refactor: making enablement of artifact version delete dynamic and ad…

…ding 405 response
mimaison · Mar 6, 2023 · 48f6c44 · 48f6c44
1 parent 1d6b9b8
commit 48f6c44
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 90 deletions.
diff --git a/app/src/main/java/io/apicurio/registry/rest/RestConfig.java b/app/src/main/java/io/apicurio/registry/rest/RestConfig.java
@@ -1,10 +1,12 @@
 package io.apicurio.registry.rest;
 
+import io.apicurio.common.apps.config.Dynamic;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 
 import io.apicurio.common.apps.config.Info;
 
 import javax.inject.Singleton;
+import java.util.function.Supplier;
 
 @Singleton
 public class RestConfig {
@@ -17,16 +19,17 @@ public class RestConfig {
     @Info(category = "rest", description = "Skip SSL validation when downloading artifacts from URL", availableSince = "2.2.6-SNAPSHOT")
     boolean downloadSkipSSLValidation;
 
-    @ConfigProperty(name = "registry.rest.artifact.deletion.enabled", defaultValue = "true")
+    @Dynamic(label = "Delete artifact version", description = "When selected, users are permitted to delete artifact versions.")
+    @ConfigProperty(name = "registry.rest.artifact.deletion.enabled", defaultValue = "false")
     @Info(category = "rest", description = "Enables artifact version deletion", availableSince = "2.4.2-SNAPSHOT")
-    boolean artifactVersionDeletionEnabled;
+    Supplier<Boolean> artifactVersionDeletionEnabled;
 
     public int getDownloadMaxSize() { return this.downloadMaxSize; }
 
     public boolean getDownloadSkipSSLValidation() { return this.downloadSkipSSLValidation; }
 
     public boolean isArtifactVersionDeletionEnabled() {
-        return artifactVersionDeletionEnabled;
+        return artifactVersionDeletionEnabled.get();
     }
 
 }
diff --git a/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java b/app/src/main/java/io/apicurio/registry/rest/v2/GroupsResourceImpl.java
@@ -88,7 +88,7 @@
 import javax.interceptor.Interceptors;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.BadRequestException;
-import javax.ws.rs.NotFoundException;
+import javax.ws.rs.NotAllowedException;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
@@ -576,9 +576,10 @@ public Response getArtifactVersion(String groupId, String artifactId, String ver
      * @see io.apicurio.registry.rest.v2.GroupsResource#deleteArtifactVersion(java.lang.String, java.lang.String, java.lang.String)
      */
     @Override
+    @Authorized(style=AuthorizedStyle.GroupAndArtifact, level=AuthorizedLevel.Write)
     public void deleteArtifactVersion(String groupId, String artifactId, String version) {
         if (!restConfig.isArtifactVersionDeletionEnabled()) {
-            throw new NotFoundException("Artifact version deletion is not enabled.");
+            throw new NotAllowedException("Artifact version deletion operation is not enabled.");
         }
 
         requireParameter("groupId", groupId);

diff --git a/.../main/resources-unfiltered/META-INF/resources/api-specifications/registry/v2/openapi.json b/.../main/resources-unfiltered/META-INF/resources/api-specifications/registry/v2/openapi.json
@@ -1003,13 +1003,16 @@
                     "404": {
                         "$ref": "#/components/responses/NotFound"
                     },
+                    "405": {
+                        "$ref": "#/components/responses/MethodNotAllowed"
+                    },
                     "500": {
                         "$ref": "#/components/responses/ServerError"
                     }
                 },
                 "operationId": "deleteArtifactVersion",
                 "summary": "Delete artifact version",
-                "description": "Deletes a single version of the artifact.  Both the `artifactId` and the unique `version`\nare needed.  If this is the only version of the artifact, this operation is the same as \ndeleting the entire artifact.\n\nThis operation can fail for the following reasons:\n\n* No artifact with this `artifactId` exists (HTTP error `404`)\n* No version with this `version` exists (HTTP error `404`)\n* A server error occurred (HTTP error `500`)\n"
+                "description": "Deletes a single version of the artifact. Parameters `groupId`, `artifactId` and the unique `version`\nare needed. If this is the only version of the artifact, this operation is the same as \ndeleting the entire artifact.\n\nThis feature is disabled by default and it's discouraged for normal usage. To enable it, set the `registry.rest.artifact.deletion.enabled` property to true. This operation can fail for the following reasons:\n\n* No artifact with this `artifactId` exists (HTTP error `404`)\n* No version with this `version` exists (HTTP error `404`)\n * Feature is disabled (HTTP error `405`)\n * A server error occurred (HTTP error `500`)\n"
             },
             "parameters": [
                 {
@@ -4256,6 +4259,24 @@
                 },
                 "description": "Common response for all operations that can return a `404` error."
             },
+            "MethodNotAllowed": {
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "#/components/schemas/Error"
+                        },
+                        "examples": {
+                            "MethodNotAllowedExample": {
+                                "value": {
+                                    "error_code": 405,
+                                    "message": "Method is currently not supported or disabled."
+                                }
+                            }
+                        }
+                    }
+                },
+                "description": "Common response for all operations that can fail due to method not allowed or disabled."
+            },
             "ServerError": {
                 "content": {
                     "application/json": {

