feat(services): Add GET /overviews/services to API (#6029)

api/src/backend/api/filters.py

@@ -22,22 +22,22 @@
     StatusEnumField,
 )
 from api.models import (
+    ComplianceOverview,
     Finding,
+    Invitation,
     Membership,
     PermissionChoices,
     Provider,
     ProviderGroup,
+    ProviderSecret,
     Resource,
     ResourceTag,
+    Role,
     Scan,
     ScanSummary,
     SeverityChoices,
     StateChoices,
     StatusChoices,
-    ProviderSecret,
-    Invitation,
-    Role,
-    ComplianceOverview,
     Task,
     User,
 )
@@ -543,3 +543,25 @@ class Meta:
             "inserted_at": ["date", "gte", "lte"],
             "region": ["exact", "icontains", "in"],
         }
+
+
+class ServiceOverviewFilter(ScanSummaryFilter):
+    muted_findings = None
+
+    def is_valid(self):
+        # Check if at least one of the inserted_at filters is present
+        inserted_at_filters = [
+            self.data.get("inserted_at"),
+            self.data.get("inserted_at__gte"),
+            self.data.get("inserted_at__lte"),
+        ]
+        if not any(inserted_at_filters):
+            raise ValidationError(
+                {
+                    "inserted_at": [
+                        "At least one of filter[inserted_at], filter[inserted_at__gte], or "
+                        "filter[inserted_at__lte] is required."
+                    ]
+                }
+            )
+        return super().is_valid()

api/src/backend/api/specs/v1.yaml

@@ -1551,6 +1551,143 @@ paths:
               schema:
                 $ref: '#/components/schemas/OverviewProviderResponse'
           description: ''
+  /api/v1/overviews/services:
+    get:
+      operationId: overviews_services_retrieve
+      description: Retrieve an aggregated summary of findings grouped by service.
+        The response includes the total count of findings for each service, as long
+        as there are at least one finding for that service. At least one of the `inserted_at`
+        filters must be provided.
+      summary: Get findings data by service
+      parameters:
+      - in: query
+        name: fields[services-overview]
+        schema:
+          type: array
+          items:
+            type: string
+            enum:
+            - id
+            - total
+            - fail
+            - muted
+            - pass
+        description: endpoint return only specific fields in the response on a per-type
+          basis by including a fields[TYPE] query parameter.
+        explode: false
+      - in: query
+        name: filter[inserted_at]
+        schema:
+          type: string
+          format: date
+      - in: query
+        name: filter[inserted_at__date]
+        schema:
+          type: string
+          format: date
+      - in: query
+        name: filter[inserted_at__gte]
+        schema:
+          type: string
+          format: date-time
+      - in: query
+        name: filter[inserted_at__lte]
+        schema:
+          type: string
+          format: date-time
+      - in: query
+        name: filter[provider_id]
+        schema:
+          type: string
+          format: uuid
+      - in: query
+        name: filter[provider_type]
+        schema:
+          type: string
+          enum:
+          - aws
+          - azure
+          - gcp
+          - kubernetes
+        description: |-
+          * `aws` - AWS
+          * `azure` - Azure
+          * `gcp` - GCP
+          * `kubernetes` - Kubernetes
+      - in: query
+        name: filter[provider_type__in]
+        schema:
+          type: array
+          items:
+            type: string
+            enum:
+            - aws
+            - azure
+            - gcp
+            - kubernetes
+        description: |-
+          Multiple values may be separated by commas.
+
+          * `aws` - AWS
+          * `azure` - Azure
+          * `gcp` - GCP
+          * `kubernetes` - Kubernetes
+        explode: false
+        style: form
+      - in: query
+        name: filter[region]
+        schema:
+          type: string
+      - in: query
+        name: filter[region__icontains]
+        schema:
+          type: string
+      - in: query
+        name: filter[region__in]
+        schema:
+          type: array
+          items:
+            type: string
+        description: Multiple values may be separated by commas.
+        explode: false
+        style: form
+      - name: filter[search]
+        required: false
+        in: query
+        description: A search term.
+        schema:
+          type: string
+      - name: sort
+        required: false
+        in: query
+        description: '[list of fields to sort by](https://jsonapi.org/format/#fetching-sorting)'
+        schema:
+          type: array
+          items:
+            type: string
+            enum:
+            - id
+            - -id
+            - total
+            - -total
+            - fail
+            - -fail
+            - muted
+            - -muted
+            - pass
+            - -pass
+        explode: false
+      tags:
+      - Overview
+      security:
+      - jwtAuth: []
+      responses:
+        '200':
+          content:
+            application/vnd.api+json:
+              schema:
+                $ref: '#/components/schemas/OverviewServiceResponse'
+          description: ''
   /api/v1/provider-groups:
     get:
       operationId: provider_groups_list
@@ -5996,6 +6133,50 @@ components:
       type: string
       enum:
       - providers-overview
+    OverviewService:
+      type: object
+      required:
+      - type
+      - id
+      additionalProperties: false
+      properties:
+        type:
+          allOf:
+          - $ref: '#/components/schemas/OverviewServiceTypeEnum'
+          description: The [type](https://jsonapi.org/format/#document-resource-object-identification)
+            member is used to describe resource objects that share common attributes
+            and relationships.
+        id: {}
+        attributes:
+          type: object
+          properties:
+            id:
+              type: string
+            total:
+              type: integer
+            fail:
+              type: integer
+            muted:
+              type: integer
+            pass:
+              type: integer
+          required:
+          - id
+          - total
+          - fail
+          - muted
+          - pass
+    OverviewServiceResponse:
+      type: object
+      properties:
+        data:
+          $ref: '#/components/schemas/OverviewService'
+      required:
+      - data
+    OverviewServiceTypeEnum:
+      type: string
+      enum:
+      - services-overview
     OverviewSeverity:
       type: object
       required:

