Add schedule task enable/disable/trigger functionality

[chanikag]

Add schedule task enble/disable/trigger
This is to fix #3567

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email [email protected] to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to [email protected] and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• New Features

  • Added HTTP POST support for task management to allow authenticated status updates (ACTIVE, INACTIVE, TRIGGER).
  • Added TRIGGER status handling for tasks and improved task response keys.

• Security & Auditing

  • Added permission checks and audit logging for task actions; improved error responses on invalid requests.

• Chores

  • Minor import/path adjustment and added a new audit-log type constant ("task").

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[wso2-engineering]

Log Improvement Suggestion No: 1

Suggested change

	private void handlePost(MessageContext msgCtx, org.apache.axis2.context.MessageContext axisMsgCtx) {
	private void handlePost(MessageContext msgCtx, org.apache.axis2.context.MessageContext axisMsgCtx) {
	log.info("Processing POST request for task management");

[wso2-engineering]

Log Improvement Suggestion No: 2

Suggested change

	StartUpController controllerTask = (StartUpController)task;
	StartUpController controllerTask = (StartUpController)task;
	if (log.isDebugEnabled()) {
	log.debug("Processing status update for task: " + name + " to status: " + status);
	}

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2

[coderabbitai]

Warning

Rate limit exceeded

@chanikag has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 54 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between b9d6919 and f5135b9.

📒 Files selected for processing (3)

• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java (3 hunks)
• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/InboundEndpointResource.java (1 hunks)
• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (8 hunks)

Walkthrough

Adds POST support to TaskResource to change task status (activate, deactivate, trigger) with permission checks, audit logging, and logging; adds two new constants (TRIGGER_STATUS, AUDIT_LOG_TYPE_TASK) and updates an import path for DynamicControlOperationResult. No other control-flow changes.

Changes

Cohort / File(s)	Change Summary
Task resource components/.../management/apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java	Adds HTTP POST handling (adds HTTP_POST to getMethods), permission checks via SecurityUtils, audit logging via AuditLogger, a logger field, private handlePost and handleStatusUpdate methods to process status changes (ACTIVE/INACTIVE/TRIGGER) via StartUpController, and response key adjustments (use of NAME).
Constants components/.../management/apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java	Adds public static final String TRIGGER_STATUS = "trigger"; and public static final String AUDIT_LOG_TYPE_TASK = "task";.
Import update components/.../management/apis/src/main/java/org/wso2/micro/integrator/management/apis/InboundEndpointResource.java	Updated import for DynamicControlOperationResult from org.apache.synapse.inbound to org.apache.synapse.util (package path change only).

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant TaskResource
    participant SecurityUtils
    participant StartUpController
    participant AuditLogger

    Client->>TaskResource: POST /tasks/{name} + JSON {status, ...}
    activate TaskResource
    TaskResource->>TaskResource: parse & validate payload
    alt task exists
        TaskResource->>SecurityUtils: check edit permission for user
        SecurityUtils-->>TaskResource: allowed/denied
        alt allowed
            TaskResource->>StartUpController: perform status change (activate/deactivate/trigger)
            StartUpController-->>TaskResource: result (success/failure)
            alt success
                TaskResource->>AuditLogger: emit audit event (type: task)
                TaskResource-->>Client: 200 OK + updated task JSON
            else failure
                TaskResource-->>Client: 4xx/5xx with error
            end
        else denied
            TaskResource-->>Client: 403 Forbidden
        end
    else not found
        TaskResource-->>Client: 404 Not Found
    end
    deactivate TaskResource

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Focus areas:
  • TaskResource POST flow: payload parsing, validation, and status dispatch to StartUpController.
  • Permission checks and correct use of SecurityUtils.
  • Audit logging calls and event payloads (use of new AUDIT_LOG_TYPE_TASK).
  • Compile impact of the import path change in InboundEndpointResource.

