Skip to content

feat(core): add endpoint for creating inbound webhook connector#58

Open
foukou19 wants to merge 4 commits into
mainfrom
feat/idp-core-add-inbound-webhook-connector-endpoint
Open

feat(core): add endpoint for creating inbound webhook connector#58
foukou19 wants to merge 4 commits into
mainfrom
feat/idp-core-add-inbound-webhook-connector-endpoint

Conversation

@foukou19

@foukou19 foukou19 commented May 21, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

feat(api): add CRUD and validation for webhook configurations

What this PR Provides

This PR introduces the API endpoints for managing (CRUD) inbound webhook configurations.
It establishes the foundation for receiving data from external systems by allowing users to define how incoming payloads should be mapped to entities.

The core logic of this PR includes:

  • CRUD API for Webhooks: Implementation of the following endpoints:
    • POST /api/v1/inbound-webhooks: To create a new webhook configuration.
    • GET /api/v1/inbound-webhooks: To list all existing configurations.
    • GET /api/v1/inbound-webhooks/{identifier}: To retrieve a specific configuration.
    • PUT /api/v1/inbound-webhooks/{identifier}: To update an existing configuration.
    • DELETE /api/v1/inbound-webhooks/{identifier}: To delete a configuration.
  • JSLT Mapping Validation: Upon creation (POST) or update (PUT), the backend now validates the syntax of all JSLT expressions provided in the mappings array. This prevents saving configurations with invalid transformation logic.
  • Security Scheme Validation: The configuration now accepts and validates a security object with specific types. The supported types are:
    • HMAC_SHA256: For signature validation using a shared secret (e.g., GitHub, Sonar).
    • STATIC_TOKEN: For simple authentication using a static token in a header.

Review

The reviewer must double-check these points:

  • The reviewer has tested the feature
  • The reviewer has reviewed the implementation of the feature
  • The documentation has been updated
  • The feature implementation respects the Technical Doc / ADR previously produced

How to test

1. Initial State

  • The application is running.
  • No webhook configurations exist initially.

2. What and how to test

A. Create a Valid Webhook Configuration

  1. Send a POST request to /api/v1/inbound-webhooks with the following JSON body: 
    {
  "identifier": "sonar_webhook",
  "title": "Sonar Webhook",
  "enabled": true,
  "mappings": [
    {
      "template": "sonar_project",
      "filter": ".visibility == \"private\"",
      "entity": {
        "identifier": ".key | tostring",
        "title": ".name",
        "properties": {
          "project_name": ".name | tostring"
        }
      }
    }
  ],
  "security": {
    "type": "HMAC_SHA256",
    "config": {
      "header_name": "X-Sonar-Webhook-HMAC-SHA256",
      "secret_alias": "SONAR_WEBHOOK_SECRET"
    }
  }
}
  2. Expected Result: The request succeeds with a 201 Created status, and the response body contains the created configuration.

B. Attempt to Create a Configuration with Invalid JSLT

  1. Send a POST request to /api/v1/inbound-webhooks with a malformed JSLT expression (e.g., a missing quote): 
    {
  "identifier": "invalid_jslt_webhook",
  "title": "Invalid JSLT",
  "mappings": [
    {
      "template": "test",
      "entity": { "identifier": ".key | tostring(" }
    }
  ]
}
  2. Expected Result: The request fails with a 400 Bad Request status, and the error message indicates a JSLT syntax validation error.

C. Attempt to Create a Configuration with an Invalid Security Type

  1. Send a POST request to /api/v1/inbound-webhooks with an unsupported security type: 
    {
  "identifier": "invalid_security_webhook",
  "title": "Invalid Security",
  "mappings": [
    {
      "template": "test",
      "entity": { "identifier": ".key" }
    }
  ],
  "security": {
    "type": "INVALID_TYPE"
  }
}
  2. Expected Result: The request fails with a 400 Bad Request status, and the error message indicates that the security type is not supported.

D. Read, Update, and Delete the Configuration

  1. GET: Send a GET request to /api/v1/inbound-webhooks/sonar_webhook.
    • Expected Result: The request succeeds with a 200 OK status and returns the full configuration for sonar_webhook.
  2. PUT: Send a PUT request to /api/v1/inbound-webhooks/sonar_webhook with "enabled": false.
    • Expected Result: The request succeeds with a 200 OK status. A subsequent GET request should show "enabled": false.
  3. DELETE: Send a DELETE request to /api/v1/inbound-webhooks/sonar_webhook.
    • Expected Result: The request succeeds with a 204 No Content status.
  4. Verify Deletion: Send a GET request to /api/v1/inbound-webhooks/sonar_webhook.
    • Expected Result: The request fails with a 404 Not Found status.