api/src/backend/api/tests/test_views.py

@@ -9,18 +9,18 @@
 from rest_framework import status
 
 from api.models import (
+    Invitation,
     Membership,
     Provider,
     ProviderGroup,
     ProviderGroupMembership,
+    ProviderSecret,
     Role,
     RoleProviderGroupRelationship,
-    Invitation,
-    UserRoleRelationship,
-    ProviderSecret,
     Scan,
     StateChoices,
     User,
+    UserRoleRelationship,
 )
 from api.rls import Tenant
 
@@ -3909,7 +3909,37 @@ def test_overview_providers_list(
             resources_fixture
         )
 
-    # TODO Add more tests for the rest of overviews
+    def test_overview_services_list_no_required_filters(
+        self, authenticated_client, scan_summaries_fixture
+    ):
+        response = authenticated_client.get(reverse("overview-services"))
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+
+    def test_overview_services_list(self, authenticated_client, scan_summaries_fixture):
+        response = authenticated_client.get(
+            reverse("overview-services"), {"filter[inserted_at]": TODAY}
+        )
+        assert response.status_code == status.HTTP_200_OK
+        # Only two different services
+        assert len(response.json()["data"]) == 2
+        # Fixed data from the fixture, TODO improve this at some point with something more dynamic
+        service1_data = response.json()["data"][0]
+        service2_data = response.json()["data"][1]
+        assert service1_data["id"] == "service1"
+        assert service2_data["id"] == "service2"
+
+        # TODO fix numbers when muted_findings filter is fixed
+        assert service1_data["attributes"]["total"] == 3
+        assert service2_data["attributes"]["total"] == 1
+
+        assert service1_data["attributes"]["pass"] == 1
+        assert service2_data["attributes"]["pass"] == 1
+
+        assert service1_data["attributes"]["fail"] == 1
+        assert service2_data["attributes"]["fail"] == 0
+
+        assert service1_data["attributes"]["muted"] == 1
+        assert service2_data["attributes"]["muted"] == 0
 
 
 @pytest.mark.django_db

api/src/backend/api/v1/serializers.py

@@ -14,24 +14,24 @@
 from rest_framework_simplejwt.tokens import RefreshToken
 
 from api.models import (
+    ComplianceOverview,
+    Finding,
+    Invitation,
+    InvitationRoleRelationship,
     Membership,
     Provider,
     ProviderGroup,
     ProviderGroupMembership,
+    ProviderSecret,
     Resource,
     ResourceTag,
-    Finding,
-    ProviderSecret,
-    Invitation,
-    InvitationRoleRelationship,
     Role,
     RoleProviderGroupRelationship,
-    UserRoleRelationship,
-    ComplianceOverview,
     Scan,
     StateChoices,
     Task,
     User,
+    UserRoleRelationship,
 )
 from api.rls import Tenant
 
@@ -1655,6 +1655,24 @@ def get_root_meta(self, _resource, _many):
         return {"version": "v1"}
 
 
+class OverviewServiceSerializer(serializers.Serializer):
+    id = serializers.CharField(source="service")
+    total = serializers.IntegerField()
+    _pass = serializers.IntegerField()
+    fail = serializers.IntegerField()
+    muted = serializers.IntegerField()
+
+    class JSONAPIMeta:
+        resource_name = "services-overview"
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields["pass"] = self.fields.pop("_pass")
+
+    def get_root_meta(self, _resource, _many):
+        return {"version": "v1"}
+
+
 # Schedules