🐇 I hopped through code with nimble paws,
I added triggers, checks, and laws,
Enable, disable, nudge a task,
APIs now do each tiny ask,
A carrot for logs — hooray! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	PR description is largely incomplete; only the first section (Purpose linking to issue #3567) is populated while Goals, Approach, User stories, Release note, Documentation, and all other critical sections remain as unfilled template placeholders.	Complete all critical template sections with concrete details: Goals explaining the solution, Approach describing implementation, test coverage info, security check confirmations, and documentation/migration impact.
Docstring Coverage	⚠️ Warning	Docstring coverage is 22.22% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title clearly and specifically describes the main functionality added: schedule task enable/disable/trigger operations via new API endpoints.
Linked Issues check	✅ Passed	Code changes align with linked issue #3567: new TaskResource methods support enable/disable/trigger actions for scheduled tasks via POST API, including proper permission checks and audit logging.
Out of Scope Changes check	✅ Passed	All changes are in-scope: Constants.java adds audit/trigger constants, InboundEndpointResource updates an import, and TaskResource implements enable/disable/trigger functionality directly addressing issue #3567 requirements.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (1)

100-114: Redundant Axis2 message context retrieval.

axis2MessageContext is already obtained at lines 86-87. The axisMsgCtx at lines 102-103 is redundant.

         } else {
             String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
-            org.apache.axis2.context.MessageContext axisMsgCtx =
-                    ((Axis2MessageContext) messageContext).getAxis2MessageContext();
             try {
                 if (SecurityUtils.canUserEdit(userName)) {
-                    handlePost(messageContext, axisMsgCtx);
+                    handlePost(messageContext, axis2MessageContext);
                 } else {
-                    Utils.sendForbiddenFaultResponse(axisMsgCtx);
+                    Utils.sendForbiddenFaultResponse(axis2MessageContext);
                 }
             } catch (UserStoreException e) {
                 log.error("Error occurred while retrieving the user data", e);
-                Utils.setJsonPayLoad(axisMsgCtx, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
+                Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
             }
         }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2c9cfac and 0e32dc8.

📒 Files selected for processing (3)

• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java (1 hunks)
• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/InboundEndpointResource.java (1 hunks)
• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (8 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (3)

components/org.wso2.micro.integrator.core/src/main/java/org/wso2/micro/core/util/AuditLogger.java (1)

• AuditLogger (28-41)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/security/handler/SecurityUtils.java (1)

• SecurityUtils (37-150)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java (1)

• Constants (25-247)

🔇 Additional comments (6)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/InboundEndpointResource.java (1)

29-29: Import path update looks correct.

The import relocation for DynamicControlOperationResult from org.apache.synapse.inbound to org.apache.synapse.util is consistent with the same import in TaskResource.java.

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java (1)

119-122: New constant appropriately placed.

The TRIGGER_STATUS constant is logically grouped with the other Synapse service status constants and follows the established naming convention.

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (4)

22-67: Imports and logger setup look appropriate.

The new imports support the POST handling, security checks, and audit logging functionality. The logger declaration follows the standard pattern used in similar resource classes.

---

73-79: HTTP POST method registration is correct.

Adding HTTP_POST enables the new task enable/disable/trigger functionality and is consistent with the pattern in InboundEndpointResource.

---

171-176: Good use of constant for JSON key.

Using the NAME constant instead of a hardcoded string improves maintainability.

---

275-296: Consistent use of NAME constant.

The change at line 279 aligns with the pattern used elsewhere in this file.

[SanojPunchihewa]

We can have this for the else block of if condition at L320

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (1)

136-138: Add else branch for missing STATUS field.

When the payload contains name but lacks status, response remains null and is set as the payload at line 146. This can result in a null or undefined response being sent to the client.

Apply this diff to handle the missing status case:

                     if (payload.has(STATUS)) {
                         response = handleStatusUpdate(task, performedBy, info, msgCtx, payload);
+                    } else {
+                        response = Utils.createJsonError("Missing 'status' field in payload", axisMsgCtx, Constants.BAD_REQUEST);
                     }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88a54d5 and d771284.