Breaking changes (if any)

  • N/A

@gitguardian

gitguardian Bot commented May 21, 2026
edited
Loading

Copy link
Copy Markdown

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@foukou19 foukou19 marked this pull request as draft May 21, 2026 10:27
@CLAassistant

CLAassistant commented May 21, 2026
edited
Loading

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ brandPittCode
❌ foukou19
You have signed the CLA already but the status is still pending? Let us recheck it.

@foukou19 foukou19 changed the title feat(chore): add endpoint for creating inbound webhook connector feat(core): add endpoint for creating inbound webhook connector May 21, 2026
@CLAassistant

CLAassistant commented May 21, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@foukou19 foukou19 force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch 4 times, most recently from cb49b68 to 6e81bd7 Compare May 21, 2026 12:25
foukou19
foukou19 commented May 21, 2026
View reviewed changes
Comment thread src/main/java/com/decathlon/idp_core/domain/port/WebhookSecurityStrategy.java Outdated
* @param securityType the security type to check (e.g., "BASIC_AUTH", "HMAC_SHA256")
* @return true if this strategy handles this security type
*/
boolean supports(String securityType);

@foukou19 foukou19 May 21, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

validate security type using enum

@brandPittCode brandPittCode requested a review from Copilot May 27, 2026 15:48
Copilot AI reviewed May 27, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces inbound webhook connectors in IDP-Core: a management API to CRUD connector configurations (identifier/title, security strategy, dynamic mappings) and a generic public webhook ingestion endpoint that authenticates requests based on the stored connector security settings.

Changes:

  • Add webhook connector persistence (Flyway migrations, JPA entities/repositories, Postgres adapter) and domain models/services for CRUD + validation.
  • Add runtime webhook ingestion endpoint (POST /webhooks/{configurationId}) with strategy-based security validation (HMAC, static token, basic auth, JWT bearer, none).
  • Add JSLT-based mapping validation plus docs and test coverage for the new behavior.

Reviewed changes

Copilot reviewed 87 out of 91 changed files in this pull request and generated 17 comments.

