From d9402023732d9b43e8c7d2759ea6f74b2774b424 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 17 Mar 2026 17:54:00 +0500
Subject: [PATCH 01/41] upload, get and update rest endpoints

---
 opennms-config-jaxb/pom.xml                   |   4 +
 .../config/trapd/TrapdConfiguration.java      |   3 +
 .../opennms/web/rest/v2/TrapdRestService.java | 159 ++++++++++++++++++
 .../opennms/web/rest/v2/api/TrapdRestApi.java |  90 ++++++++++
 .../web/rest/v2/model/TrapdConfigPayload.java |  98 +++++++++++
 .../applicationContext-cxf-rest-v2.xml        |   5 +-
 .../web/rest/v2/TrapdRestServiceIT.java       | 119 +++++++++++++
 .../applicationContext-rest-test.xml          |   2 +
 8 files changed, 479 insertions(+), 1 deletion(-)
 create mode 100644 opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
 create mode 100644 opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
 create mode 100644 opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigPayload.java
 create mode 100644 opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java

diff --git a/opennms-config-jaxb/pom.xml b/opennms-config-jaxb/pom.xml
index d7728df68af6..98f42297f9fc 100644
--- a/opennms-config-jaxb/pom.xml
+++ b/opennms-config-jaxb/pom.xml
@@ -83,5 +83,9 @@
       <artifactId>org.opennms.core.test-api.xml</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-annotations</artifactId>
+    </dependency>
   </dependencies>
 </project>
diff --git a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
index c74eba745f71..4e9f8e86ffc3 100644
--- a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
+++ b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
@@ -31,6 +31,7 @@
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.opennms.core.xml.ValidateUsing;
 
 
@@ -69,6 +70,7 @@ public class TrapdConfiguration implements  Serializable {
      * keeps track of state for field: _snmpTrapPort
      */
 	@XmlTransient
+    @JsonIgnore
     private boolean hasSnmpTrapPort;
 
     /**
@@ -114,6 +116,7 @@ public class TrapdConfiguration implements  Serializable {
      * keeps track of state for field: _newSuspectOnTrap
      */
 	@XmlTransient
+    @JsonIgnore
     private boolean hasNewSuspectOnTrap;
 
