Skip to content

ECOPROJECT-3787 | feat: Add filtering, sorting, and pagination to Assessments API #882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nirarg wants to merge 4 commits into
base: main
Choose a base branch
from
Open

ECOPROJECT-3787 | feat: Add filtering, sorting, and pagination to Assessments API #882

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e09e015
NO-JIRA | ci: Update go-version to 1.25.0
nirarg Feb 22, 2026
0676741
NO-JIRA | ci: Fix golangci-lint issues (errcheck, staticcheck)
nirarg Feb 22, 2026
dbe0a34
NO-JIRA | ci: Exclude agent-v2 directory in "make generate" target
nirarg Feb 22, 2026
2e603fd
ECOPROJECT-3787 | feat: Add filtering, sorting, and pagination to Ass…
nirarg Feb 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
version: "2"

run:
skip-dirs:
- agent-v2
- bin
Comment on lines +1 to +6
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

golangci-lint v2 run.skip-dirs removed migration guide

💡 Result:

In golangci-lint v2, run.skip-dirs was removed (it had been deprecated since v1.57.0). You should exclude directories via exclusions paths instead. [1] (golangci-lint.run)

What to change

Before (v1)

run:
  skip-dirs:
    - src/external_libs
    - autogenerated_by_my_lib

After (v2)

linters:
  exclusions:
    paths:
      - src/external_libs
      - autogenerated_by_my_lib

# If you also use formatters in golangci-lint v2, apply the same idea there:
formatters:
  exclusions:
    paths:
      - src/external_libs
      - autogenerated_by_my_lib

[1] (golangci-lint.run)

Recommended migration path

Run the built-in config migrator and then review the output:

golangci-lint migrate

It will update your config where possible (but won’t carry over deprecated/unknown fields and won’t migrate comments). [1] (golangci-lint.run)

Citations:

🌐 Web query:

golangci-lint v2 linters exclusions paths configuration schema

💡 Result:

In golangci-lint v2, path-based “exclusions” for linters live under linters.exclusions (not issues.exclude-dirs-use-default, which was removed and migrated to linters.exclusions.paths). [1][3]

JSON Schema (v2)

The v2 config can be validated against the official schema at:
https://golangci-lint.run/jsonschema/golangci.jsonschema.json [1][2]

Also ensure your config declares the v2 format:

version: "2"

[1]

Linter exclusions: paths + rules (v2)

version: "2"

linters:
  exclusions:
    # Exclude “generated” files handling
    generated: strict   # strict|lax|disable

    # Exclude by path (regex or plain path); files are still analyzed, but issues aren’t reported
    paths:
      - ".*\\.my\\.go$"
      - lib/bad.go

    # Override exclusions (don’t exclude these)
    paths-except:
      - ".*\\.my\\.go$"

    # More granular rules (per path / linter / message text / source line regex)
    rules:
      - path: _test\.go
        linters: [gocyclo, errcheck, dupl, gosec]
      - path-except: _test\.go
        linters: [forbidigo]

    # Optional: enable preset exclusion bundles + warn on unused exclusions
    presets: [comments, std-error-handling, common-false-positives, legacy]
    warn-unused: true

(Structure/field meanings shown in the v2 “Configuration File” docs.) [1]

Relative-path behavior (important for paths / rules.path)

By default, v2 evaluates relative paths relative to the config file, configurable via:

run:
  relative-path-mode: cfg  # cfg|wd|gomod|gitroot

[1][4]

run.skip-dirs is removed in golangci-lint v2 config format — agent-v2 and bin will not be excluded.

run.skip-dirs was deprecated since v1.57.0 and removed entirely in v2. The correct replacement is linters.exclusions.paths (and formatters.exclusions.paths if using formatters). With version: "2", the current run.skip-dirs block is silently ignored, so these directories will not be excluded.

