Add support for preserveCredentials while exporting API

[msm1992]

Introduces a query param preserveCredentials to export an API with endpoint credentails.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new optional boolean query parameter, preserveCredentials, was introduced to the /apis/export GET endpoint in the Publisher API. The backend method signature and its logic were updated to accept and handle this parameter, allowing clients to specify whether to preserve endpoint configuration credentials during API export.

Changes

File(s)	Change Summary
.../resources/publisher-api.yaml (3 locations)	Added optional boolean query parameter preserveCredentials to the /apis/export GET endpoint.
.../impl/ApisApiServiceImpl.java	Updated exportAPI method signature and logic to accept and process the new preserveCredentials flag.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant PublisherAPI
    participant ApisApiServiceImpl
    participant ImportExportAPI

    Client->>PublisherAPI: GET /apis/export?preserveCredentials={bool}
    PublisherAPI->>ApisApiServiceImpl: exportAPI(..., preserveCredentials, ...)
    ApisApiServiceImpl->>ImportExportAPI: exportAPI(..., preserveCredentials)
    ImportExportAPI-->>ApisApiServiceImpl: API export result
    ApisApiServiceImpl-->>PublisherAPI: Response
    PublisherAPI-->>Client: Exported API (with/without credentials)

Loading

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ast-grep (0.38.1)

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

Adds a preserveCredentials flag to the API export endpoint so consumers can opt to include endpoint credentials when exporting an API.

• Introduced a new preserveCredentials query parameter in all Publisher OpenAPI specs.
• Extended the exportAPI interface and implementation to accept and default preserveCredentials.
• Passed the new flag into the importExportAPI.exportAPI call.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
components/.../rest.api.util/src/main/resources/publisher-api.yaml	Added preserveCredentials query parameter to the export path
components/.../rest.api.common/src/main/resources/publisher-api.yaml	Added preserveCredentials query parameter to the export path
components/.../rest.api.publisher.v1/src/main/resources/publisher-api.yaml	Added preserveCredentials query parameter to the export path
components/.../rest.api.publisher.v1/src/main/java/.../ApisApiServiceImpl.java	Updated exportAPI signature, defaulting logic, and delegated call to include preserveCredentials
components/.../rest.api.publisher.v1/src/gen/java/.../ApisApiService.java	Added new parameter to service interface
components/.../rest.api.publisher.v1/src/gen/java/.../ApisApi.java	Updated resource method to accept and forward preserveCredentials

Comments suppressed due to low confidence (2)

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml:4336

• [nitpick] Add a defaultValue: "false" or schema.default: false to the preserveCredentials parameter in the OpenAPI spec to document its default behavior.

- name: preserveCredentials

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java:3784

• There are no new tests covering the preserveCredentials flag. Consider adding unit or integration tests to verify both true and false cases for this parameter.

public Response exportAPI(String apiId, String name, String version, String revisionNum, String providerName, String format, Boolean preserveStatus, Boolean exportLatestRevision, String gatewayEnvironment, Boolean preserveCredentials,

[Copilot]

The defaulting of preserveCredentials only occurs when gatewayEnvironment is empty. If a user supplies gatewayEnvironment, preserveCredentials may remain null. Consider applying preserveCredentials = Boolean.TRUE.equals(preserveCredentials); outside of the if block to ensure a consistent default.

Suggested change

	if (StringUtils.isEmpty(gatewayEnvironment)) {
	//If not specified status is preserved by default
	preserveStatus = preserveStatus == null || preserveStatus;
	//If not specified preserveCredentials is set to false by default
	preserveCredentials = preserveCredentials != null && preserveCredentials;
	// Ensure preserveCredentials is consistently defaulted
	preserveCredentials = Boolean.TRUE.equals(preserveCredentials);
	if (StringUtils.isEmpty(gatewayEnvironment)) {
	//If not specified status is preserved by default
	preserveStatus = preserveStatus == null || preserveStatus;

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (2)

4336-4342: Add a default value for clarity.
It’s best practice to specify a default: false under the boolean schema so that consumers know the fallback when the parameter is omitted:

 schema:
   type: boolean
+  default: false

---

4336-4342: Include an example for better documentation.
Consider adding example: false to illustrate usage in the OpenAPI spec:

 schema:
   type: boolean
+  example: false

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1)

4336-4342: Consider adding a default value for preserveCredentials
While required: false makes the parameter optional, explicitly specifying default: false in the schema helps clients and tools understand the fallback behavior when the flag is omitted.

components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml (1)

4087-4093: Proposal: Add a default value for clarity

Consider specifying default: false under the schema block so clients know what happens when the parameter is omitted:

           schema:
             type: boolean
+            default: false

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e871d22 and 8ad1796.

