31 lines
2.2 KiB
Markdown
31 lines
2.2 KiB
Markdown
# Evidence Card API Endpoint
|
|
|
|
## Module
|
|
EvidenceLocker
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
API endpoint for evidence card export with format query parameter, response headers (X-Evidence-Pack-Id, X-Content-Digest, X-Evidence-Card-Version, X-Rekor-Log-Index), and OpenAPI spec.
|
|
|
|
## Implementation Details
|
|
- **Modules**: `src/EvidenceLocker/StellaOps.EvidenceLocker/Api/`, `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/`
|
|
- **Key Classes**:
|
|
- `ExportEndpoints` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportEndpoints.cs`) - REST endpoints for evidence card export with format parameter
|
|
- `ExportJobService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportJobService.cs`) - manages export jobs for evidence cards
|
|
- `VerdictEndpoints` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/VerdictEndpoints.cs`) - verdict-related API endpoints
|
|
- `VerdictContracts` (`src/EvidenceLocker/StellaOps.EvidenceLocker/Api/VerdictContracts.cs`) - API contract models for verdict data
|
|
- `EvidenceContracts` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/Contracts/EvidenceContracts.cs`) - API contract models for evidence data
|
|
- `EvidencePortableBundleService` (`src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Services/EvidencePortableBundleService.cs`) - creates portable evidence bundles for export
|
|
- **Interfaces**: `IExportJobService`
|
|
- **Source**: SPRINT_20260112_005_BE_evidence_card_api.md
|
|
|
|
## E2E Test Plan
|
|
- [ ] Call the evidence card export endpoint and verify response includes X-Evidence-Pack-Id, X-Content-Digest, X-Evidence-Card-Version, and X-Rekor-Log-Index headers
|
|
- [ ] Export with format=json and verify the response is valid JSON matching the evidence card schema
|
|
- [ ] Export with format=tar.gz and verify a downloadable archive is returned via `EvidencePortableBundleService`
|
|
- [ ] Verify `VerdictEndpoints` returns verdict data with proper contract models from `VerdictContracts`
|
|
- [ ] Verify the API is documented in OpenAPI spec with correct parameter and response schemas
|
|
- [ ] Verify export of a non-existent evidence card returns a 404 with appropriate error message
|