Show a summary per file
File Description
src/test/resources/integration_test/json/webhook/v1/putWebhook_409_title_already_exists.json Test payload for update conflict (title)
src/test/resources/integration_test/json/webhook/v1/putWebhook_200.json Test payload for successful update
src/test/resources/integration_test/json/webhook/v1/postWebhook_409_identifier_already_exists.json Test payload for create conflict (identifier)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_mappings_empty.json Test payload for create validation (empty mappings)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_invalid_security_type.json Test payload for create validation (invalid security type)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_invalid_jslt.json Test payload for create validation (invalid JSLT)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_identifier_missing.json Test payload for create validation (missing identifier)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_identifier_blank.json Test payload for create validation (blank identifier)
src/test/resources/integration_test/json/webhook/v1/postWebhook_201.json Test payload for successful create
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookSecurityValidatorDispatcherTest.java Unit tests for runtime strategy dispatch
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/StaticTokenSecurityValidatorTest.java Unit tests for static token runtime validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/JwtBearerSecurityValidatorTest.java Unit tests for JWT bearer runtime validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSignatureValidatorTest.java Unit tests for HMAC digest helper
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/StaticTokenWebhookSecurityCreationValidatorTest.java Unit tests for static token config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/JwtBearerWebhookSecurityCreationValidatorTest.java Unit tests for JWT bearer config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/HmacSha256WebhookSecurityCreationValidatorTest.java Unit tests for HMAC config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/BasicAuthWebhookSecurityCreationValidatorTest.java Unit tests for basic auth config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/BasicAuthSecurityValidatorTest.java Unit tests for basic auth runtime validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/api/mapper/webhook/InboundWebhookMapperTest.java Unit tests for API ↔ domain mapping
src/test/java/com/decathlon/idp_core/infrastructure/adapters/api/handler/ApiExceptionHandlerTest.java Adds coverage for new webhook/mapping exceptions
src/test/java/com/decathlon/idp_core/infrastructure/adapters/api/controller/InboundWebhookManagementControllerTest.java Integration tests for webhook connector management API
src/test/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorValidationServiceTest.java Unit tests for connector validation logic
src/test/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorServiceTest.java Unit tests for connector CRUD orchestration
src/test/java/com/decathlon/idp_core/domain/service/webhook/security/WebhookSecurityValidationServiceTest.java Unit tests for security config validation service
src/test/java/com/decathlon/idp_core/domain/service/webhook/EntityDynamicMappingValidationServiceTest.java Unit tests for mapping ↔ template validation
src/main/resources/db/migration/V4_2__create_webhook_template_mapping_table.sql Flyway migration for connector↔template mapping table
src/main/resources/db/migration/V4_1__create_webhook_connector_table.sql Flyway migration for webhook connector table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/service/InboundWebhookHandler.java Runtime handler: resolve connector + validate security
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookSecurityValidatorDispatcher.java Runtime strategy dispatcher for security validators
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookSecurityConfigurationUtils.java Shared utilities for config lookup/secret resolution
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookJwtDecoderProvider.java Cached JWT decoder provider keyed by JWKS URI
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/StaticTokenSecurityValidator.java Static token security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/JwtBearerSecurityValidator.java JWT bearer security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSignatureValidator.java HMAC digest helper used by HMAC strategy
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSha256SecurityValidator.java HMAC SHA-256 security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/BasicAuthSecurityValidator.java Basic auth security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/StaticTokenConfig.java Polymorphic security config model (static token)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/SecurityConfig.java Polymorphic security config interface
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/JwtBearerConfig.java Polymorphic security config model (JWT bearer)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/HmacConfig.java Polymorphic security config model (HMAC)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/BasicAuthConfig.java Polymorphic security config model (basic auth)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/controller/InboundWebhookController.java Public webhook ingestion endpoint
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/repository/JpaWebhookTemplateMappingRepository.java JPA repository for mapping table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/repository/JpaWebhookConnectorRepository.java JPA repository for connector table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/PostgresWebhookConnectorAdapter.java Implements connector repository port + mapping persistence
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/model/webhook/WebhookTemplateMappingJpaEntity.java JPA entity for mapping table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/model/webhook/WebhookConnectorJpaEntity.java JPA entity for connector table (JSONB columns)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/mapper/WebhookConnectorPersistenceMapper.java MapStruct mapping: domain ↔ JPA
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/mapper/common/WebhookConnectorJsonbHelper.java JSONB serialization/deserialization helper
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/configuration/JpaAuditingConfiguration.java Enables JPA auditing for created/updated timestamps
src/main/java/com/decathlon/idp_core/infrastructure/adapters/entity_mapping/jslt/JsltEntityMappingValidator.java Infrastructure validator for JSLT expressions
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/mapper/webhook/InboundWebhookMapper.java API DTO ↔ domain mapping for inbound webhooks
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/handler/ApiExceptionHandler.java Adds exception→HTTP mappings for webhook features
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookSecurityDtoOut.java Outbound DTO for security type
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookMappingDtoOut.java Outbound DTO for mapping rule
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookEntityMappingDtoOut.java Outbound DTO for entity mapping
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookDtoOut.java Outbound DTO for connector
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookSecurityContractDtoIn.java Inbound DTO for {type, config} security contract
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookMappingDtoIn.java Inbound DTO for mapping rule
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookEntityMappingDtoIn.java Inbound DTO for entity mapping
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookCreateDtoIn.java Inbound DTO for connector create/update
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/controller/InboundWebhookManagementController.java CRUD + listing API for connectors
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/configuration/SwaggerDescription.java Adds OpenAPI description constants
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/configuration/SwaggerConfiguration.java Adds Page schema for connector listing
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/configuration/SecurityConfiguration.java Permits /webhooks/** and disables CSRF there
src/main/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorValidationService.java Domain validation: uniqueness + mapping + security
src/main/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorService.java Domain service: connector CRUD orchestration
src/main/java/com/decathlon/idp_core/domain/service/webhook/security/WebhookSecurityValidationService.java Domain service: validate security configs
src/main/java/com/decathlon/idp_core/domain/service/webhook/EntityDynamicMappingValidationService.java Domain validation: mapping keys vs template + required fields
src/main/java/com/decathlon/idp_core/domain/service/entity_template/EntityTemplateValidationService.java Adds template property/relation lookup validation helpers
src/main/java/com/decathlon/idp_core/domain/port/WebhookSecurityStrategy.java Port contract for security strategies
src/main/java/com/decathlon/idp_core/domain/port/WebhookConnectorRepositoryPort.java Port contract for connector persistence
src/main/java/com/decathlon/idp_core/domain/port/EntityDynamicMapperValidator.java Port contract for mapping DSL validation
src/main/java/com/decathlon/idp_core/domain/model/webhook/WebhookSecurity.java Domain model for security type + config
src/main/java/com/decathlon/idp_core/domain/model/webhook/WebhookConnector.java Domain aggregate for connector configuration
src/main/java/com/decathlon/idp_core/domain/model/enums/WebhookSecurityType.java Enum of supported security strategies
src/main/java/com/decathlon/idp_core/domain/model/entity_mapping/EntityDynamicMapping.java Domain model for mapping rule
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookTemplateHasNoPropertiesException.java Domain exception for invalid mapping vs template
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookSecurityConfigurationException.java Domain exception for invalid security configuration
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookConnectorTitleAlreadyExistsException.java Domain exception for title conflict
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookConnectorNotFoundException.java Domain exception for missing connector
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookConnectorAlreadyExistException.java Domain exception for identifier conflict
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookAuthenticationException.java Domain exception for runtime auth failures
src/main/java/com/decathlon/idp_core/domain/exception/entity_template/RelationNameNotFoundEntityTemplateRelationsException.java Domain exception for invalid relation name
src/main/java/com/decathlon/idp_core/domain/exception/entity_template/PropertyNameNotFoundEntityTemplatePropertiesException.java Domain exception for invalid property name
src/main/java/com/decathlon/idp_core/domain/exception/entity_mapping/EntityDynamicMappingConfigurationException.java Domain exception for invalid mapping DSL
src/main/java/com/decathlon/idp_core/domain/constant/ValidationMessages.java Adds webhook validation message constants
pom.xml Adds JSLT dependency
docs/zensical.toml Adds webhooks page to docs navigation
docs/src/concepts/webhooks.md New docs page describing connectors, mappings, security
docs/src/concepts/index.md Links webhooks concept from the concepts index

