Skip to content

feat: add selectedK8sContexts to Preference and user prefs API #673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hortison wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add selectedK8sContexts to Preference and user prefs API #673

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
179 changes: 11 additions & 168 deletions models/v1beta1/user/user.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

52 changes: 52 additions & 0 deletions schemas/constructs/v1beta1/user/api.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,53 @@ paths:
$ref: "#/components/responses/401"
"500":
$ref: "#/components/responses/500"

/api/user/prefs:
get:
tags:
- users
operationId: getUserPrefs
summary: Get user preferences
description: Returns the current user's preferences including selected K8s contexts, load test settings, and other UI preferences.
x-internal:
- meshery
responses:
Comment on lines +108 to +117
Copy link

Copilot AI Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/api/user/prefs operations don’t declare any security requirements (and the spec has no top-level security either), which makes these endpoints effectively unauthenticated in the OpenAPI contract despite defining 401 responses. Add a top-level security: [{ jwt: [] }] for this spec or add per-operation security blocks for the new prefs endpoints.

Copilot uses AI. Check for mistakes.
"200":
description: User preferences
content:
application/json:
schema:
$ref: "#/components/schemas/Preference"
"401":
$ref: "#/components/responses/401"
"500":
$ref: "#/components/responses/500"
post:
tags:
- users
operationId: updateUserPrefs
summary: Update user preferences
description: Merges the provided fields into the current user's preferences. Only the fields present in the request body are updated.
x-internal:
- meshery
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/Preference"
Comment on lines +133 to +141
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The description for this POST operation states that it "Merges the provided fields into the current user's preferences. Only the fields present in the request body are updated." This implies a partial update (PATCH) behavior.

However, the requestBody schema references #/components/schemas/Preference, which has several required fields. This forces the client to send all required fields even when they only intend to update a single field, which contradicts the documented behavior.

For a partial update endpoint, the request body schema should not have required fields. Please consider one of the following solutions:

  1. Create a new schema for the request body (e.g., PreferenceUpdatePayload) that is based on Preference but without the required properties.
  2. Inline the schema for the request body and remove the required constraint.

This will make the API more intuitive and align the schema with the endpoint's described functionality.

Comment on lines +133 to +141
Copy link

Copilot AI Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updateUserPrefs is documented as a partial merge (only provided fields are updated), but the requestBody schema $refs Preference, which has many required fields (e.g., updated_at, anonymousUsageStats, etc.). This makes partial updates invalid per the schema and forces generated clients to send server-managed fields. Define a separate update/patch schema with all-optional properties (and mark server-managed fields like updated_at as readOnly) and use that schema for the request body (or change the endpoint semantics/docs to require a full replacement).

Copilot uses AI. Check for mistakes.
responses:
"200":
description: Updated user preferences
content:
application/json:
schema:
$ref: "#/components/schemas/Preference"
"401":
$ref: "#/components/responses/401"
"500":
$ref: "#/components/responses/500"

components:
responses:
400:
Expand Down Expand Up @@ -482,6 +529,11 @@ components:
usersExtensionPreferences:
type: object
additionalProperties: true
selectedK8sContexts:
type: array
description: Persisted selection of active Kubernetes context IDs
items:
type: string
remoteProviderPreferences:
type: object
additionalProperties: true
Expand Down
Loading
Loading