📒 Files selected for processing (1)

• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (8 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (3)

components/org.wso2.micro.integrator.core/src/main/java/org/wso2/micro/core/util/AuditLogger.java (1)

• AuditLogger (28-41)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/security/handler/SecurityUtils.java (1)

• SecurityUtils (37-150)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java (1)

• Constants (25-248)

🔇 Additional comments (7)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (7)

22-22: LGTM! Imports are appropriate for the new POST functionality.

All new imports support the enable/disable/trigger feature: JSON payload parsing, logging, dynamic control operations, audit logging, and security checks.

Also applies to: 26-27, 34-35, 40-42, 44-44, 56-62

---

67-67: LGTM! Logger properly declared.

The static logger is correctly initialized and used for error reporting in the new POST handling logic.

---

77-77: LGTM! POST support correctly added.

The method properly extends the API resource to handle POST requests for task management operations.

---

92-114: LGTM! Proper security checks and error handling.

The POST request flow correctly:

• Retrieves the authenticated username
• Validates edit permissions via SecurityUtils.canUserEdit()
• Returns 403 Forbidden for unauthorized users
• Handles UserStoreException with appropriate logging

---

173-173: LGTM! Good use of constant for JSON key.

Replacing hardcoded "name" strings with the NAME constant improves maintainability and ensures consistency across the codebase.

Also applies to: 215-215, 279-279

---

318-325: LGTM! Proper type checking and error handling.

The null check for controllerTask correctly handles the case where a task exists but is not an instance of StartUpController. This is not dead code—it's a defensive guard against tasks that cannot be controlled dynamically. The error message is also accurate.

---

327-344: LGTM! Correct audit log types for activate and deactivate.

Both the deactivate (line 331) and activate (line 340) operations correctly use Constants.AUDIT_LOG_TYPE_TASK for audit logging, ensuring proper categorization of task-related operations.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (1)

120-151: Add error handling when STATUS is missing from payload.

If the payload contains name but not status, the response variable remains null at line 136-138 and is set as the payload at line 146, which will cause issues. This was flagged in a previous review but remains unaddressed.

Apply this diff to handle the missing STATUS case:

                     if (payload.has(STATUS)) {
                         response = handleStatusUpdate(task, performedBy, info, msgCtx, payload);
+                    } else {
+                        response = Utils.createJsonError("Missing 'status' in payload", axisMsgCtx, Constants.BAD_REQUEST);
                     }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d771284 and b9d6919.

📒 Files selected for processing (1)

• components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (8 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (3)

components/org.wso2.micro.integrator.core/src/main/java/org/wso2/micro/core/util/AuditLogger.java (1)

• AuditLogger (28-41)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/security/handler/SecurityUtils.java (1)

• SecurityUtils (37-150)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java (1)

• Constants (25-248)

🔇 Additional comments (6)

components/org.wso2.micro.integrator.extensions/org.wso2.micro.integrator.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/TaskResource.java (6)

22-67: LGTM: Imports and logger setup are appropriate.

The new imports and logger instance are correctly added to support POST operations, security checks, audit logging, and error handling.

---

74-79: LGTM: POST method correctly added.

The resource now properly declares support for POST operations in addition to GET.

---

92-114: LGTM: Security checks properly implemented.

POST requests are correctly guarded with SecurityUtils.canUserEdit() checks, and forbidden responses are sent for unauthorized users. Error handling for user store exceptions is appropriate.

---

173-173: LGTM: Consistent use of NAME constant.

Good refactoring to use the NAME constant instead of hardcoded strings.

---

318-324: LGTM: Task type validation is correct.

The instanceof check and error handling are properly implemented. The previous issue with the error message has been addressed.

---

326-343: LGTM: Activate and deactivate audit logging is correct.

The activate and deactivate branches now correctly use AUDIT_LOG_TYPE_TASK with appropriate action constants. Previous audit log type issues have been addressed.