Skip to content

misc: Openapi spec update #6756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

misc: Openapi spec update #6756

wants to merge 2 commits into from

Conversation

@pawan-59
Copy link
Contributor

@pawan-59 pawan-59 commented Jul 23, 2025
edited by bito-code-review bot
Loading

Description

Fixes #

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR requires documentation updates?
  • I've updated documentation as required by this PR.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have tested it for all user roles.
  • I have added all the required unit/api test cases.

Does this PR introduce a user-facing change?

Summary by Bito

This pull request extensively updates the OpenAPI specification by refining endpoint definitions, security configurations, and descriptive texts. The changes improve readability and consistency across various API paths, including new additions for notifications and bulk operations, while standardizing query parameters and enhancing schema definitions.

@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bito-code-review
Copy link

Changelist by Bito

This pull request implements the following key changes.

Key Change Files Impacted
Documentation - OpenAPI Specification Update

openapi.yaml - The OpenAPI spec was updated by revising enum arrays (such as for email_id, last_login, and name) and redefining the tag groups for API endpoints. The changes include removing and re-adding elements to ensure order consistency and introducing a new 'Notifications' tag in the 'Common Devtron automation APIs' group. Combined with previous updates on property descriptions, required fields, and additional schema definitions, these modifications enhance API clarity and usability.

bito-code-review[bot]
bito-code-review bot suggested changes Jul 23, 2025
View reviewed changes
Copy link

@bito-code-review bito-code-review bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Agent Run #e0ba3c

Actionable Suggestions - 4
Review Details
  • Files reviewed - 1 · Commit Range: 3014efb..d11d54c
    • specs/swagger/openapi.yaml
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

AI Code Review powered by Bito Logo

specs/swagger/openapi.yaml
Comment on lines +3898 to +3900
security:
- bearerAuth: []
- apiKeyAuth: []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Login endpoint requires authentication

The login endpoint /api/v1/session has security requirements (bearerAuth and apiKeyAuth) which creates a logical contradiction. A login endpoint should not require authentication to access, as it's the endpoint used to obtain authentication tokens in the first place. Remove the security section from this endpoint.

Code suggestion
Check the AI-generated fix before applying
Suggested change
security:
- bearerAuth: []
- apiKeyAuth: []

Code Review Run #e0ba3c

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

  • Yes, avoid them

specs/swagger/openapi.yaml
Comment on lines +3899 to +3900
- bearerAuth: []
- apiKeyAuth: []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Authentication endpoints require authentication

Authentication endpoints like /login should not require authentication (bearerAuth/apiKeyAuth) as they are meant to initiate the authentication flow. Users cannot authenticate to access the login endpoint. Remove security requirements from authentication endpoints.

Code suggestion
Check the AI-generated fix before applying
Suggested change
- bearerAuth: []
- apiKeyAuth: []

Code Review Run #e0ba3c

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

  • Yes, avoid them

specs/swagger/openapi.yaml
summary: used to fetch providers(recipients)
description: recipients fetch by string search, it will return slacks providers
and email ids
operationId: deleteGroupPolicy
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incorrect operationId for GET operation

Incorrect operationId: deleteGroupPolicy doesn't match the GET operation for fetching notification recipients. This will cause confusion in generated client code and API tooling. Change to a descriptive name like fetchNotificationRecipients.

Code suggestion
Check the AI-generated fix before applying
Suggested change
operationId: deleteGroupPolicy
operationId: fetchNotificationRecipients

Code Review Run #e0ba3c

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

  • Yes, avoid them

specs/swagger/openapi.yaml
properties:
apiVersion:
type: string
description: Api version from url
example:
- v1beta1
- v1beta1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incorrect example format for string properties

The example values for apiVersion and kind properties are incorrectly formatted as YAML arrays instead of scalar strings. Since these properties are defined as type: string, their examples should be scalar values like v1beta1 and application, not arrays like - v1beta1 and - application. This will break OpenAPI validation and code generation tools.

Code suggestion
Check the AI-generated fix before applying
 -          - v1beta1
 +          v1beta1
 @@ -4451,1 +4451,1 @@
 -          - application
 +          application

Code Review Run #e0ba3c

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

  • Yes, avoid them

@pawan-59 pawan-59 closed this Jul 23, 2025
@pawan-59 pawan-59 deleted the openapi-spec-update branch July 23, 2025 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prakarsh-dt prakarsh-dt Awaiting requested review from prakarsh-dt prakarsh-dt is a code owner

@pawan-mehta-dt pawan-mehta-dt Awaiting requested review from pawan-mehta-dt pawan-mehta-dt is a code owner

1 more reviewer

@bito-code-review bito-code-review[bot] bito-code-review[bot] requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

PR:Ready-to-Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pawan-59