2.2 KiB
2.2 KiB
Evidence Card API Endpoint
Module
EvidenceLocker
Status
IMPLEMENTED
Description
API endpoint for evidence card export with format query parameter, response headers (X-Evidence-Pack-Id, X-Content-Digest, X-Evidence-Card-Version, X-Rekor-Log-Index), and OpenAPI spec.
Implementation Details
- Modules:
src/EvidenceLocker/StellaOps.EvidenceLocker/Api/,src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/ - Key Classes:
ExportEndpoints(src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportEndpoints.cs) - REST endpoints for evidence card export with format parameterExportJobService(src/EvidenceLocker/StellaOps.EvidenceLocker/Api/ExportJobService.cs) - manages export jobs for evidence cardsVerdictEndpoints(src/EvidenceLocker/StellaOps.EvidenceLocker/Api/VerdictEndpoints.cs) - verdict-related API endpointsVerdictContracts(src/EvidenceLocker/StellaOps.EvidenceLocker/Api/VerdictContracts.cs) - API contract models for verdict dataEvidenceContracts(src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService/Contracts/EvidenceContracts.cs) - API contract models for evidence dataEvidencePortableBundleService(src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.Infrastructure/Services/EvidencePortableBundleService.cs) - creates portable evidence bundles for export
- Interfaces:
IExportJobService - Source: SPRINT_20260112_005_BE_evidence_card_api.md
E2E Test Plan
- Call the evidence card export endpoint and verify response includes X-Evidence-Pack-Id, X-Content-Digest, X-Evidence-Card-Version, and X-Rekor-Log-Index headers
- Export with format=json and verify the response is valid JSON matching the evidence card schema
- Export with format=tar.gz and verify a downloadable archive is returned via
EvidencePortableBundleService - Verify
VerdictEndpointsreturns verdict data with proper contract models fromVerdictContracts - Verify the API is documented in OpenAPI spec with correct parameter and response schemas
- Verify export of a non-existent evidence card returns a 404 with appropriate error message