⛔ Files ignored due to path filters (2)

• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/ApisApi.java is excluded by !**/gen/**
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/ApisApiService.java is excluded by !**/gen/**

📒 Files selected for processing (4)

• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java (2 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml (1 hunks)
• components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: build-product (4, group4)
• GitHub Check: run-benchmark-test
• GitHub Check: build-product (3, group3)
• GitHub Check: build-product (1, group1)
• GitHub Check: build-product (2, group2)
• GitHub Check: build-carbon

🔇 Additional comments (6)

components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml (2)

4336-4342: Ensure correct indentation to avoid YAML parsing errors.
Verify that the new parameter block aligns with the existing parameters in the list (same number of spaces before the leading - name). A misaligned indent can cause the OpenAPI spec to fail loading.

---

4336-4342:

✅ Verification successful

Verify consistency across all Publisher API specs.
Ensure that preserveCredentials is also added to the publisher-api.yaml files in the rest.api.publisher.v1 and rest.api.util modules. You can run:

---

🏁 Script executed:

#!/bin/bash
# Check presence of preserveCredentials in all Publisher API specs
rg -l 'preserveCredentials' -g 'components/apimgt/**/src/main/resources/publisher-api.yaml'

Length of output: 380

---

All Publisher API specs include preserveCredentials
The preserveCredentials query parameter is present in:

• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml

No further action required.

components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml (2)

4087-4093: Schema definition and indentation look correct

The new preserveCredentials query parameter is properly defined as an optional boolean with a clear description. The indentation aligns with the existing parameters.

---

4087-4093:

✅ Verification successful

Verify propagation across all API specs

Ensure that preserveCredentials is also added to the Publisher API YAMLs in the common and publisher.v1 modules. You can run:

---

🏁 Script executed:

#!/bin/bash
# Verify presence of preserveCredentials in all publisher-api.yaml files
rg -l "preserveCredentials" -g "components/apimgt/**/publisher-api.yaml"

Length of output: 361

---

Propagation verified across all Publisher API specs

Confirmed that preserveCredentials is present in the publisher-api.yaml files for the following modules:

• components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml
• components/apimgt/org.wso2.carbon.apimgt.rest.api.common/src/main/resources/publisher-api.yaml

No further changes required.

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java (2)

3784-3794: LGTM! Secure default handling implemented correctly.

The parameter addition and default value handling follow established patterns in the codebase. The logic correctly defaults preserveCredentials to false when not specified, which is the secure choice for credential preservation functionality.

The null-safe boolean handling preserveCredentials = preserveCredentials != null && preserveCredentials; is consistent with the existing preserveStatus parameter pattern.

---

3803-3804:

❓ Verification inconclusive

Verify downstream method signature and security controls.

The parameter passing looks correct. However, please ensure that:

1. The downstream importExportAPI.exportAPI method signature supports the preserveCredentials parameter
2. Proper authorization checks are in place to control who can preserve credentials during export
3. Exported credentials are handled securely (encrypted, access-controlled, etc.)

---

🏁 Script executed:

#!/bin/bash
# Verify the downstream method signature supports the preserveCredentials parameter
ast-grep --pattern $'exportAPI($$$, preserveCredentials, $$$)'

Length of output: 63

---

I wasn’t able to locate the exportAPI signature with the previous ast-grep invocation. Let’s search the repository for both the method definition and the importExportAPI reference:

#!/bin/bash
# 1. Find all occurrences of exportAPI (calls and definitions)
rg -n "exportAPI" .

# 2. Find where importExportAPI is declared to identify its type
rg -n "importExportAPI" .

---

I still can’t confirm the exportAPI signature. Let’s locate both the method definition and the importExportAPI declaration across the REST module:

#!/bin/bash
set -e
# 1. Find all definitions and usages of exportAPI in the publisher module
rg -n "exportAPI\s*\(" components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1

# 2. Find where importExportAPI is declared to identify its type
rg -n "importExportAPI\s*=" -n components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1

---

Verify downstream signature and security controls

Please ensure the following before merging:

• Confirm that the importExportAPI.exportAPI method signature actually includes the new preserveCredentials parameter.
• Verify proper authorization checks are in place to restrict who can preserve credentials during an API export.
• Ensure exported credentials are handled securely (e.g., encrypted at rest, access-controlled).