This is not an RFC because it’s not very concrete yet, but rather to gather thoughts.
Foreman has built API v2 on apipie-rails. This was developed by Foreman developers in a world where OpenAPI didn’t exist yet.
These days OpenAPI is an industry standard and a lot of tooling exists around it. apipie-rails has some support for OpenAPI, but only version 1. These days apipie-rails is not well maintained and we bear much of the maintenance burden. It may be better to look at other API frameworks to see what we can use instead of adding OpenAPI v3 support to apipie-rails.
On a more technical level the design is also not very flexible. Resources are not easily identified. For example, on a host you may find:
{
"id": 1,
"name": "host.example.com",
"organization_id": 1,
"organization_name": "Example Org"
}
It’s not easy to figure out the where to find the host resource itself. One example is the GitHub API which returns the URL and HTML URL to find the resources.
Then the organization should be an object as well that, again, can be easily found. A better structure would be:
{
"id": 1,
"name": "host.example.com",
"url": "https://satellite.example.com/api/v3/hosts/1",
"html_url": "https://satellite.com/hosts/1",
"organization": {
"id": 1,
"name": "Example Org",
"url": "https://satellite.example.com/api/v3/organizations/1",
"html_url": "https://satellite.com/organizations/1"
}
}
This allows the front end to easily add links to objects and get more information.
An example of where this would be useful is Fixes #38607 - Make the new implementation the default one by kmalyjur · Pull Request #990 · theforeman/foreman_remote_execution · GitHub.
A consideration that should be taken is to use href or url. Some APIs don’t include the full hostname in their responses but only the path.
Another consideration to be taken is integration. Today both Hammer and our Ansible collections use apipie to build a lot of the support. These should be updated to use OpenAPI if possible.
What are people’s thoughts on this topic?
Concrete question: we could start adding the structure to the existing APIv2, duplicating some information, but is that wise?