Comment thread ...cathlon/idp_core/infrastructure/adapters/entity_mapping/jslt/JsltEntityMappingValidator.java Outdated
Comment thread .../decathlon/idp_core/infrastructure/adapters/api/mapper/webhook/InboundWebhookMapperTest.java Outdated
Comment on lines +3 to +7
import com.decathlon.idp_core.domain.model.enums.WebhookSecurityType;
import com.decathlon.idp_core.domain.model.webhook.WebhookConnector;
import com.decathlon.idp_core.infrastructure.adapters.api.dto.in.InboundWebhookCreateDtoIn;import com.decathlon.idp_core.infrastructure.adapters.api.dto.in.InboundWebhookEntityMappingDtoIn;
import com.decathlon.idp_core.infrastructure.adapters.api.dto.in.InboundWebhookMappingDtoIn;
import com.decathlon.idp_core.infrastructure.adapters.api.dto.in.InboundWebhookSecurityContractDtoIn;
Comment thread ...in/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorValidationService.java Outdated
Comment thread ...in/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorValidationService.java Outdated
Comment thread src/main/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorService.java Outdated
Comment thread .../com/decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSignatureValidator.java Outdated
Comment on lines +14 to +21
try {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] digest = mac.doFinal(payload);
return toHex(digest);
} catch (Exception exception) {
throw new WebhookAuthenticationException("Unable to compute HMAC signature");
}
Comment thread ...decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSha256SecurityValidator.java Outdated
Comment on lines +48 to +53
String secret = WebhookSecurityConfigurationUtils.getSecretFromEnvironment(alias);

String expected = prefix + signatureValidator.computeHexSha256(rawBody, secret);
if (!expected.equals(provided)) {
throw new WebhookAuthenticationException("Invalid HMAC signature");
}
Comment thread ...ecathlon/idp_core/infrastructure/adapters/webhook/security/StaticTokenSecurityValidator.java Outdated
Comment on lines +41 to +45
String expected = WebhookSecurityConfigurationUtils.getSecretFromEnvironment(alias);

