Add htsget 1.2.0, OpenAPI v3.0.2 spec

[brainstorm]

As mentioned over twitter:

https://twitter.com/braincode/status/1097808553723670528

I've tried to comply with the official htsget spec, from the human-readable official spec:

https://samtools.github.io/hts-specs/htsget.html

But please let me know if there's something off. Things that concern me:

1. OpenAPI v3 only seems to have signed int32, while on the spec an unsigned int32 is required by the htsget spec. Granted, this is just for code scaffolding/stubs, but I hope nobody implements it wrong by accident.
2. I could write in the OAuth aspects in it, but the htsget spec explicitly keeps it out since it's "beyond
   the scope of this [htsget] specification". I feel inclined to add it regardless to ease code generation, thoughts?. Just went ahead and added it.
3. I've added all fields as shown in the spec for BAM, but for VCF, I just picked up some (most used ones?) from the VCF4.2 spec. Would it make sense to list them in the hts-spec as well?

[brainstorm]

Adding the Oauth2 bit might not have been the best idea since AWS API Gateway chokes on it:

[delagoya]

@brainstorm thanks a couple of notes on quick review:

1. unsigned int32 comes from trying to minimize the bytes necessary to store a genomic position in highly compress formats like BAM or CRAM. Since there are query parameters, I think it is OK to define it as int64 with a minimum of 0

2. Per your AWS API Gateway error, there are some OAS OAuth2 examples. But this seems specific to API Gateway and would not be a good thing to add to a official specification, but rather define a API Gateway specific schema in your own repo, import the schema components using $ref, and add in the custom-authorizer there.

3. No comment on this yet, will need to dig into the schema details.

[jmarshall]

Re (1), that OpenAPI documentation says format is free text so you would seem to be entirely justified in putting uint32 there.

(IMHO the spec saying "32-bit unsigned int" here is over-constraining things. It's a text format so just "unsigned int" or "int, minimum 0" says the same thing as far as the protocol is concerned. However "32-bit" has been there since the original Google Docs document and never come up in discussion as far as I know.)

Re (3), please raise this as a separate issue. Subsetting VCF fields via the fields parameter appears to have been overlooked when variants were added to htsget in PR #233.

Also

• The contact information will need changing before merging. This could be the ga4gh-htsget mailing list; or the refget OpenAPI spec uses a GA4GH Security Notifications email address here.

[daviesrob]

I think it would be good to avoid 32 bit limitations where not strictly needed. SAM does support positions longer than that, and we're planning to add support for them in HTSlib (see samtools/htslib#709). While not necessary for human sequencing, it is for quite a few other organisms.

[brainstorm]

Thanks everyone for the prompt and valuable feedback, I just added the proposed changes and opened #386 as suggested.

[jmarshall]

“The license information for the exposed API.” Probably best to omit license for the time being.

[mlin]

Yea, various parties may be allergic to GPL in particular -- omitting it is probably easier than selecting an alternative? 😉

[jmarshall]

Probably best to leave this out until #386 is resolved.

[mlin]

Sorry for the terrible belatedness of me adding a couple of comments here:

1. This is a really terrific companion to the spec, so first thank you!!
2. The example responses should probably illustrate HTTP URLs in addition to data: URIs, since the redirect is a core mechanic of the protocol, which servers designed for scalable operations would usually rely on. We could make an example for publicly accessible 1000 Genomes data or such.
3. The possible error responses could be fleshed out in more detail following the prose spec.

I would really like to help with these, but have bandwidth problems so would also welcome if somebody else is able to chew on them.

Thanks again this is great!

[brainstorm]

Thanks everyone for the feedback and code review, I'm refactoring and while I'm at it, I'll introduce 1.2.0 spec details as well (class), WIP here:

https://app.swaggerhub.com/apis/brainkod/htsget/1.2.0#/default/searchReadId

And some open questions for OpenAPI (just in case somebody here knows the solution), here:

https://twitter.com/braincode/status/1129301936828588038

[brainstorm]

Spec bumped to 1.2.0, thanks @mlin for the feedback and the heads up @ohofmann.

I hope there's nothing else missing/broken or out of sync... looks valid/ok on SwaggerHub:

https://app.swaggerhub.com/apis/brainkod/htsget/1.2.0

OT: Who is in charge of the CircleCI config on this repo?

[brainstorm]

👋

[jmarshall]

The example of a /variants/{id} response is a BAM stream. It needs to be VCF or BCF instead.

OT: Who is in charge of the CircleCI config on this repo?

You can figure that out by looking at the relevant PR (#328). However it's immaterial — if this PR is rebased to after PR #328 landed, Circle CI will be happy. As this PR does not involve PDFs, it doesn't matter either way.

[brainstorm]

Thanks @jmarshall, good catch, fixed now!

/cc @ohofmann

[jmarshall]

Agreed at the meeting that this is now ready for merging. Two remaining minor concerns:

1. The swaggerhub URL at the top is specific to brainkod:

servers:
    url: https://virtserver.swaggerhub.com/brainkod/htsget/1.2.0

Can this be replaced with a non-specific URL like the one in refget-openapi.yaml?

2. Last time I looked the treatment of error return codes was a bit haphazard, however we're happy for that to be tidied up at a later date.

@brainstorm: If you would like to address (1), I'll take care of rebasing and merging this. Thanks!

[jmarshall]

Merged as 766424f. Thanks!