🔧 Proposed fix 
 version: "2"
 
-run:
-  skip-dirs:
-    - agent-v2
-    - bin
+linters:
+  exclusions:
+    paths:
+      - agent-v2
+      - bin
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.golangci.yml around lines 1 - 6, The current golangci-lint v2 config still
uses the removed key run.skip-dirs (agent-v2 and bin), so those dirs aren’t
being excluded; update the config by removing the run.skip-dirs block and adding
exclusions under the new keys (e.g., linters.exclusions.paths) with patterns for
"agent-v2" and "bin" (and also add matching entries under
formatters.exclusions.paths if you use formatters) so the two directories are
actually ignored by golangci-lint v2 while keeping version: "2".

24 changes: 18 additions & 6 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,18 +306,30 @@ clean:
- rm -f -r bin

##################### "make lint" support start ##########################
GOLANGCI_LINT_VERSION := v1.64.8
GOLANGCI_LINT_VERSION := v2.10.1
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

golangci-lint v2 migration guide breaking changes from v1

💡 Result:

golangci-lint v1 → v2 migration (breaking changes highlights)

1) Use the built-in config migrator

  • Run: golangci-lint migrate (backs up your config; doesn’t migrate comments; drops deprecated/unknown fields). [1]

2) Config schema / structure changes

  • Config must declare version: add version: "2". [1]
  • Formatters split out from linters: gofmt, gofumpt, goimports, gci move from linters.enable to formatters.enable. [1]
  • linters-settings split into:
    • linters.settings
    • formatters.settings (for gofmt/gofumpt/goimports/gci settings). [1]
  • stylecheck, gosimple, staticcheck merged into a single staticcheck linter. [1]

3) Defaults that can change behavior

  • No timeout by default (run.timeout defaults to 0/disabled). [1]
  • Stats enabled by default (issues.show-stats default behavior changes). [1]
  • Generated-file exclusion default changed: issues.exclude-generated default goes from lax (v1) to strict (v2). [1]
  • No exclusions by default (you must configure exclusions explicitly if you relied on defaults). [2]
  • Output sorting default changed: default output.sort-order becomes ['linter','file'] (was ['file']). [1]

4) Removed/renamed config options

  • issues.exclude-dirs-use-default removed → use linters.exclusions.paths (and formatters.exclusions.paths if applicable). [1]
  • run.skip-files removed → use linters.exclusions.paths / formatters.exclusions.paths. [1]
  • output.sort-results removed → results are always sorted. [1]
  • output.print-linter-name removed → controlled per output format (e.g., output.text.print-linter-name). [1]

5) Command/flag breaking changes

  • Removed flags include: --disable-all, --enable-all, --fast, --out-format, various --exclude*, --sort-*, etc. [1]
  • Replacements include:
    • --disable-all--default=none
    • --enable-all--default=all
    • --fast--fast-only (new flag) [1]
  • New commands introduced in v2 include golangci-lint fmt and golangci-lint migrate. [2]

Primary references: official Migration Guide [1] and v2.0.0 changelog entry [2].

Major version bump (v1.64.8 → v2.10.1) — run golangci-lint migrate and verify config compatibility.

golangci-lint v2 has significant breaking changes: config schema now requires version: "2", formatters are split into a separate section, linters were merged (e.g., stylecheck, gosimple, staticcheck → single staticcheck), and several CLI flags were removed or renamed. The existing .golangci.yml / .golangci.toml will need migration. Use the built-in migration tool before landing: golangci-lint migrate backs up your config and applies the necessary schema updates. After migration, verify that linter behavior matches expectations (defaults for timeouts, stats, generated-file exclusion, and output sorting have changed).

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Makefile` at line 309, Update the golangci-lint configuration to be
compatible with v2 by running the built-in migration and adjusting the Makefile
version: run `golangci-lint migrate` to produce a v2-config backup and migrated
.golangci.yml/.golangci.toml, then set GOLANGCI_LINT_VERSION := v2.10.1 in the
Makefile (the symbol to change is GOLANGCI_LINT_VERSION), review and fix the
migrated config to consolidate merged linters (e.g., replace stylecheck/gosimple
with staticcheck), move formatter settings into the new formatters section, and
verify/adjust timeout, stats, generated-file exclusion and output sorting
behavior to match your previous linting expectations before landing.