     /**
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
new file mode 100644
index 000000000000..c990b0549fb6
--- /dev/null
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to The OpenNMS Group, Inc (TOG) under one or more
+ * contributor license agreements.  See the LICENSE.md file
+ * distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * TOG licenses this file to You under the GNU Affero General
+ * Public License Version 3 (the "License") or (at your option)
+ * any later version.  You may not use this file except in
+ * compliance with the License.  You may obtain a copy of the
+ * License at:
+ *
+ *      https://www.gnu.org/licenses/agpl-3.0.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied.  See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.opennms.web.rest.v2;
+
+import java.io.InputStream;
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.core.SecurityContext;
+
+import org.apache.cxf.jaxrs.ext.multipart.Attachment;
+import org.opennms.core.xml.JaxbUtils;
+import org.opennms.features.config.exception.ValidationException;
+import org.opennms.netmgt.config.trapd.TrapdConfiguration;
+import org.opennms.netmgt.dao.api.TrapdConfigDao;
+import org.opennms.web.rest.v2.api.TrapdRestApi;
+import org.opennms.web.rest.v2.model.TrapdConfigPayload;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Service
+public class TrapdRestService implements TrapdRestApi {
+
+    private static final Logger LOG = LoggerFactory.getLogger(TrapdRestService.class);
+
+    @Autowired
+    private TrapdConfigDao m_trapdConfigDao;
+
+    @Override
+    public Response uploadTrapdConfiguration(final Attachment attachment, final SecurityContext securityContext) {
+        if (attachment == null) {
+            return Response.status(Status.BAD_REQUEST).entity("Missing uploaded file field 'upload'.").build();
+        }
+
+        final TrapdConfiguration config;
+        try (InputStream inputStream = attachment.getObject(InputStream.class)) {
+            config = JaxbUtils.unmarshal(TrapdConfiguration.class, inputStream);
+        } catch (Exception e) {
+            LOG.warn("Failed to parse uploaded trapd configuration.", e);
+            return Response.status(Status.BAD_REQUEST).entity("Invalid trapd XML configuration.").build();
+        }
+
+        try {
+            m_trapdConfigDao.updateConfig(config);
+            return Response.ok(m_trapdConfigDao.getConfig()).build();
+        } catch (ValidationException e) {
+            LOG.warn("Uploaded trapd configuration failed schema validation.", e);
+            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
+        } catch (Exception e) {
+            LOG.error("Failed to persist uploaded trapd configuration.", e);
+            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to persist trapd configuration.").build();
+        }
+    }
+
+    @Override
+    public Response getTrapdConfiguration(final SecurityContext securityContext) {
+        try {
+            TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            if (config == null) {
+                return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
+            }
+            return Response.ok(config).build();
+        } catch (Exception e) {
+            LOG.error("Failed to retrieve trapd configuration.", e);
+            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to retrieve trapd configuration.").build();
+        }
+    }
+
+    @Override
+    public Response updateTrapdConfiguration(TrapdConfigPayload config, SecurityContext securityContext) {
+        if (config == null) {
+            return Response.status(Status.BAD_REQUEST).entity("Missing trapd configuration in request body.").build();
+        }
+
+        final TrapdConfiguration updatedConfig;
+        try {
+            updatedConfig = mergeTrapdConfiguration(config);
+        } catch (Exception e) {
+            LOG.warn("Failed to map trapd update payload.", e);
+            return Response.status(Status.BAD_REQUEST).entity("Invalid trapd configuration payload.").build();
+        }
+
+        try {
+            m_trapdConfigDao.updateConfig(updatedConfig);
+            return Response.ok(m_trapdConfigDao.getConfig()).build();
+        } catch (ValidationException e) {
+            LOG.warn("Provided trapd configuration failed schema validation.", e);
+            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
+        } catch (Exception e) {
+            LOG.error("Failed to persist provided trapd configuration.", e);
+            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to persist trapd configuration.").build();
+        }
+    }
+
+    private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigPayload payload) {
+        TrapdConfiguration config = m_trapdConfigDao.getConfig();
+        if (config == null) {
+            config = new TrapdConfiguration();
+        }
+
+        if (payload.getSnmpTrapAddress() != null) {
+            config.setSnmpTrapAddress(payload.getSnmpTrapAddress());
+        }
+        if (payload.getSnmpTrapPort() != null) {
+            config.setSnmpTrapPort(payload.getSnmpTrapPort());
+        }
+        if (payload.getNewSuspectOnTrap() != null) {
+            config.setNewSuspectOnTrap(payload.getNewSuspectOnTrap());
+        }
+        if (payload.getIncludeRawMessage() != null) {
+            config.setIncludeRawMessage(payload.getIncludeRawMessage());
+        }
+        if (payload.getThreads() != null) {
+            config.setThreads(payload.getThreads());
+        }
+        if (payload.getQueueSize() != null) {
+            config.setQueueSize(payload.getQueueSize());
+        }
+        if (payload.getBatchSize() != null) {
+            config.setBatchSize(payload.getBatchSize());
+        }
+        if (payload.getBatchInterval() != null) {
+            config.setBatchInterval(payload.getBatchInterval());
+        }
+        if (payload.getUseAddressFromVarbind() != null) {
+            config.setUseAddressFromVarbind(payload.getUseAddressFromVarbind());
+        }
+        if (payload.getSnmpv3Users() != null) {
+            config.setSnmpv3User(payload.getSnmpv3Users());
+        }
+
+        // Prevent generated helper flags from being persisted as schema properties.
+//        config.deleteNewSuspectOnTrap();
+//        config.deleteSnmpTrapPort();
+        return config;
+    }
+
+}
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
new file mode 100644
index 000000000000..11d6ca26aa83
--- /dev/null
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to The OpenNMS Group, Inc (TOG) under one or more
+ * contributor license agreements.  See the LICENSE.md file
+ * distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * TOG licenses this file to You under the GNU Affero General
+ * Public License Version 3 (the "License") or (at your option)
+ * any later version.  You may not use this file except in
+ * compliance with the License.  You may obtain a copy of the
+ * License at:
+ *
+ *      https://www.gnu.org/licenses/agpl-3.0.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied.  See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.opennms.web.rest.v2.api;
+
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
+
+import org.apache.cxf.jaxrs.ext.multipart.Attachment;
+import org.apache.cxf.jaxrs.ext.multipart.Multipart;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.opennms.web.rest.v2.model.TrapdConfigPayload;
+
+@Path("trapd")
+@Tag(name = "Trapd", description = "Trapd API V2")
+public interface TrapdRestApi {
+
+    @POST
+    @Path("upload")
+    @Consumes(MediaType.MULTIPART_FORM_DATA)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(
+            summary = "Upload trapd configuration",
+            description = "Upload trapd-configuration XML and persist it to DB.",
+            operationId = "uploadTrapdConfiguration"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "204", description = "Configuration updated successfully"),
+            @ApiResponse(responseCode = "400", description = "Invalid trapd XML or missing upload field"),
+            @ApiResponse(responseCode = "500", description = "Failed to persist trapd configuration")
+    })
+    Response uploadTrapdConfiguration(@Multipart("upload") Attachment attachment, @Context SecurityContext securityContext);
+    
+    @GET
+    @Path("get-config")
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(
+            summary = "Get trapd configuration",
+            description = "Retrieve the current trapd configuration.",
+            operationId = "getTrapdConfiguration"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "Configuration retrieved successfully"),
+            @ApiResponse(responseCode = "404", description = "Configuration not found"),
+            @ApiResponse(responseCode = "500", description = "Failed to retrieve trapd configuration")
+    })
+    Response getTrapdConfiguration(@Context SecurityContext securityContext);
+    
+    @POST
+    @Path("update-config")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(
+            summary = "Update trapd configuration",
+            description = "Update trapd configuration with provided JSON payload.",
+            operationId = "updateTrapdConfiguration"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "Configuration updated successfully"),
+            @ApiResponse(responseCode = "400", description = "Invalid configuration payload"),
+            @ApiResponse(responseCode = "500", description = "Failed to update trapd configuration")
+    })
+    Response updateTrapdConfiguration(TrapdConfigPayload payload, @Context SecurityContext securityContext);
+}
+
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigPayload.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigPayload.java
new file mode 100644
index 000000000000..c4dad14b7d18
--- /dev/null
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigPayload.java
@@ -0,0 +1,98 @@
+package org.opennms.web.rest.v2.model;
+
+import java.util.List;
+
+import org.opennms.netmgt.config.trapd.Snmpv3User;
+
+public class TrapdConfigPayload {
+    private String snmpTrapAddress;
+    private Integer snmpTrapPort;
+    private Boolean newSuspectOnTrap;
+    private Boolean includeRawMessage;
+    private Integer threads;
+    private Integer queueSize;
+    private Integer batchSize;
+    private Integer batchInterval;
+    private Boolean useAddressFromVarbind;
+    private List<Snmpv3User> snmpv3Users;
+
+    public String getSnmpTrapAddress() {
+        return snmpTrapAddress;
+    }
+
+    public void setSnmpTrapAddress(final String snmpTrapAddress) {
+        this.snmpTrapAddress = snmpTrapAddress;
+    }
+
+    public Integer getSnmpTrapPort() {
+        return snmpTrapPort;
+    }
+
+    public void setSnmpTrapPort(final Integer snmpTrapPort) {
+        this.snmpTrapPort = snmpTrapPort;
+    }
+
+    public Boolean getNewSuspectOnTrap() {
+        return newSuspectOnTrap;
+    }
+
+    public void setNewSuspectOnTrap(final Boolean newSuspectOnTrap) {
+        this.newSuspectOnTrap = newSuspectOnTrap;
+    }
+
+    public Boolean getIncludeRawMessage() {
+        return includeRawMessage;
+    }
+
+    public void setIncludeRawMessage(final Boolean includeRawMessage) {
+        this.includeRawMessage = includeRawMessage;
+    }
+
+    public Integer getThreads() {
+        return threads;
+    }
+
+    public void setThreads(final Integer threads) {
+        this.threads = threads;
+    }
+
+    public Integer getQueueSize() {
+        return queueSize;
+    }
+
+    public void setQueueSize(final Integer queueSize) {
+        this.queueSize = queueSize;
+    }
+
+    public Integer getBatchSize() {
+        return batchSize;
+    }
+
+    public void setBatchSize(final Integer batchSize) {
+        this.batchSize = batchSize;
+    }
+
+    public Integer getBatchInterval() {
+        return batchInterval;
+    }
+
+    public void setBatchInterval(final Integer batchInterval) {
+        this.batchInterval = batchInterval;
+    }
+
+    public Boolean getUseAddressFromVarbind() {
+        return useAddressFromVarbind;
+    }
+
+    public void setUseAddressFromVarbind(final Boolean useAddressFromVarbind) {
+        this.useAddressFromVarbind = useAddressFromVarbind;
+    }
+
+    public List<Snmpv3User> getSnmpv3Users() {
+        return snmpv3Users;
+    }
+
+    public void setSnmpv3Users(final List<Snmpv3User> snmpv3Users) {
+        this.snmpv3Users = snmpv3Users;
+    }
+}
diff --git a/opennms-webapp-rest/src/main/webapp/WEB-INF/applicationContext-cxf-rest-v2.xml b/opennms-webapp-rest/src/main/webapp/WEB-INF/applicationContext-cxf-rest-v2.xml
index 1275108b1a66..17e22ab488d0 100644
--- a/opennms-webapp-rest/src/main/webapp/WEB-INF/applicationContext-cxf-rest-v2.xml
+++ b/opennms-webapp-rest/src/main/webapp/WEB-INF/applicationContext-cxf-rest-v2.xml
@@ -6,18 +6,21 @@
         xmlns:util="http://www.springframework.org/schema/util"
         xmlns:cxf="http://cxf.apache.org/core"
         xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+        xmlns:onmsgi="http://xmlns.opennms.org/xsd/spring/onms-osgi"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
                 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd
                 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.2.xsd
                 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
                 http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
-                http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
+                http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
+                http://xmlns.opennms.org/xsd/spring/onms-osgi http://xmlns.opennms.org/xsd/spring/onms-osgi.xsd">
 
