHandler.List).Methods(http.MethodGet)
clustersRouter.HandleFunc("/{id}/statuses", clusterStatusHandler.Create).Methods(http.MethodPost)
clustersRouter.HandleFunc("/{id}/statuses", clusterStatusHandler.Create).Methods(http.MethodPut)

// Nested resource: cluster nodepools
clusterNodePoolsHandler := handlers.NewClusterNodePoolsHandler(
Expand All @@ -83,6 +84,7 @@ func init() {
nodepoolStatusHandler := handlers.NewNodePoolStatusHandler(adapterStatus.Service(envServices), nodePools.Service(envServices))
clustersRouter.HandleFunc("/{id}/nodepools/{nodepool_id}/statuses", nodepoolStatusHandler.List).Methods(http.MethodGet)
clustersRouter.HandleFunc("/{id}/nodepools/{nodepool_id}/statuses", nodepoolStatusHandler.Create).Methods(http.MethodPost)
clustersRouter.HandleFunc("/{id}/nodepools/{nodepool_id}/statuses", nodepoolStatusHandler.Create).Methods(http.MethodPut)

clustersRouter.Use(authMiddleware.AuthenticateAccountJWT)
clustersRouter.Use(authzMiddleware.AuthorizeAPI)
Expand Down
Loading