GOLANGCI_LINT := $(GOBIN)/golangci-lint

# Download golangci-lint locally if not already present
# Run every time: if installed version != required, remove binary so $(GOLANGCI_LINT) will re-install
.PHONY: check-golangci-lint-version
check-golangci-lint-version:
@if [ -f '$(GOLANGCI_LINT)' ]; then \
installed=$$('$(GOLANGCI_LINT)' version 2>/dev/null | sed -n 's/.*version \([0-9.]*\).*/\1/p' | head -1); \
required=$$(echo '$(GOLANGCI_LINT_VERSION)' | sed 's/^v//'); \
if [ -n "$$installed" ] && [ "$$installed" != "$$required" ]; then \
echo "🔍 Installed golangci-lint $$installed != required $(GOLANGCI_LINT_VERSION), re-installing..."; \
rm -f '$(GOLANGCI_LINT)'; \
fi; \
fi

# Download golangci-lint if not present
$(GOLANGCI_LINT):
@echo "🔍 Installing golangci-lint $(GOLANGCI_LINT_VERSION)..."
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \
@curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \
sh -s -- -b $(CURDIR)/bin $(GOLANGCI_LINT_VERSION)
@echo "✅ 'golangci-lint' installed successfully."

# Run linter
lint: $(GOLANGCI_LINT)
lint: check-golangci-lint-version $(GOLANGCI_LINT)
@echo "🔍 Running golangci-lint..."
@$(GOLANGCI_LINT) run --timeout=5m
@echo "✅ Lint passed successfully!"
Expand All @@ -332,10 +344,10 @@ $(MOQ):
@go install github.com/matryer/moq@latest
@echo "✅ 'moq' installed successfully."

# Code generation
# Code generation (exclude agent-v2 submodule)
generate: $(MOQ)
@echo "⚙️ Running go generate..."
@PATH="$(GOBIN):$$PATH" go generate -v $(shell go list ./...)
@PATH="$(GOBIN):$$PATH" go generate -v $(shell go list ./... | grep -v 'agent-v2' || true)
@echo "⚙️ Running mockgen script..."
@hack/mockgen.sh
@$(MAKE) format
Expand Down
69 changes: 67 additions & 2 deletions api/v1alpha1/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,7 +377,7 @@ paths:
get:
tags:
- assessment
description: List assessments
description: List assessments with filtering, sorting, and pagination
operationId: listAssessments
parameters:
- name: sourceId
Expand All @@ -387,13 +387,56 @@ paths:
schema:
type: string
format: uuid
- name: source
in: query
description: Filter assessments by source type (agent, inventory, rvtools)
required: false
schema:
type: string
Comment on lines +390 to +395
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Consider adding an enum constraint to the source parameter.

The description documents valid values as agent, inventory, rvtools, but the schema accepts any string. Adding an enum enforces the contract at the API specification level and enables better client-side validation and documentation.

🛠️ Suggested fix 
         - name: source
           in: query
           description: Filter assessments by source type (agent, inventory, rvtools)
           required: false
           schema:
             type: string
+            enum: [agent, inventory, rvtools]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: source
in: query
description: Filter assessments by source type (agent, inventory, rvtools)
required: false
schema:
type: string
- name: source
in: query
description: Filter assessments by source type (agent, inventory, rvtools)
required: false
schema:
type: string
enum: [agent, inventory, rvtools]
🤖 Prompt for AI Agents 
In `@api/v1alpha1/openapi.yaml` around lines 390 - 395, The OpenAPI parameter
"source" currently allows any string; update its schema in
api/v1alpha1/openapi.yaml for the query parameter named "source" to include an
enum with the allowed values ["agent","inventory","rvtools"] (keeping type:
string) so the spec enforces the documented contract and enables client
validation and docs generation.