     <tx:annotation-driven />
     <context:annotation-config/>
 
     <!-- Automatically scan for @Component beans -->
     <context:component-scan base-package="org.opennms.web.rest.v2, org.opennms.web.rest.mapper.v2" />
+    <onmsgi:reference id="trapdConfigDao" interface="org.opennms.netmgt.dao.api.TrapdConfigDao" />
 
     <import resource="classpath:/META-INF/cxf/cxf.xml" />
     <import resource="classpath:/META-INF/cxf/cxf-servlet.xml" />
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
new file mode 100644
index 000000000000..07d2815f9bcd
--- /dev/null
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -0,0 +1,119 @@
+/*
+ * Licensed to The OpenNMS Group, Inc (TOG) under one or more
+ * contributor license agreements.  See the LICENSE.md file
+ * distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * TOG licenses this file to You under the GNU Affero General
+ * Public License Version 3 (the "License") or (at your option)
+ * any later version.  You may not use this file except in
+ * compliance with the License.  You may obtain a copy of the
+ * License at:
+ *
+ *      https://www.gnu.org/licenses/agpl-3.0.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied.  See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.opennms.web.rest.v2;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.Principal;
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
+
+import org.apache.cxf.jaxrs.ext.multipart.Attachment;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opennms.core.test.OpenNMSJUnit4ClassRunner;
+import org.opennms.core.test.db.annotations.JUnitTemporaryDatabase;
+import org.opennms.netmgt.dao.api.TrapdConfigDao;
+import org.opennms.test.JUnitConfigurationEnvironment;
+import org.opennms.web.rest.v2.api.TrapdRestApi;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+@RunWith(OpenNMSJUnit4ClassRunner.class)
+@WebAppConfiguration
+@ContextConfiguration(locations = {
+        "classpath:/META-INF/opennms/applicationContext-soa.xml",
+        "classpath:/META-INF/opennms/applicationContext-commonConfigs.xml",
+        "classpath:/META-INF/opennms/applicationContext-dao.xml",
+        "classpath*:/META-INF/opennms/component-dao.xml",
+        "classpath:/META-INF/opennms/mockEventIpcManager.xml",
+        "classpath:/applicationContext-rest-test.xml"
+})
+@JUnitConfigurationEnvironment(systemProperties = "org.opennms.timeseries.strategy=integration")
+@JUnitTemporaryDatabase
+public class TrapdRestServiceIT {
+
+    private SecurityContext securityContext;
+
+    @Autowired
+    private TrapdRestApi m_trapdRestApi;
+
+    // @Autowired
+    // private TrapdConfigDao m_trapdConfigDao;
+
+    // @Before
+    // public void setUp() {
+    //     Principal principal = mock(Principal.class);
+    //     when(principal.getName()).thenReturn("integration-user");
+    //     securityContext = mock(SecurityContext.class);
+    //     when(securityContext.getUserPrincipal()).thenReturn(principal);
+    // }
+
+    // @Test
+    // public void testUploadTrapdConfig() {
+    //     final Attachment attachment = mock(Attachment.class);
+    //     when(attachment.getObject(InputStream.class)).thenReturn(new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8)));
+
+    //     try (Response response = m_trapdRestApi.uploadTrapdConfiguration(attachment, securityContext)) {
+    //         assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
+    //     }
+    //     assertEquals(10163, m_trapdConfigDao.getConfig().getSnmpTrapPort());
+    // }
+
+    // @Test
+    // public void testUploadTrapdConfigWithInvalidXml() {
+    //     final Attachment attachment = mock(Attachment.class);
+    //     when(attachment.getObject(InputStream.class)).thenReturn(new ByteArrayInputStream("<trapd-configuration".getBytes(StandardCharsets.UTF_8)));
+
+    //     try (Response response = m_trapdRestApi.uploadTrapdConfiguration(attachment, securityContext)) {
+    //         assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+    //         assertTrue(String.valueOf(response.getEntity()).contains("Invalid trapd XML configuration."));
+    //     }
+    // }
+
+    // @Test
+    // public void testUploadTrapdConfigWithMissingAttachment() {
+    //     try (Response response = m_trapdRestApi.uploadTrapdConfiguration(null, securityContext)) {
+    //         assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+    //         assertNotNull(response.getEntity());
+    //     }
+    // }
+
+    // private static String validTrapdConfigXml() {
+    //     return "<trapd-configuration xmlns=\"http://xmlns.opennms.org/xsd/config/trapd\" "
+    //             + "snmp-trap-address=\"*\" snmp-trap-port=\"10163\" new-suspect-on-trap=\"false\" "
+    //             + "include-raw-message=\"false\" threads=\"0\" queue-size=\"10000\" "
+    //             + "batch-size=\"1000\" batch-interval=\"500\"/>";
+    // }
+}
+
+
diff --git a/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml b/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml
index fefa36f61f93..4632db98874d 100644
--- a/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml
+++ b/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml
@@ -11,6 +11,8 @@
 
 	<bean id="eventConfPersistenceService" class="org.opennms.web.rest.v2.EventConfPersistenceService"/>
 	<bean id="eventConfRestApi" class="org.opennms.web.rest.v2.EventConfRestService"/>
+	<bean id="trapdConfigDao" class="org.opennms.netmgt.dao.jaxb.DefaultTrapdConfigDao"/>
+	<bean id="trapdRestApi" class="org.opennms.web.rest.v2.TrapdRestService"/>
 
 	<bean name="collectd-configuration.xml" class="org.opennms.core.config.impl.JaxbResourceConfiguration">
 		<constructor-arg value="org.opennms.netmgt.config.collectd.CollectdConfiguration" />

From 1a4d4c2766662b4d25258e97ff53794f550aba1d Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 17 Mar 2026 19:28:57 +0500
Subject: [PATCH 02/41] changes for dto

---
 .../opennms/web/rest/v2/TrapdRestService.java | 19 +++++---------
 .../opennms/web/rest/v2/api/TrapdRestApi.java |  4 +--
 ...ConfigPayload.java => TrapdConfigDto.java} | 25 +++++++++++--------
 3 files changed, 22 insertions(+), 26 deletions(-)
 rename opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/{TrapdConfigPayload.java => TrapdConfigDto.java} (73%)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index c990b0549fb6..bccf6523841e 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -33,7 +33,7 @@
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.web.rest.v2.api.TrapdRestApi;
-import org.opennms.web.rest.v2.model.TrapdConfigPayload;
+import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -63,7 +63,7 @@ public Response uploadTrapdConfiguration(final Attachment attachment, final Secu
 
         try {
             m_trapdConfigDao.updateConfig(config);
-            return Response.ok(m_trapdConfigDao.getConfig()).build();
+            return Response.ok(new TrapdConfigDto().toDto(config)).build();
         } catch (ValidationException e) {
             LOG.warn("Uploaded trapd configuration failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -80,7 +80,7 @@ public Response getTrapdConfiguration(final SecurityContext securityContext) {
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
-            return Response.ok(config).build();
+            return Response.ok(new TrapdConfigDto().toDto(config)).build();
         } catch (Exception e) {
             LOG.error("Failed to retrieve trapd configuration.", e);
             return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to retrieve trapd configuration.").build();
@@ -88,7 +88,7 @@ public Response getTrapdConfiguration(final SecurityContext securityContext) {
     }
 