diff --git a/app/src/main/resources/application.properties b/app/src/main/resources/application.properties
@@ -182,4 +182,4 @@ registry.rest.artifact.download.maxSize=1000000
 registry.rest.artifact.download.skipSSLValidation=false
 
 # Artifact version deletion
-registry.rest.artifact.deletion.enabled=true
+registry.rest.artifact.deletion.enabled=false
diff --git a/app/src/test/java/io/apicurio/registry/noprofile/rest/v1/ArtifactsResourceTest.java b/app/src/test/java/io/apicurio/registry/noprofile/rest/v1/ArtifactsResourceTest.java
@@ -636,88 +636,6 @@ public void testGetArtifactMetaDataByContent() throws Exception {
                 .statusCode(400);
 
     }
-
-    @Test
-    public void testDeleteArtifactVersion() throws Exception {
-        String artifactContent = resourceToString("openapi-empty.json");
-
-        // Create an artifact
-        createArtifact("testDeleteArtifactVersion/EmptyAPI", ArtifactType.OPENAPI, artifactContent);
-
-        // Update the artifact 5 times
-        List<Integer> versions = new ArrayList<>();
-        for (int idx = 0; idx < 5; idx++) {
-            Integer version =
-                    given()
-                        .when()
-                            .contentType(CT_JSON)
-                            .header("X-Registry-ArtifactType", ArtifactType.OPENAPI)
-                            .pathParam("artifactId", "testDeleteArtifactVersion/EmptyAPI")
-                            .body(artifactContent.replace("Empty API", "Empty API (Update " + idx + ")"))
-                            .put("/registry/v1/artifacts/{artifactId}")
-                        .then()
-                            .statusCode(200)
-                            .body("id", equalTo("testDeleteArtifactVersion/EmptyAPI"))
-                            .body("type", equalTo(ArtifactType.OPENAPI))
-                            .extract().body().path("version");
-
-            versions.add(version);
-        }
-
-        // Delete odd artifact versions
-        for (int idx = 0; idx < 5; idx++) {
-            if (idx % 2 == 0) {
-                continue;
-            }
-
-            Integer version = versions.get(idx);
-            given()
-                .when()
-                    .pathParam("artifactId", "testDeleteArtifactVersion/EmptyAPI")
-                    .pathParam("version", version)
-                    .delete("/registry/v1/artifacts/{artifactId}/versions/{version}")
-                .then()
-                    .statusCode(204);
-        }
-
-        // Check that the correct versions were deleted
-        for (int idx = 0; idx < 5; idx++) {
-            Integer version = versions.get(idx);
-            int expectedCode;
-            // Even indexes are still there, odd were deleted
-            if (idx % 2 == 0) {
-                expectedCode = 200;
-            } else {
-                expectedCode = 404;
-            }
-            given()
-                .when()
-                    .pathParam("artifactId", "testDeleteArtifactVersion/EmptyAPI")
-                    .pathParam("version", version)
-                    .get("/registry/v1/artifacts/{artifactId}/versions/{version}")
-                .then()
-                    .statusCode(expectedCode);
-        }
-
-        // Now try to delete a version that doesn't exist.
-        given()
-            .when()
-                .pathParam("artifactId", "testDeleteArtifactVersion/EmptyAPI")
-                .pathParam("version", 12345)
-                .get("/registry/v1/artifacts/{artifactId}/versions/{version}")
-            .then()
-                .statusCode(404);
-
-        // Try to delete a version of an artifact where the artifact doesn't exist
-        given()
-            .when()
-                .pathParam("artifactId", "testGetArtifactVersion/MissingAPI")
-                .pathParam("version", 1)
-                .get("/registry/v1/artifacts/{artifactId}/versions/{version}")
-            .then()
-                .statusCode(404);
-    }
-
     @Test
     public void testArtifactRules() throws Exception {
         String artifactContent = resourceToString("openapi-empty.json");