- name: name
in: query
description: Filter assessments by name pattern (case-insensitive partial match)
required: false
schema:
type: string
Comment on lines +396 to +401
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add a maxLength constraint to the name query parameter.

Without a length limit, a client could submit an extremely long string that translates into an expensive LIKE '%…%' query at the database layer. Adding a reasonable maxLength (e.g., 255) defends against abuse and aligns with the Name column's practical size.

         - name: name
           in: query
           description: Filter assessments by name pattern (case-insensitive partial match)
           required: false
           schema:
             type: string
+            maxLength: 255
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: name
in: query
description: Filter assessments by name pattern (case-insensitive partial match)
required: false
schema:
type: string
- name: name
in: query
description: Filter assessments by name pattern (case-insensitive partial match)
required: false
schema:
type: string
maxLength: 255
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@api/v1alpha1/openapi.yaml` around lines 396 - 401, The OpenAPI spec's query
parameter "name" lacks a length limit; update its schema for the "name" query
parameter (used to filter assessments) to include a maxLength of 255 to prevent
abusive/expensive LIKE '%...%' database queries and align with the underlying
Name column size. Ensure the change is made in the parameter definition for name
in the openapi.yaml (schema -> type: string) and set maxLength: 255.

- name: sort
in: query
description: "Sort fields (format: 'field:direction', e.g., 'name:asc', 'created_at:desc'). Multiple sort fields can be specified."
required: false
schema:
type: array
items:
type: string
Comment on lines +402 to +409
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add maxItems to the sort array to prevent abuse.

The sort parameter has no upper bound on the number of items. A client could submit an arbitrarily large number of sort fields, leading to expensive multi-column ORDER BY clauses. Adding a reasonable maxItems (e.g., 3–5) also satisfies the static analysis finding (CKV_OPENAPI_21).

🛠️ Suggested fix 
         schema:
           type: array
+          maxItems: 5
           items:
             type: string
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: sort
in: query
description: "Sort fields (format: 'field:direction', e.g., 'name:asc', 'created_at:desc'). Multiple sort fields can be specified."
required: false
schema:
type: array
items:
type: string
- name: sort
in: query
description: "Sort fields (format: 'field:direction', e.g., 'name:asc', 'created_at:desc'). Multiple sort fields can be specified."
required: false
schema:
type: array
maxItems: 5
items:
type: string
🤖 Prompt for AI Agents 
In `@api/v1alpha1/openapi.yaml` around lines 402 - 409, The OpenAPI `sort` query
parameter currently allows an unbounded array; update the `sort` parameter's
schema (the parameter named "sort" in the OpenAPI spec) to add a `maxItems`
constraint (suggest 3–5, e.g., `maxItems: 5`) under `schema.type: array` so
clients cannot submit arbitrarily many sort fields and to satisfy
CKV_OPENAPI_21; ensure the `items.type: string` remains unchanged and adjust any
related validation or documentation text if present.

- name: page
in: query
description: "Page number (default: 1)"
required: false
schema:
type: integer
minimum: 1
default: 1
- name: pageSize
in: query
description: "Items per page (default: 20, max: 100)"
required: false
schema:
type: integer
minimum: 1
maximum: 100
default: 20
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/AssessmentList"
$ref: "#/components/schemas/AssessmentListResponse"
"400":
description: Bad Request
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
"401":
description: Unauthorized
content:
Expand Down Expand Up @@ -1573,6 +1616,28 @@ components:
items:
$ref: "#/components/schemas/Assessment"

AssessmentListResponse:
type: object
required:
- assessments
- total
- page
- pageCount
properties:
assessments:
type: array
items:
$ref: "#/components/schemas/Assessment"
page:
type: integer
description: Current page number
pageCount:
type: integer
description: Total number of pages
total:
type: integer
description: Total number of assessments matching the filter

ClusterRequirementsRequest:
type: object
description: Request payload for calculating cluster requirements
Expand Down
177 changes: 91 additions & 86 deletions api/v1alpha1/spec.gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading