Add keyless REST PUT/PATCH support for entities with auto-generated primary keys

[aaronburtle]

Why make this change?

Closes #2663

What is this change?

Add keyless REST PUT/PATCH support for entities with auto-generated primary keys

When a PUT or PATCH request arrives without a primary key in the URL route, the operation is converted to an Insert, reusing the existing insert pipeline. This enables creation of records on entities with identity/auto-generated keys where callers don't know the key value upfront. The original keyed PUT/PATCH routes are unchanged.

• In RestService.ExecuteAsync, keyless Upsert/UpsertIncremental operations are detected early and remapped to Insert before authorization and request context creation. Authorization is unaffected since the RestAuthorizationHandler resolves permissions from the HTTP method directly, and PUT/PATCH already require both Create and Update permissions.

• In OpenApiDocumentor, keyless PUT and PATCH operations are now documented for entities with auto-generated primary keys on the base entity path. These use the _NoAutoPK request body schema and only advertise 201 Created responses. A missing AddQueryParameters helper method was also added.

• Stored procedure entities are unaffected. No changes to the mutation engine, query builders, or database interaction layer.

How was this tested?

We modify existing tests to match the new behavior, and then add a test for keyless PUT/PATCH.

Sample Request(s)

PUT /api/Book

{
    "title": "My New Book",
    "publisher_id": 1234
}

PATCH /api/Book
{
    "title": "Another New Book",
    "publisher_id": 5678
}

These will convert to Insert

[aaronburtle]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 6 pipeline(s).

[Copilot]

Pull request overview

This PR adds support for keyless REST PUT and PATCH operations on entities with auto-generated primary keys. When a PUT or PATCH request arrives without a primary key in the URL route, the operation is converted to an Insert, enabling record creation for entities with identity/auto-generated keys where the caller doesn't know the key value beforehand.

Changes:

• Converts keyless PUT/PATCH operations to Insert in RestService.ExecuteAsync before request processing
• Adds keyless PUT/PATCH operation documentation in OpenAPI for entities with auto-generated primary keys
• Updates tests to reflect new behavior and adds comprehensive test coverage for keyless operations

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/Core/Services/RestService.cs	Adds logic to convert Upsert/UpsertIncremental to Insert when primary key route is empty
src/Core/Services/OpenAPI/OpenApiDocumentor.cs	Documents keyless PUT/PATCH operations for entities with auto-generated PKs using _NoAutoPK schema
src/Service.Tests/SqlTests/RestApiTests/Put/PutApiTestBase.cs	Adds test for keyless PUT with auto-gen PK, updates existing tests, adds If-Match header test
src/Service.Tests/SqlTests/RestApiTests/Put/PostgreSqlPutApiTests.cs	Adds SQL query for keyless PUT test verification
src/Service.Tests/SqlTests/RestApiTests/Put/MySqlPutApiTests.cs	Adds SQL query for keyless PUT test verification
src/Service.Tests/SqlTests/RestApiTests/Put/MsSqlPutApiTests.cs	Adds SQL query for keyless PUT test verification
src/Service.Tests/SqlTests/RestApiTests/Patch/PatchApiTestBase.cs	Adds test for keyless PATCH with auto-gen PK, updates existing tests, removes unused using statement
src/Service.Tests/SqlTests/RestApiTests/Patch/PostgreSqlPatchApiTests.cs	Adds SQL query for keyless PATCH test verification
src/Service.Tests/SqlTests/RestApiTests/Patch/MySqlPatchApiTests.cs	Adds SQL query for keyless PATCH test verification
src/Service.Tests/SqlTests/RestApiTests/Patch/MsSqlPatchApiTests.cs	Adds SQL query for keyless PATCH test verification

[aaronburtle]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 6 pipeline(s).

[JerryNixon]

The conversion to Insert is not gated by “auto-generated PK”. Should it?

[aaronburtle]

Good question, this is OK because our RequestValidator will handle the validation side of things and we keep a clean separation of responsibility.

[Aniruddh25]

This is indeed a good question. @aaronburtle, I checked with Copilot, and it says "So: autogenerated PKs do not bypass the URL [primaryKeyRoute] requirement for update/upsert/delete. For insert, a URL PK is disallowed regardless, in [RequestValidator.cs:224-232].

public void ValidatePrimaryKey(RestRequestContext context) see this function.

You need to fix the exception that we throw there, in cases of Patch/Put to not check for existence of primaryKey in the route if they are autogenerated.

[aaronburtle]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 6 pipeline(s).

[Aniruddh25]

the constant value is same as above PUT_KEYLESS_DESCRIPTION. Use a single constant

[Aniruddh25]

RequestValidator needs to be relaxed for Put/Patch operations when primary key subroute is not found and it is autogenerated.