     @Override
-    public Response updateTrapdConfiguration(TrapdConfigPayload config, SecurityContext securityContext) {
+    public Response updateTrapdConfiguration(TrapdConfigDto config, SecurityContext securityContext) {
         if (config == null) {
             return Response.status(Status.BAD_REQUEST).entity("Missing trapd configuration in request body.").build();
         }
@@ -103,7 +103,7 @@ public Response updateTrapdConfiguration(TrapdConfigPayload config, SecurityCont
 
         try {
             m_trapdConfigDao.updateConfig(updatedConfig);
-            return Response.ok(m_trapdConfigDao.getConfig()).build();
+            return Response.ok(new TrapdConfigDto().toDto(m_trapdConfigDao.getConfig())).build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -113,7 +113,7 @@ public Response updateTrapdConfiguration(TrapdConfigPayload config, SecurityCont
         }
     }
 
-    private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigPayload payload) {
+    private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigDto payload) {
         TrapdConfiguration config = m_trapdConfigDao.getConfig();
         if (config == null) {
             config = new TrapdConfiguration();
@@ -146,13 +146,6 @@ private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigPayload payl
         if (payload.getUseAddressFromVarbind() != null) {
             config.setUseAddressFromVarbind(payload.getUseAddressFromVarbind());
         }
-        if (payload.getSnmpv3Users() != null) {
-            config.setSnmpv3User(payload.getSnmpv3Users());
-        }
-
-        // Prevent generated helper flags from being persisted as schema properties.
-//        config.deleteNewSuspectOnTrap();
-//        config.deleteSnmpTrapPort();
         return config;
     }
 
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index 11d6ca26aa83..00f2c09bc8e4 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -34,7 +34,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import org.opennms.web.rest.v2.model.TrapdConfigPayload;
+import org.opennms.web.rest.v2.model.TrapdConfigDto;
 
 @Path("trapd")
 @Tag(name = "Trapd", description = "Trapd API V2")
@@ -85,6 +85,6 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "400", description = "Invalid configuration payload"),
             @ApiResponse(responseCode = "500", description = "Failed to update trapd configuration")
     })
-    Response updateTrapdConfiguration(TrapdConfigPayload payload, @Context SecurityContext securityContext);
+    Response updateTrapdConfiguration(TrapdConfigDto payload, @Context SecurityContext securityContext);
 }
 
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigPayload.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
similarity index 73%
rename from opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigPayload.java
rename to opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
index c4dad14b7d18..afaacc8163db 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigPayload.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
@@ -1,10 +1,8 @@
 package org.opennms.web.rest.v2.model;
 
-import java.util.List;
+import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 
-import org.opennms.netmgt.config.trapd.Snmpv3User;
-
-public class TrapdConfigPayload {
+public class TrapdConfigDto {
     private String snmpTrapAddress;
     private Integer snmpTrapPort;
     private Boolean newSuspectOnTrap;
@@ -14,7 +12,6 @@ public class TrapdConfigPayload {
     private Integer batchSize;
     private Integer batchInterval;
     private Boolean useAddressFromVarbind;
-    private List<Snmpv3User> snmpv3Users;
 
     public String getSnmpTrapAddress() {
         return snmpTrapAddress;
@@ -88,11 +85,17 @@ public void setUseAddressFromVarbind(final Boolean useAddressFromVarbind) {
         this.useAddressFromVarbind = useAddressFromVarbind;
     }
 
-    public List<Snmpv3User> getSnmpv3Users() {
-        return snmpv3Users;
-    }
-
-    public void setSnmpv3Users(final List<Snmpv3User> snmpv3Users) {
-        this.snmpv3Users = snmpv3Users;
+    public TrapdConfigDto toDto(final TrapdConfiguration config) {
+        TrapdConfigDto dto = new TrapdConfigDto();
+        dto.setSnmpTrapAddress(config.getSnmpTrapAddress());
+        dto.setSnmpTrapPort(config.getSnmpTrapPort());
+        dto.setNewSuspectOnTrap(config.getNewSuspectOnTrap());
+        dto.setIncludeRawMessage(config.isIncludeRawMessage());
+        dto.setThreads(config.getThreads());
+        dto.setQueueSize(config.getQueueSize());
+        dto.setBatchSize(config.getBatchSize());
+        dto.setBatchInterval(config.getBatchInterval());
+        dto.setUseAddressFromVarbind(config.shouldUseAddressFromVarbind());
+        return dto;
     }
 }

From 2a4c5ac123692aed676fb21108fe7b05b9d00482 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 17 Mar 2026 19:49:54 +0500
Subject: [PATCH 03/41] test cases

---
 .../web/rest/v2/TrapdRestServiceIT.java       | 218 +++++++++++++-----
 .../applicationContext-rest-test.xml          |   2 +-
 2 files changed, 164 insertions(+), 56 deletions(-)

diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 07d2815f9bcd..5fbafd00aff1 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -22,28 +22,30 @@
 package org.opennms.web.rest.v2;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.lang.reflect.Field;
 import java.nio.charset.StandardCharsets;
-import java.security.Principal;
 
 import javax.ws.rs.core.Response;
-import javax.ws.rs.core.SecurityContext;
 
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
 import org.opennms.core.test.OpenNMSJUnit4ClassRunner;
 import org.opennms.core.test.db.annotations.JUnitTemporaryDatabase;
+import org.opennms.features.config.exception.ValidationException;
+import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.test.JUnitConfigurationEnvironment;
-import org.opennms.web.rest.v2.api.TrapdRestApi;
+import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.web.WebAppConfiguration;
@@ -62,58 +64,164 @@
 @JUnitTemporaryDatabase
 public class TrapdRestServiceIT {
 
-    private SecurityContext securityContext;
+    @Autowired
+    private TrapdRestService m_trapdRestService;
 
