Merge pull request #6847 from devtron-labs/main-specs-cut-v2

misc: api Specs added for lock config

Author: prkhrkat

specs/application/get-app.yaml

@@ -201,6 +201,58 @@ paths:
               schema:
                 $ref: '#/components/schemas/Error'
 
+  /orchestrator/app/other-env/min:
+    get:
+      description: Fetch minimal details of other environments for a specific application. Returns a list of environments where the application is deployed with minimal information including environment name, cluster details, and deployment status.
+      operationId: FetchMinDetailOtherEnvironment
+      parameters:
+        - name: app-id
+          in: query
+          required: true
+          description: The ID of the application to fetch environment details for
+          schema:
+            type: integer
+            example: 26
+      responses:
+        '200':
+          description: Successfully retrieved minimal environment details
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  code:
+                    type: integer
+                    description: HTTP status code
+                    example: 200
+                  status:
+                    type: string
+                    description: Response status
+                    example: "OK"
+                  result:
+                    type: array
+                    description: List of environments with minimal details
+                    items:
+                      $ref: '#/components/schemas/EnvironmentMinDetail'
+        '400':
+          description: Bad Request. Invalid app-id parameter.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+        '403':
+          description: Forbidden. User does not have permission to access this application.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+        '500':
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+
 components:
   schemas:
     App:
@@ -827,4 +879,48 @@ components:
                 type: string
                 description: Name of environment
               Values:
-                $ref: '#/components/schemas/EnvironmentOverride'
+                $ref: '#/components/schemas/EnvironmentOverride'
+
+    EnvironmentMinDetail:
+      type: object
+      description: Minimal environment details for an application deployment
+      properties:
+        environmentId:
+          type: integer
+          description: Unique identifier for the environment
+          example: 1
+        environmentName:
+          type: string
+          description: Name of the environment
+          example: "production"
+        clusterId:
+          type: integer
+          description: ID of the cluster where environment is deployed
+          example: 1
+        prod:
+          type: boolean
+          description: Whether this is a production environment
+          example: true
+        description:
+          type: string
+          description: Description of the environment
+          maxLength: 40
+          example: "Production environment"
+        isVirtualEnvironment:
+          type: boolean
+          description: Whether this is a virtual environment
+          example: false
+        deploymentAppDeleteRequest:
+          type: boolean
+          description: Whether there is a pending delete request for the deployment
+          example: false
+        appMetrics:
+          type: boolean
+          nullable: true
+          description: Whether application metrics are enabled
+          example: true
+        infraMetrics:
+          type: boolean
+          nullable: true
+          description: Whether infrastructure metrics are enabled
+          example: true

specs/ent-only/lock-configuration.yaml

@@ -0,0 +1,209 @@
+openapi: "3.0.0"
+info:
+  version: 1.0.0
+  title: Lock Configuration API
+  description: API for managing deployment template lock configurations that restrict which paths can be modified in deployment templates
+paths:
+  /orchestrator/config/lock:
+    get:
+      description: Get lock configuration for an application and environment. Returns paths that are locked or allowed for modification in deployment templates.
+      parameters:
+        - name: appId
+          in: query
+          required: false
+          schema:
+            type: integer
+          description: Application ID. If not provided, returns global lock configuration.
+        - name: envId
+          in: query
+          required: false
+          schema:
+            type: integer
+          description: Environment ID. If not provided with appId, returns app-level lock configuration. Use -1 for base deployment template.
+      responses:
+        '200':
+          description: Successfully retrieved lock configuration
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/LockConfigResponse'
+              examples:
+                withLockConfig:
+                  summary: Lock configuration exists
+                  value:
+                    id: 1
+                    allowed: true
+                    config:
+                      - "spec.replicas"
+                      - "spec.template.spec.containers[0].resources"
+                emptyLockConfig:
+                  summary: No lock configuration
+                  value:
+                    config: []
+        '400':
+          description: Bad Request. Invalid appId or envId parameter.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '401':
+          description: Unauthorized. User not authenticated.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden. User does not have required permissions (must be admin/manager or have config approver access).
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '500':
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+    post:
+      description: Create or update lock configuration. Requires super admin permissions.
+      requestBody:
+        description: Lock configuration request
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/LockConfigRequest'
+            examples:
+              allowSpecificPaths:
+                summary: Allow only specific paths to be modified
+                value:
+                  allowed: true
+                  config:
+                    - "spec.replicas"
+                    - "spec.template.spec.containers[0].image"
+              denySpecificPaths:
+                summary: Deny specific paths from being modified
+                value:
+                  allowed: false
+                  config:
+                    - "spec.template.spec.securityContext"
+                    - "spec.template.spec.serviceAccountName"
+      responses:
+        '200':
+          description: Successfully created/updated lock configuration
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  id:
+                    type: integer
+                    description: ID of the created/updated lock configuration
+        '400':
+          description: Bad Request. Validation error or invalid request body.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '401':
+          description: Unauthorized. User not authenticated.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden. User does not have super admin permissions.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '500':
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+    delete:
+      description: Delete active lock configuration. Requires super admin permissions.
+      responses:
+        '200':
+          description: Successfully deleted lock configuration
+        '401':
+          description: Unauthorized. User not authenticated.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '403':
+          description: Forbidden. User does not have super admin permissions.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '500':
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+components:
+  schemas:
+    LockConfigRequest:
+      type: object
+      required:
+        - allowed
+        - config
+      properties:
+        allowed:
+          type: boolean
+          description: If true, only paths in 'config' can be modified (allowlist). If false, paths in 'config' cannot be modified (denylist).
+        config:
+          type: array
+          items:
+            type: string
+          description: List of JSON paths in the deployment template. Supports array indexing (e.g., "spec.containers[0].image")
+          example:
+            - "spec.replicas"
+            - "spec.template.spec.containers[0].resources.limits.cpu"
+            - "spec.template.spec.containers[0].resources.limits.memory"
+    LockConfigResponse:
+      type: object
+      properties:
+        id:
+          type: integer
+          description: Lock configuration ID
+        allowed:
+          type: boolean
+          description: If true, only paths in 'config' can be modified (allowlist). If false, paths in 'config' cannot be modified (denylist).
+        config:
+          type: array
+          items:
+            type: string
+          description: List of JSON paths that are locked or allowed
+          example:
+            - "spec.replicas"
+            - "spec.template.spec.containers[0].resources"
+    LockValidateErrorResponse:
+      type: object
+      description: Response when lock configuration validation fails
+      properties:
+        isLockConfigError:
+          type: boolean
+          description: Indicates if the error is due to lock configuration violation
+        changedPaths:
+          type: array
+          items:
+            type: string
+          description: List of paths that were changed but are locked
+    Error:
+      required:
+        - code
+        - message
+      properties:
+        code:
+          type: integer
+          description: Error code
+        message:
+          type: string
+          description: Error message
+