NO-JIRA | fix: Update error description in OpenAPI specification and regenerate Swagger spec

[jkilzi]

• Changed the error description for the 500 status code from "NotFound" to "Internal Server Error" in the OpenAPI YAML file.
• Regenerated the Swagger specification to reflect the updated error handling.

Signed-off-by: Jonathan Kilzi [email protected]

Summary by CodeRabbit

• Documentation
  • Standardized API 500 error descriptions to "Internal server error" across affected endpoints.
  • Updated the embedded OpenAPI/Swagger specification so published API docs reflect the standardized descriptions.
  • This only changes descriptive text; no response schemas, APIs, or runtime behavior were modified.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR standardizes 500-response description strings in the API v1alpha1 OpenAPI spec to "Internal server error" and replaces the embedded swagger payload in the generated spec.gen.go. No schemas, public APIs, or runtime control flow were modified.

Changes

Cohort / File(s)	Summary
API OpenAPI document api/v1alpha1/openapi.yaml	Updated multiple 500 response description strings to "Internal server error" (one occurrence changed from "NotFound" to "Internal server error"). No schema or response shape changes.
Generated embedded spec api/v1alpha1/spec.gen.go	Replaced the embedded base64‑gzip Swagger/OpenAPI payload with a regenerated variant; decoding/decompression logic unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I nudged the spec with nimble paws,
Five-hundred lines with gentler laws,
The swagger rewound and tucked in tight,
Docs hop along — all tidy, right?

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: updating error descriptions in the OpenAPI specification and regenerating the Swagger spec.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a0cc181 and 99e42a0.

📒 Files selected for processing (2)

• api/v1alpha1/openapi.yaml
• api/v1alpha1/spec.gen.go

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

⚙️ CodeRabbit configuration file

**/*.go: Review the code as if you are a friendly but pedantic very senior developer in our team. We generally expect the following:

• Clarity and Simplicity: Write idiomatic Go. Complexity should be justified.
• Concurrency: Ensure goroutine safety. Use channels for communication and synchronization. Avoid race conditions.
• Error Handling: No silent failures. Errors must be checked, wrapped with context, and propagated.
• Resource Management: Prevent resource leaks. Defer close() or cleanup() calls immediately after allocation. Manage goroutine lifecycles.
• API Design: APIs (REST, gRPC) must be well-defined, versioned, and backward-compatible. Input validation is mandatory.
• Observability: Instrument code with structured logging, metrics (e.g., Prometheus), and tracing. Logs should provide context, not just messages.
• Security: Be vigilant against vulnerabilities (e.g., injection, insecure direct object references). Sanitize inputs. Do not hardcode secrets.
• Performance: Write efficient code, but avoid premature optimization. Be mindful of algorithmic complexity and memory allocations.
• coverage: Make sure that the code has unit tests.

Files:

• api/v1alpha1/spec.gen.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: unit-test
• GitHub Check: lint
• GitHub Check: test

🔇 Additional comments (2)

api/v1alpha1/openapi.yaml (1)

30-31: All 500 error descriptions are now consistent—good fix.

The standardization of all 500 response descriptions to "Internal server error" addresses the inconsistency issue and aligns with the PR objective of correcting the erroneous "NotFound" description.

Also applies to: 66-67, 90-91, 141-142, 197-198, 247-248, 304-305, 374-375, 395-396, 431-432, 482-483, 538-539, 588-589, 645-646, 688-689, 739-740, 795-796, 814-815

api/v1alpha1/spec.gen.go (1)

19-103: Generated spec correctly reflects the updated OpenAPI definition.

The embedded swagger payload has been properly regenerated to include the standardized 500 error descriptions from openapi.yaml. The file header correctly indicates this is auto-generated code (DO NOT EDIT), and no manual modifications should be made here.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

api/v1alpha1/spec.gen.go (1)

138-162: Add unit tests for the embedded OpenAPI specification.

GetSwagger() is called during server startup in three places (internal/api_server/{server,imageserver,agentserver}/server.go) with proper error handling. However, there are no unit tests validating the spec. Add tests to:

1. Verify the embedded spec loads and is valid
2. Ensure the spec reflects the source openapi.yaml
3. Catch spec-related breaking changes in CI

Per the coding guidelines, all code should have unit test coverage.

🤖 Fix all issues with AI agents

In @api/v1alpha1/openapi.yaml:
- Line 248: The OpenAPI spec has inconsistent 500 response descriptions; update
every 500 response that currently uses "description: Internal error" to
"description: Internal Server Error" (only for responses keyed 500).
Specifically change this for the endpoints GET /api/v1/sources, POST
/api/v1/sources, DELETE /api/v1/sources, GET /api/v1/sources/{id}, GET
/api/v1/assessments, POST /api/v1/assessments, GET /api/v1/assessments/{id},
DELETE /api/v1/assessments/{id}, POST /api/v1/assessments/rvtools, GET
/api/v1/assessments/jobs/{id}, DELETE /api/v1/assessments/jobs/{id}, and GET
/api/v1/info; ensure you only modify the 500 response blocks and keep all other
response text and structure unchanged.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b32fdd2 and bc5474d.

📒 Files selected for processing (2)

• api/v1alpha1/openapi.yaml
• api/v1alpha1/spec.gen.go

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

⚙️ CodeRabbit configuration file

**/*.go: Review the code as if you are a friendly but pedantic very senior developer in our team. We generally expect the following:

• Clarity and Simplicity: Write idiomatic Go. Complexity should be justified.
• Concurrency: Ensure goroutine safety. Use channels for communication and synchronization. Avoid race conditions.
• Error Handling: No silent failures. Errors must be checked, wrapped with context, and propagated.
• Resource Management: Prevent resource leaks. Defer close() or cleanup() calls immediately after allocation. Manage goroutine lifecycles.
• API Design: APIs (REST, gRPC) must be well-defined, versioned, and backward-compatible. Input validation is mandatory.
• Observability: Instrument code with structured logging, metrics (e.g., Prometheus), and tracing. Logs should provide context, not just messages.
• Security: Be vigilant against vulnerabilities (e.g., injection, insecure direct object references). Sanitize inputs. Do not hardcode secrets.
• Performance: Write efficient code, but avoid premature optimization. Be mindful of algorithmic complexity and memory allocations.
• coverage: Make sure that the code has unit tests.

Files:

• api/v1alpha1/spec.gen.go

🪛 Gitleaks (8.30.0)

api/v1alpha1/spec.gen.go

[high] 78-79: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: test
• GitHub Check: unit-test
• GitHub Check: lint

🔇 Additional comments (2)

api/v1alpha1/spec.gen.go (2)

21-90: LGTM - Correctly regenerated embedded specification.

The updated base64-encoded payload reflects the changes made to openapi.yaml. The code generation process has correctly updated the embedded Swagger specification while preserving all decoding/decompression logic and error handling.

---

78-79: Static analysis false positive - not an API key.

The Gitleaks warning about a "Generic API Key" is a false positive. These lines contain base64-encoded, gzip-compressed OpenAPI specification data (public API documentation), not actual credentials or secrets. The pattern-matching heuristic incorrectly flagged the base64 string.

[tupyy]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tupyy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [tupyy]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nirarg]

/lgtm

[nirarg]

@jkilzi please rebase so we can merge it

[openshift-ci]

New changes are detected. LGTM label has been removed.