if (!expected.equals(provided)) {
throw new WebhookAuthenticationException("Invalid static token");
}
Comment thread .../decathlon/idp_core/infrastructure/adapters/webhook/security/BasicAuthSecurityValidator.java Outdated
Comment on lines +45 to +49
String expectedRaw = username + ":" + password;
String expected = "Basic " + Base64.getEncoder().encodeToString(expectedRaw.getBytes(StandardCharsets.UTF_8));
if (!expected.equals(authorization)) {
throw new WebhookAuthenticationException("Invalid basic authentication credentials");
}
Comment thread .../com/decathlon/idp_core/infrastructure/adapters/api/mapper/webhook/InboundWebhookMapper.java Outdated
Comment on lines +83 to +93
private InboundWebhookMappingDtoOut fromEntityMappingToDto(EntityDynamicMapping mapping) {
return new InboundWebhookMappingDtoOut(
mapping.templateIdentifier(),
mapping.filter(),
new InboundWebhookEntityMappingDtoOut(
mapping.entityIdentifier(),
mapping.entityTitle(),
Map.copyOf(mapping.properties()),
Map.copyOf(mapping.relations())
)
);
brandPittCode
brandPittCode requested changes May 28, 2026
View reviewed changes
Comment thread src/main/java/com/decathlon/idp_core/domain/model/webhook/WebhookSecurity.java Outdated
Comment thread .../decathlon/idp_core/infrastructure/adapters/webhook/security/BasicAuthSecurityValidator.java Outdated
Comment thread ...ava/com/decathlon/idp_core/domain/service/webhook/EntityDynamicMappingValidationService.java Outdated
if (webhookMappingRelations == null || webhookMappingRelations.isEmpty()) {
return;
}
webhookMappingRelations.keySet().forEach(relationName -> entityTemplateValidationService.validateRelationNameAlreadyExistInTemplate(entityTemplate.relationsDefinitions(), relationName));

@brandPittCode brandPittCode May 28, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggets to have this method in this class intead of creating a method in the entityTemplateValidation. We already have the necessary information for validating here.

Comment thread ...ava/com/decathlon/idp_core/domain/service/webhook/EntityDynamicMappingValidationService.java Outdated
);
}

private void validateRelationNameAlreadyExistInTemplate(Map<String, String> webhookMappingRelations, EntityTemplate entityTemplate) {

@brandPittCode brandPittCode May 28, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private void validateRelationNameAlreadyExistInTemplate(Map<String, String> webhookMappingRelations, EntityTemplate entityTemplate) {
private void validateRelationsExistsInTemplate(Map<String, String> webhookMappingRelations, EntityTemplate entityTemplate) {
if (webhookMappingRelations == null || webhookMappingRelations.isEmpty()) {
return;
}
List<String> unknownRelations = webhookMappingRelations.keySet().stream()
.filter(relationName -> entityTemplate.relationsDefinitions().stream()
.noneMatch(rd -> rd.name().equals(relationName)))
.toList();
if (!unknownRelations.isEmpty()) {
throw new WebhookTemplateHasNoPropertiesException(
String.format("The mapping references unknown relations: %s", String.join(", ", unknownRelations))
);
}
}

Comment thread ...ava/com/decathlon/idp_core/domain/service/webhook/EntityDynamicMappingValidationService.java Outdated
Comment thread ...va/com/decathlon/idp_core/infrastructure/adapters/webhook/service/InboundWebhookHandler.java Outdated
@Slf4j
@Service
@RequiredArgsConstructor
public class InboundWebhookHandler {

@brandPittCode brandPittCode May 28, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This componet will be implemented in the Generic Camel Route. Integration to discuss.

Comment thread src/main/java/com/decathlon/idp_core/domain/model/webhook/WebhookConnector.java Outdated
Comment thread .../idp_core/infrastructure/adapters/persistence/mapper/common/WebhookConnectorJsonbHelper.java Outdated
Comment thread ...cathlon/idp_core/infrastructure/adapters/entity_mapping/jslt/JsltEntityMappingValidator.java Outdated
@OmarAitBenaissa OmarAitBenaissa force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch from af478c6 to 6e81bd7 Compare May 28, 2026 13:18
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 5, 2026
View reviewed changes
Comment thread ..._core/infrastructure/adapters/persistence/model/webhook/WebhookTemplateMappingJpaEntity.java Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 8, 2026
View reviewed changes
Comment thread ..._core/infrastructure/adapters/persistence/model/webhook/WebhookTemplateMappingJpaEntity.java Fixed
@foukou19 foukou19 force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch 2 times, most recently from 0e79bea to a840e86 Compare June 10, 2026 14:56
@github-code-quality

github-code-quality Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

Code Coverage Overview

Languages: Java

Java / code-coverage/jacoco

The overall coverage in the branch is 86%. Coverage data for the branch is not yet available.