     @Autowired
-    private TrapdRestApi m_trapdRestApi;
-
-    // @Autowired
-    // private TrapdConfigDao m_trapdConfigDao;
-
-    // @Before
-    // public void setUp() {
-    //     Principal principal = mock(Principal.class);
-    //     when(principal.getName()).thenReturn("integration-user");
-    //     securityContext = mock(SecurityContext.class);
-    //     when(securityContext.getUserPrincipal()).thenReturn(principal);
-    // }
-
-    // @Test
-    // public void testUploadTrapdConfig() {
-    //     final Attachment attachment = mock(Attachment.class);
-    //     when(attachment.getObject(InputStream.class)).thenReturn(new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8)));
-
-    //     try (Response response = m_trapdRestApi.uploadTrapdConfiguration(attachment, securityContext)) {
-    //         assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
-    //     }
-    //     assertEquals(10163, m_trapdConfigDao.getConfig().getSnmpTrapPort());
-    // }
-
-    // @Test
-    // public void testUploadTrapdConfigWithInvalidXml() {
-    //     final Attachment attachment = mock(Attachment.class);
-    //     when(attachment.getObject(InputStream.class)).thenReturn(new ByteArrayInputStream("<trapd-configuration".getBytes(StandardCharsets.UTF_8)));
-
-    //     try (Response response = m_trapdRestApi.uploadTrapdConfiguration(attachment, securityContext)) {
-    //         assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-    //         assertTrue(String.valueOf(response.getEntity()).contains("Invalid trapd XML configuration."));
-    //     }
-    // }
-
-    // @Test
-    // public void testUploadTrapdConfigWithMissingAttachment() {
-    //     try (Response response = m_trapdRestApi.uploadTrapdConfiguration(null, securityContext)) {
-    //         assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-    //         assertNotNull(response.getEntity());
-    //     }
-    // }
-
-    // private static String validTrapdConfigXml() {
-    //     return "<trapd-configuration xmlns=\"http://xmlns.opennms.org/xsd/config/trapd\" "
-    //             + "snmp-trap-address=\"*\" snmp-trap-port=\"10163\" new-suspect-on-trap=\"false\" "
-    //             + "include-raw-message=\"false\" threads=\"0\" queue-size=\"10000\" "
-    //             + "batch-size=\"1000\" batch-interval=\"500\"/>";
-    // }
+    private TrapdConfigDao m_trapdConfigDao;
+
+    @Before
+    public void setUp() throws Exception {
+        m_trapdRestService = new TrapdRestService();
+        m_trapdConfigDao = mock(TrapdConfigDao.class);
+        setField(m_trapdRestService, "m_trapdConfigDao", m_trapdConfigDao);
+    }
+
+    @Test
+    public void uploadShouldReturnBadRequestWhenAttachmentMissing() {
+        try (Response response = m_trapdRestService.uploadTrapdConfiguration(null, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Missing uploaded file field 'upload'.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void uploadShouldReturnBadRequestWhenXmlIsInvalid() {
+        Attachment attachment = mock(Attachment.class);
+        when(attachment.getObject(InputStream.class)).thenReturn(
+                new ByteArrayInputStream("<trapd-configuration".getBytes(StandardCharsets.UTF_8))
+        );
+
+        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Invalid trapd XML configuration.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void uploadShouldPersistValidXmlAndReturnDto() {
+        Attachment attachment = mock(Attachment.class);
+        when(attachment.getObject(InputStream.class)).thenReturn(
+                new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8))
+        );
+
+        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            assertTrue(response.getEntity() instanceof TrapdConfigDto);
+            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
+            assertEquals(Integer.valueOf(10163), dto.getSnmpTrapPort());
+            assertEquals("*", dto.getSnmpTrapAddress());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        assertEquals(10163, captor.getValue().getSnmpTrapPort());
+    }
+
+    @Test
+    public void uploadShouldReturnBadRequestWhenValidationFails() {
+        Attachment attachment = mock(Attachment.class);
+        when(attachment.getObject(InputStream.class)).thenReturn(
+                new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8))
+        );
+        whenValidationFailsOnUpdate("schema error");
+
+        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("schema error", response.getEntity());
+        }
+    }
+
+    @Test
+    public void getShouldReturnNotFoundWhenNoConfigurationExists() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+
+        try (Response response = m_trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
+            assertEquals("Trapd configuration not found.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void updateShouldReturnBadRequestWhenPayloadMissing() {
+        try (Response response = m_trapdRestService.updateTrapdConfiguration(null, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Missing trapd configuration in request body.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void updateShouldMergePayloadAndPersist() {
+        TrapdConfiguration existing = new TrapdConfiguration();
+        existing.setSnmpTrapAddress("127.0.0.1");
+        existing.setSnmpTrapPort(1162);
+        existing.setThreads(4);
+        existing.setQueueSize(1000);
+        when(m_trapdConfigDao.getConfig()).thenReturn(existing, existing);
+
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapPort(10164);
+        payload.setIncludeRawMessage(Boolean.TRUE);
+
+        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
+            assertEquals(Integer.valueOf(10164), dto.getSnmpTrapPort());
+            assertEquals(Integer.valueOf(4), dto.getThreads());
+            assertEquals("127.0.0.1", dto.getSnmpTrapAddress());
+            assertEquals(Boolean.TRUE, dto.getIncludeRawMessage());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        TrapdConfiguration persisted = captor.getValue();
+        assertEquals(10164, persisted.getSnmpTrapPort());
+        assertEquals(4, persisted.getThreads());
+    }
+
+    @Test
+    public void updateShouldReturnBadRequestWhenValidationFails() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        whenValidationFailsOnUpdate("validation failed");
+
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapPort(10164);
+
+        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("validation failed", response.getEntity());
+        }
+    }
+
+    @Test
+    public void updateShouldReturnServerErrorWhenPersistenceThrows() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapPort(10164);
+
+        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
+            assertEquals("Failed to persist trapd configuration.", response.getEntity());
+        }
+    }
+
+    private void whenValidationFailsOnUpdate(final String message) {
+        org.mockito.Mockito.doThrow(new ValidationException(message)).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    private static void setField(final Object target, final String fieldName, final Object value) throws Exception {
+        Field field = target.getClass().getDeclaredField(fieldName);
+        field.setAccessible(true);
+        field.set(target, value);
+    }
+
+    private static String validTrapdConfigXml() {
+        return "<trapd-configuration xmlns=\"http://xmlns.opennms.org/xsd/config/trapd\" "
+                + "snmp-trap-address=\"*\" snmp-trap-port=\"10163\" new-suspect-on-trap=\"false\" "
+                + "include-raw-message=\"false\" threads=\"0\" queue-size=\"10000\" "
+                + "batch-size=\"1000\" batch-interval=\"500\"/>";
+    }
 }
 
-
diff --git a/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml b/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml
index 4632db98874d..90419457b7ad 100644
--- a/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml
+++ b/opennms-webapp-rest/src/test/resources/applicationContext-rest-test.xml
@@ -12,7 +12,7 @@
 	<bean id="eventConfPersistenceService" class="org.opennms.web.rest.v2.EventConfPersistenceService"/>
 	<bean id="eventConfRestApi" class="org.opennms.web.rest.v2.EventConfRestService"/>
 	<bean id="trapdConfigDao" class="org.opennms.netmgt.dao.jaxb.DefaultTrapdConfigDao"/>
-	<bean id="trapdRestApi" class="org.opennms.web.rest.v2.TrapdRestService"/>
+	<bean id="trapdRestService" class="org.opennms.web.rest.v2.TrapdRestService"/>
 
 	<bean name="collectd-configuration.xml" class="org.opennms.core.config.impl.JaxbResourceConfiguration">
 		<constructor-arg value="org.opennms.netmgt.config.collectd.CollectdConfiguration" />

From dbfa3e4c5f2b1e901464a975007bcc913160a3ee Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 17 Mar 2026 21:38:25 +0500
Subject: [PATCH 04/41] new rest endpoints or snmp v3 users

