API /v1/bom should have a parameter parent

[oers]

Current Behavior

At the moment the API does not hava a parameter to specifiy the parent, when uploading a bom and using projectname/version.

Proposed Behavior

Add a parameter "parent" to /v1/bom which consumes and sets the parant on upload.

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested

[ch-k]

Would be very helpful und maybe even necessary for something like that: jenkinsci/dependency-track-plugin#139

Workaround is to create project via /v1/bom (by project name and version), retrieve IDs using /v1/project/lookup and finally update the project (including parent) with POST to /v1/project. But that's not very convenient.

[weinzierl]

"...finally update the project (including parent) with POST to /v1/project"

Have you tried that? I can't get it to work, because /v1/project doesn't seem to accept neither "parent": "uuid" nor "parentUuid": "uuid" (400 Bad Request).
/v1/project/uuid with a PUT gives me a 500. Specifying a "uuid" field does create the project but the uuid doesn't seem to be used. Setting the project uuid in the parent as "children": ["uuid"] didn't work either. How can I create a child project via the API at all?

[ch-k]

"...finally update the project (including parent) with POST to /v1/project"

Have you tried that? I can't get it to work, because /v1/project doesn't seem to accept neither "parent": "uuid" nor "parentUuid": "uuid" (400 Bad Request). /v1/project/uuid with a PUT gives me a 500. Specifying a "uuid" field does create the project but the uuid doesn't seem to be used. Setting the project uuid in the parent as "children": ["uuid"] didn't work either. How can I create a child project via the API at all?

I didn't test this step manually via curl or similar. But that's the way that the Dependency Track frontend takes. It uses the same API. When you open the "Project Details" dialog of a project without parent, you can select a new parent and press the "Update" button (that's the call to /v1/project).

[roadSurfer]

#2401 was recently addressed which allows setting the parent via a PATCH after the project has been created,
The parent can be set via POST, the frontend does this, but that requires having to include all the other project details as well; not just those which have changed.
FWIW I have tried the POST method and it works, but I have elected to ignore parent for now until the next release.

Edit: Being able to do it on bom upload (via name/version or UUID) could be advantageous as it would avoid the need for multiple quests.

[codenox-vs]

I was searching for this feature right now (/bom and parent). I thought I just missed it, but looks like I have to what a bit longer...

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.