Show a code coverage summary of the most covered files.
File a276d46 +/-
com/decathlon/i...rDslParser.java 99%
com/decathlon/i...ionService.java 99%
com/decathlon/i...ityService.java 96%
com/decathlon/i...MapperImpl.java 90%
com/decathlon/i...MapperImpl.java 88%
com/decathlon/i...ionService.java 87%
com/decathlon/i...oOutMapper.java 86%
com/decathlon/i...ionHandler.java 83%
com/decathlon/i...cification.java 81%
com/decathlon/i...ionService.java 77%

Updated June 19, 2026 15:31 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@sonarqubecloud

sonarqubecloud Bot commented Jun 10, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

@foukou19 foukou19 force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch 2 times, most recently from fb72b72 to a264db8 Compare June 11, 2026 06:09
@foukou19
feat(core): add endpoint for creating inbound webhook connector
c400ac6 
Signed-off-by: foukou19 <ferial.oukoukas@decathlon.com>
@foukou19 foukou19 force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch from a264db8 to c400ac6 Compare June 11, 2026 06:20
@foukou19 foukou19 marked this pull request as ready for review June 11, 2026 06:28
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 18, 2026
View reviewed changes
Comment thread ..._core/infrastructure/adapters/persistence/model/webhook/WebhookTemplateMappingJpaEntity.java
@Table(name = "webhook_template_mapping")
@Getter
@Setter
@Builder
@foukou19 foukou19 force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch from 8274fae to 7089d04 Compare June 18, 2026 13:56
@foukou19
feat(core): add endpoints to manage entity dynamic mapping
dc7d4fb 
Signed-off-by: foukou19 <ferial.oukoukas@decathlon.com>
@foukou19 foukou19 force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch from 7089d04 to dc7d4fb Compare June 19, 2026 07:33
@brandPittCode brandPittCode requested a review from Copilot June 19, 2026 13:16
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 111 out of 115 changed files in this pull request and generated 20 comments.

Comment thread src/test/resources/integration_test/json/webhook/v1/postWebhook_400_identifier_blank.json
"title": "Blank Identifier",
"description": "Should fail",
"enabled": true,
"mapping_identifiers": ["microservice-mapping"],
Comment thread src/main/resources/db/migration/V4_2__create_entity_dynamic_mapping_table.sql
Comment on lines +5 to +12
id UUID PRIMARY KEY,
identifier VARCHAR(255) UNIQUE NOT NULL,
template_identifier VARCHAR(255) NOT NULL,
filter VARCHAR(255) NOT NULL,
entity_identifier VARCHAR(255) NOT NULL,
entity_title VARCHAR(255) NOT NULL,
properties JSONB NOT NULL DEFAULT '{}'::jsonb,
relations JSONB NOT NULL DEFAULT '{}'::jsonb
Comment thread src/main/resources/db/migration/V4_3__create_webhook_template_mapping_table.sql
Comment on lines +16 to +20
CREATE INDEX idx_webhook_template_mapping_webhook ON webhook_template_mapping (webhook_id);

CREATE INDEX idx_webhook_template_mapping_template ON webhook_template_mapping (template_id);

CREATE INDEX idx_webhook_template_mapping_entity_mapping ON webhook_template_mapping (entity_mapping_id);
Comment thread ...p_core/infrastructure/adapters/persistence/mapper/EntityDynamicMappingPersistenceMapper.java Outdated
@Mapping(target = "relations", qualifiedByName = "jsonStringToMap")
EntityDynamicMapping toDomain(EntityDynamicMappingJpaEntity jpa);

@Mapping(target = "id", ignore = true)
Comment thread ..._core/infrastructure/adapters/persistence/model/webhook/WebhookTemplateMappingJpaEntity.java
Comment on lines +62 to +64
@OneToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "entity_mapping_id", nullable = false, insertable = false, updatable = false)
private EntityDynamicMappingJpaEntity entityMapping;
Comment thread ...ava/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookCreateDtoIn.java
Comment thread src/main/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorService.java
Comment thread ...hlon/idp_core/infrastructure/adapters/api/controller/InboundWebhookManagementController.java Outdated
Comment thread src/main/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorService.java
Comment thread src/main/java/com/decathlon/idp_core/domain/service/webhook/DynamicMappingService.java
@foukou19
feat(core): add endpoints to manage entity dynamic mapping
a276d46 
Signed-off-by: foukou19 <ferial.oukoukas@decathlon.com>
@foukou19 foukou19 force-pushed the feat/idp-core-add-inbound-webhook-connector-endpoint branch from 591d123 to a276d46 Compare June 19, 2026 15:28
@sonarqubecloud

sonarqubecloud Bot commented Jun 19, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
80.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@brandPittCode brandPittCode brandPittCode requested changes

+1 more reviewer

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@foukou19 @CLAassistant @brandPittCode