---
 .../opennms/web/rest/v2/TrapdRestService.java | 189 ++++++
 .../opennms/web/rest/v2/api/TrapdRestApi.java |  52 +-
 .../web/rest/v2/model/Snmpv3UserDto.java      | 106 ++++
 .../web/rest/v2/model/TrapdConfigDto.java     |  30 +
 .../web/rest/v2/TrapdRestServiceIT.java       | 558 ++++++++++++++++++
 5 files changed, 934 insertions(+), 1 deletion(-)
 create mode 100644 opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index bccf6523841e..5c2262c66b08 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -22,6 +22,9 @@
 package org.opennms.web.rest.v2;
 
 import java.io.InputStream;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
@@ -30,9 +33,11 @@
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.opennms.core.xml.JaxbUtils;
 import org.opennms.features.config.exception.ValidationException;
+import org.opennms.netmgt.config.trapd.Snmpv3User;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.web.rest.v2.api.TrapdRestApi;
+import org.opennms.web.rest.v2.model.Snmpv3UserDto;
 import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -43,6 +48,8 @@
 public class TrapdRestService implements TrapdRestApi {
 
     private static final Logger LOG = LoggerFactory.getLogger(TrapdRestService.class);
+    private static final Set<String> AUTH_PROTOCOLS = new HashSet<>(Arrays.asList("MD5", "SHA", "SHA-224", "SHA-256", "SHA-512"));
+    private static final Set<String> PRIVACY_PROTOCOLS = new HashSet<>(Arrays.asList("DES", "AES", "AES192", "AES256"));
 
     @Autowired
     private TrapdConfigDao m_trapdConfigDao;
@@ -113,6 +120,128 @@ public Response updateTrapdConfiguration(TrapdConfigDto config, SecurityContext
         }
     }
 
+    @Override
+    public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContext) {
+        if (user == null) {
+            return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
+        }
+
+        final Snmpv3User snmpv3User;
+        try {
+            snmpv3User = toSnmpv3User(user);
+        } catch (Exception e) {
+            LOG.warn("Failed to map SNMPv3 user payload.", e);
+            return Response.status(Status.BAD_REQUEST).entity("Invalid SNMPv3 user payload.").build();
+        }
+
+        try {
+            TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            if (config == null) {
+                config = new TrapdConfiguration();
+            }
+
+            final String validationMessage = validateSnmpv3UserPayload(user);
+            if (validationMessage != null) {
+                return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
+            }
+
+            // Ensure required attributes are present when persisting a newly-created config.
+            if (!config.hasSnmpTrapPort()) {
+                config.setSnmpTrapPort(162);
+            }
+            if (!config.hasNewSuspectOnTrap()) {
+                config.setNewSuspectOnTrap(false);
+            }
+
+            config.addSnmpv3User(snmpv3User);
+            m_trapdConfigDao.updateConfig(config);
+            return Response.ok(new Snmpv3UserDto().toDto(snmpv3User)).build();
+        } catch (ValidationException e) {
+            LOG.warn("Provided SNMPv3 user failed schema validation.", e);
+            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
+        } catch (Exception e) {
+            LOG.error("Failed to persist provided SNMPv3 user.", e);
+            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to persist trapd user.").build();
+        }
+    }
+
+    @Override
+    public Response updateTrapdUser(Integer index, Snmpv3UserDto user, SecurityContext securityContext) {
+        if (index == null || index < 0) {
+            return Response.status(Status.BAD_REQUEST).entity("Valid user index is required.").build();
+        }
+
+        if (user == null) {
+            return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
+        }
+
+        final Snmpv3User snmpv3User;
+        try {
+            snmpv3User = toSnmpv3User(user);
+        } catch (Exception e) {
+            LOG.warn("Failed to map SNMPv3 user payload.", e);
+            return Response.status(Status.BAD_REQUEST).entity("Invalid SNMPv3 user payload.").build();
+        }
+
+        try {
+            final TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            if (config == null) {
+                return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
+            }
+
+            if (index >= config.getSnmpv3UserCount()) {
+                return Response.status(Status.BAD_REQUEST)
+                        .entity("Index " + index + " is out of range. There are " + config.getSnmpv3UserCount() + " user(s) configured.")
+                        .build();
+            }
+
+            final String validationMessage = validateSnmpv3UserPayload(user);
+            if (validationMessage != null) {
+                return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
+            }
+
+            config.setSnmpv3User(index, snmpv3User);
+            m_trapdConfigDao.updateConfig(config);
+            return Response.ok(new Snmpv3UserDto().toDto(snmpv3User)).build();
+        } catch (ValidationException e) {
+            LOG.warn("Updating SNMPv3 user failed schema validation.", e);
+            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
+        } catch (Exception e) {
+            LOG.error("Failed to update SNMPv3 user at index {}.", index, e);
+            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to update trapd user.").build();
+        }
+    }
+
+    @Override
+    public Response deleteTrapdUser(Integer index, SecurityContext securityContext) {
+        if (index == null || index < 0) {
+            return Response.status(Status.BAD_REQUEST).entity("Valid user index is required.").build();
+        }
+
+        try {
+            final TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            if (config == null) {
+                return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
+            }
+
+            if (index >= config.getSnmpv3UserCount()) {
+                return Response.status(Status.BAD_REQUEST)
+                        .entity("Index " + index + " is out of range. There are " + config.getSnmpv3UserCount() + " user(s) configured.")
+                        .build();
+            }
+
+            final Snmpv3User removed = config.removeSnmpv3UserAt(index);
+            m_trapdConfigDao.updateConfig(config);
+            return Response.ok(new Snmpv3UserDto().toDto(removed)).build();
+        } catch (ValidationException e) {
+            LOG.warn("Removing SNMPv3 user failed schema validation.", e);
+            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
+        } catch (Exception e) {
+            LOG.error("Failed to delete SNMPv3 user at index {}.", index, e);
+            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to delete trapd user.").build();
+        }
+    }
+
     private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigDto payload) {
         TrapdConfiguration config = m_trapdConfigDao.getConfig();
         if (config == null) {
@@ -149,4 +278,64 @@ private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigDto payload)
         return config;
     }
 
+    private Snmpv3User toSnmpv3User(final Snmpv3UserDto userDto) {
+        final Snmpv3User user = new Snmpv3User();
+        user.setEngineId(userDto.getEngineId());
+        user.setSecurityName(userDto.getSecurityName());
+        user.setSecurityLevel(userDto.getSecurityLevel());
+        user.setAuthProtocol(userDto.getAuthProtocol());
+        user.setAuthPassphrase(userDto.getAuthPassphrase());
+        user.setPrivacyProtocol(userDto.getPrivacyProtocol());
+        user.setPrivacyPassphrase(userDto.getPrivacyPassphrase());
+        return user;
+    }
+
+    private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
+        if (isBlank(user.getSecurityName())) {
+            return "securityName is required.";
+        }
+
+        final Integer securityLevel = user.getSecurityLevel();
+        if (securityLevel != null && (securityLevel < 1 || securityLevel > 3)) {
+            return "securityLevel must be between 1 and 3.";
+        }
+
+        if (!isBlank(user.getAuthProtocol()) && !AUTH_PROTOCOLS.contains(user.getAuthProtocol())) {
+            return "Unsupported authProtocol.";
+        }
+        if (!isBlank(user.getPrivacyProtocol()) && !PRIVACY_PROTOCOLS.contains(user.getPrivacyProtocol())) {
+            return "Unsupported privacyProtocol.";
+        }
+
+        final boolean hasAuthProtocol = !isBlank(user.getAuthProtocol());
+        final boolean hasAuthPassphrase = !isBlank(user.getAuthPassphrase());
+        final boolean hasPrivacyProtocol = !isBlank(user.getPrivacyProtocol());
+        final boolean hasPrivacyPassphrase = !isBlank(user.getPrivacyPassphrase());
+
+        if (hasAuthProtocol != hasAuthPassphrase) {
+            return "authProtocol and authPassphrase must be provided together.";
+        }
+        if (hasPrivacyProtocol != hasPrivacyPassphrase) {
+            return "privacyProtocol and privacyPassphrase must be provided together.";
+        }
+
+        if (securityLevel != null) {
+            if (securityLevel == 1 && (hasAuthProtocol || hasPrivacyProtocol)) {
+                return "securityLevel 1 does not allow auth or privacy credentials.";
+            }
+            if (securityLevel == 2 && (!hasAuthProtocol || hasPrivacyProtocol)) {
+                return "securityLevel 2 requires auth credentials and does not allow privacy credentials.";
+            }
+            if (securityLevel == 3 && (!hasAuthProtocol || !hasPrivacyProtocol)) {
+                return "securityLevel 3 requires both auth and privacy credentials.";
+            }
+        }
+
+        return null;
+    }
+
+    private boolean isBlank(final String value) {
+        return value == null || value.trim().isEmpty();
+    }
+
 }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index 00f2c09bc8e4..420c254f0ce6 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -26,6 +26,7 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.QueryParam;
 