diff --git a/app/src/test/java/io/apicurio/registry/noprofile/rest/v2/GroupsResourceTest.java b/app/src/test/java/io/apicurio/registry/noprofile/rest/v2/GroupsResourceTest.java
@@ -735,6 +735,19 @@ public void testDeleteArtifactVersion() throws Exception {
                 .body("openapi", equalTo("3.0.2"))
                 .body("info.title", equalTo("Empty API"));
 
+        // Try to delete artifact version 1, but feature is disabled and this should fail
+        given()
+                .when()
+                .pathParam("groupId", GROUP)
+                .pathParam("artifactId", "testDeleteArtifactVersion/EmptyAPI")
+                .pathParam("version", "1")
+                .delete("/registry/v2/groups/{groupId}/artifacts/{artifactId}/versions/{version}")
+                .then()
+                .statusCode(405);
+
+        // Enable artifact version delete feature
+        clientV2.setConfigProperty("registry.rest.artifact.deletion.enabled", String.valueOf(true));
+
         // Delete the artifact version 1
         given()
                 .when()

diff --git a/common/src/main/resources/META-INF/openapi.json b/common/src/main/resources/META-INF/openapi.json
@@ -1003,13 +1003,16 @@
                     "404": {
                         "$ref": "#/components/responses/NotFound"
                     },
+                    "405": {
+                        "$ref": "#/components/responses/MethodNotAllowed"
+                    },
                     "500": {
                         "$ref": "#/components/responses/ServerError"
                     }
                 },
                 "operationId": "deleteArtifactVersion",
                 "summary": "Delete artifact version",
-                "description": "Deletes a single version of the artifact.  Both the `artifactId` and the unique `version`\nare needed.  If this is the only version of the artifact, this operation is the same as \ndeleting the entire artifact.\n\nThis operation can fail for the following reasons:\n\n* No artifact with this `artifactId` exists (HTTP error `404`)\n* No version with this `version` exists (HTTP error `404`)\n* A server error occurred (HTTP error `500`)\n"
+                "description": "Deletes a single version of the artifact. Parameters `groupId`, `artifactId` and the unique `version`\nare needed. If this is the only version of the artifact, this operation is the same as \ndeleting the entire artifact.\n\nThis feature is disabled by default and it's discouraged for normal usage. To enable it, set the `registry.rest.artifact.deletion.enabled` property to true. This operation can fail for the following reasons:\n\n* No artifact with this `artifactId` exists (HTTP error `404`)\n* No version with this `version` exists (HTTP error `404`)\n * Feature is disabled (HTTP error `405`)\n * A server error occurred (HTTP error `500`)\n"
             },
             "parameters": [
                 {
@@ -4256,6 +4259,24 @@
                 },
                 "description": "Common response for all operations that can return a `404` error."
             },
+            "MethodNotAllowed": {
+                "content": {
+                    "application/json": {
+                        "schema": {
+                            "$ref": "#/components/schemas/Error"
+                        },
+                        "examples": {
+                            "MethodNotAllowedExample": {
+                                "value": {
+                                    "error_code": 405,
+                                    "message": "Method is currently not supported or disabled."
+                                }
+                            }
+                        }
+                    }
+                },
+                "description": "Common response for all operations that can fail due to method not allowed or disabled."
+            },
             "ServerError": {
                 "content": {
                     "application/json": {