Description

There is a v2 controller endpoint that does not appear in our OpenAPI spec. As part of static analysis of the controllers and spec coverage, every exposed endpoint needs to be in the spec, or marked with @Hidden.

A controller that is not in the spec is a fatal exception in this analysis. Since a commit message for this controller says "add undocumented controller...", this omission from the spec is likely intentional.

Steps to reproduce

Examine the source code.

The PR contains a commit message "feat: add undocumented controller for retrieving the token assigned to the currently logged in user" but this is the only statement in the system that this endpoint should be excluded from spec coverage analysis.

Current behavior

Endpoint triggers false positive for "undocumented endpoint". This exception is used for detecting incorrectly implemented endpoints (example).

Expected behavior

Endpoint is excluded from static analysis of spec coverage based on surface signal in the code (@Hidden).

Environment

SM

Version

• Component Version: [e.g. 2.0.0]

Rootcause

No response

Solution ideas

Add the @Hidden annotation. According to documentation, this has no impact on code behaviour (and adding it does not break the build or tests).

The static analyzer will report hidden endpoints, but does not require them to be in the spec.

Dev -> QA handover

• Resources:
• Versions to validate:
• Release version (in which version this feature will be released):

Links

• Work on eventual consistency annotation in the spec: Mark C8 API as eventually consistent #26297