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.apache.cxf.jaxrs.ext.multipart.Multipart;
@@ -34,6 +35,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import org.opennms.web.rest.v2.model.Snmpv3UserDto;
 import org.opennms.web.rest.v2.model.TrapdConfigDto;
 
 @Path("trapd")
@@ -71,7 +73,7 @@ public interface TrapdRestApi {
     })
     Response getTrapdConfiguration(@Context SecurityContext securityContext);
     
-    @POST
+    @PUT
     @Path("update-config")
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
@@ -86,5 +88,53 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "500", description = "Failed to update trapd configuration")
     })
     Response updateTrapdConfiguration(TrapdConfigDto payload, @Context SecurityContext securityContext);
+
+    @POST
+    @Path("save-user")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(
+            summary = "Save SNMPv3 user",
+            description = "Save SNMPv3 user configuration with provided JSON payload.",
+            operationId = "saveTrapdUser"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "User saved successfully"),
+            @ApiResponse(responseCode = "400", description = "Invalid user payload"),
+            @ApiResponse(responseCode = "500", description = "Failed to save user")
+    })
+    Response saveTrapdUser(Snmpv3UserDto user, @Context SecurityContext securityContext);
+
+    @PUT
+    @Path("update-user")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(
+            summary = "Update SNMPv3 user",
+            description = "Update SNMPv3 user configuration with provided JSON payload.",
+            operationId = "updateTrapdUser"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "User updated successfully"),
+            @ApiResponse(responseCode = "400", description = "Invalid user payload"),
+            @ApiResponse(responseCode = "500", description = "Failed to update user")
+    })
+    Response updateTrapdUser(@QueryParam("index") Integer index, Snmpv3UserDto user, @Context SecurityContext securityContext);
+
+    @DELETE
+    @Path("delete-user")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(
+            summary = "Delete SNMPv3 user",
+            description = "Delete SNMPv3 user configuration with provided index.",
+            operationId = "deleteTrapdUser"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "User deleted successfully"),
+            @ApiResponse(responseCode = "400", description = "Invalid user index"),
+            @ApiResponse(responseCode = "500", description = "Failed to delete user")
+    })
+    Response deleteTrapdUser(@QueryParam("index") Integer index, @Context SecurityContext securityContext);
 }
 
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
new file mode 100644
index 000000000000..5dc6fbd968ad
--- /dev/null
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
@@ -0,0 +1,106 @@
+/*
+ * Licensed to The OpenNMS Group, Inc (TOG) under one or more
+ * contributor license agreements.  See the LICENSE.md file
+ * distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * TOG licenses this file to You under the GNU Affero General
+ * Public License Version 3 (the "License") or (at your option)
+ * any later version.  You may not use this file except in
+ * compliance with the License.  You may obtain a copy of the
+ * License at:
+ *
+ *      https://www.gnu.org/licenses/agpl-3.0.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied.  See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.opennms.web.rest.v2.model;
+
+import org.opennms.netmgt.config.trapd.Snmpv3User;
+
+public class Snmpv3UserDto {
+    private String engineId;
+    private String securityName;
+    private Integer securityLevel;
+    private String authProtocol;
+    private String authPassphrase;
+    private String privacyProtocol;
+    private String privacyPassphrase;
+
+
+    public String getEngineId() {
+        return engineId;
+    }
+
+    public void setEngineId(String engineId) {
+        this.engineId = engineId;
+    }
+
+    public String getSecurityName() {
+        return securityName;
+    }
+
+    public void setSecurityName(String securityName) {
+        this.securityName = securityName;
+    }
+
+    public Integer getSecurityLevel() {
+        return securityLevel;
+    }
+
+    public void setSecurityLevel(Integer securityLevel) {
+        this.securityLevel = securityLevel;
+    }
+
+    public String getAuthProtocol() {
+        return authProtocol;
+    }
+
+    public void setAuthProtocol(String authProtocol) {
+        this.authProtocol = authProtocol;
+    }
+
+    public String getAuthPassphrase() {
+        return authPassphrase;
+    }
+
+    public void setAuthPassphrase(String authPassphrase) {
+        this.authPassphrase = authPassphrase;
+    }
+
+    public String getPrivacyProtocol() {
+        return privacyProtocol;
+    }
+
+    public void setPrivacyProtocol(String privacyProtocol) {
+        this.privacyProtocol = privacyProtocol;
+    }
+
+    public String getPrivacyPassphrase() {
+        return privacyPassphrase;
+    }
+
+    public void setPrivacyPassphrase(String privacyPassphrase) {
+        this.privacyPassphrase = privacyPassphrase;
+    }
+
+    public Snmpv3UserDto toDto(Snmpv3User user) {
+        if (user == null) {
+            return null;
+        }
+        Snmpv3UserDto dto = new Snmpv3UserDto();
+        dto.setEngineId(user.getEngineId());
+        dto.setSecurityName(user.getSecurityName());
+        dto.setSecurityLevel(user.getSecurityLevel());
+        dto.setAuthProtocol(user.getAuthProtocol());
+        dto.setAuthPassphrase(user.getAuthPassphrase());
+        dto.setPrivacyProtocol(user.getPrivacyProtocol());
+        dto.setPrivacyPassphrase(user.getPrivacyPassphrase());
+        return dto;
+    }
+}
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
index afaacc8163db..3f8f432861fd 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
@@ -1,7 +1,31 @@
+/*
+ * Licensed to The OpenNMS Group, Inc (TOG) under one or more
+ * contributor license agreements.  See the LICENSE.md file
+ * distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * TOG licenses this file to You under the GNU Affero General
+ * Public License Version 3 (the "License") or (at your option)
+ * any later version.  You may not use this file except in
+ * compliance with the License.  You may obtain a copy of the
+ * License at:
+ *
+ *      https://www.gnu.org/licenses/agpl-3.0.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied.  See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
 package org.opennms.web.rest.v2.model;
 
+import org.opennms.netmgt.config.trapd.Snmpv3User;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 
+import java.util.List;
+
 public class TrapdConfigDto {
     private String snmpTrapAddress;
     private Integer snmpTrapPort;
@@ -12,6 +36,7 @@ public class TrapdConfigDto {
     private Integer batchSize;
     private Integer batchInterval;
     private Boolean useAddressFromVarbind;
+    private List<Snmpv3User> snmpv3User;
 
     public String getSnmpTrapAddress() {
         return snmpTrapAddress;
@@ -85,6 +110,10 @@ public void setUseAddressFromVarbind(final Boolean useAddressFromVarbind) {
         this.useAddressFromVarbind = useAddressFromVarbind;
     }
 
+    public List<Snmpv3User> getSnmpv3User() { return snmpv3User; }
+
+    public void setSnmpv3User(List<Snmpv3User> snmpv3Users) { this.snmpv3User = snmpv3Users; }
+
     public TrapdConfigDto toDto(final TrapdConfiguration config) {
         TrapdConfigDto dto = new TrapdConfigDto();
         dto.setSnmpTrapAddress(config.getSnmpTrapAddress());
@@ -96,6 +125,7 @@ public TrapdConfigDto toDto(final TrapdConfiguration config) {
         dto.setBatchSize(config.getBatchSize());
         dto.setBatchInterval(config.getBatchInterval());
         dto.setUseAddressFromVarbind(config.shouldUseAddressFromVarbind());
+        dto.setSnmpv3User(List.of(config.getSnmpv3User()));
         return dto;
     }
 }
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 5fbafd00aff1..3855895f853e 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -24,6 +24,7 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -45,6 +46,8 @@
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.test.JUnitConfigurationEnvironment;
+import org.opennms.netmgt.config.trapd.Snmpv3User;
+import org.opennms.web.rest.v2.model.Snmpv3UserDto;
 import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
@@ -132,6 +135,37 @@ public void uploadShouldReturnBadRequestWhenValidationFails() {
         }
     }
 
+    @Test
+    public void uploadShouldReturnServerErrorWhenPersistenceFails() {
+        Attachment attachment = mock(Attachment.class);
+        when(attachment.getObject(InputStream.class)).thenReturn(
+                new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8))
+        );
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+
+        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
+            assertEquals("Failed to persist trapd configuration.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void getShouldReturnOkWithConfigWhenExists() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setSnmpTrapAddress("127.0.0.1");
+        config.setNewSuspectOnTrap(false);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = m_trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            assertTrue(response.getEntity() instanceof TrapdConfigDto);
+            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
+            assertEquals(Integer.valueOf(162), dto.getSnmpTrapPort());
+            assertEquals("127.0.0.1", dto.getSnmpTrapAddress());
+        }
+    }
+
     @Test
     public void getShouldReturnNotFoundWhenNoConfigurationExists() {
         when(m_trapdConfigDao.getConfig()).thenReturn(null);
@@ -142,6 +176,530 @@ public void getShouldReturnNotFoundWhenNoConfigurationExists() {
         }
     }
 
+    @Test
+    public void saveUserShouldReturnBadRequestWhenPayloadMissing() {
+        try (Response response = m_trapdRestService.saveTrapdUser(null, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Missing SNMPv3 user in request body.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldPersistUserAndReturnDto() {
+        TrapdConfiguration existing = new TrapdConfiguration();
+        existing.setSnmpTrapPort(1162);
+        existing.setNewSuspectOnTrap(false);
+        when(m_trapdConfigDao.getConfig()).thenReturn(existing);
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setEngineId("8000000001020304");
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("priv-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
+            Snmpv3UserDto dto = (Snmpv3UserDto) response.getEntity();
+            assertEquals("opennms-user", dto.getSecurityName());
+            assertEquals(Integer.valueOf(3), dto.getSecurityLevel());
+            assertEquals("AES", dto.getPrivacyProtocol());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        TrapdConfiguration persisted = captor.getValue();
+        assertEquals(1, persisted.getSnmpv3UserCount());
+        assertEquals("opennms-user", persisted.getSnmpv3User(0).getSecurityName());
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenSecurityNameMissing() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityLevel(1);
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityName is required.", response.getEntity());
+        }
+
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenSecurityLevelThreeMissingPrivacy() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel 3 requires both auth and privacy credentials.", response.getEntity());
+        }
+
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldReturnBadRequestWhenValidationFails() {
+        TrapdConfiguration existing = new TrapdConfiguration();
+        existing.setSnmpTrapPort(1162);
+        existing.setNewSuspectOnTrap(false);
+        when(m_trapdConfigDao.getConfig()).thenReturn(existing);
+        whenValidationFailsOnUpdate("user validation failed");
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("user validation failed", response.getEntity());
+        }
+    }
+
+    @Test
+    public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
+            assertEquals("Failed to persist trapd user.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void saveUserShouldCreateNewConfigWhenNoneExists() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(1);
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        TrapdConfiguration persisted = captor.getValue();
+        assertEquals(1, persisted.getSnmpv3UserCount());
+        assertEquals(162, persisted.getSnmpTrapPort());
+    }
+
+    // --- validateSnmpv3UserPayload rule tests ---
+
+    @Test
+    public void saveUserShouldRejectWhenSecurityLevelOutOfRange() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(5);
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel must be between 1 and 3.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenAuthProtocolIsInvalid() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setAuthProtocol("MD2");
+        user.setAuthPassphrase("auth-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Unsupported authProtocol.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+        user.setPrivacyProtocol("3DES");
+        user.setPrivacyPassphrase("priv-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Unsupported privacyProtocol.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setAuthProtocol("SHA");
+        // no authPassphrase
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("authProtocol and authPassphrase must be provided together.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+        user.setPrivacyProtocol("AES");
+        // no privacyPassphrase
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("privacyProtocol and privacyPassphrase must be provided together.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenSecurityLevelOneHasAuthCredentials() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(1);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel 1 does not allow auth or privacy credentials.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenSecurityLevelTwoMissingAuthCredentials() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(2);
+        // no auth protocol/passphrase
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel 2 requires auth credentials and does not allow privacy credentials.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenSecurityLevelTwoHasPrivacyCredentials() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(2);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("priv-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel 2 requires auth credentials and does not allow privacy credentials.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void deleteUserShouldReturnBadRequestWhenIndexNull() {
+        try (Response response = m_trapdRestService.deleteTrapdUser(null, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Valid user index is required.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void deleteUserShouldReturnBadRequestWhenIndexNegative() {
+        try (Response response = m_trapdRestService.deleteTrapdUser(-1, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Valid user index is required.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void deleteUserShouldReturnNotFoundWhenNoConfig() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+
+        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
+            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
+            assertEquals("Trapd configuration not found.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void deleteUserShouldReturnBadRequestWhenIndexOutOfRange() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = m_trapdRestService.deleteTrapdUser(5, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("out of range"));
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void deleteUserShouldRemoveUserAndReturnDto() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("user-to-delete");
+        user.setSecurityLevel(1);
+        config.addSnmpv3User(user);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
+            Snmpv3UserDto dto = (Snmpv3UserDto) response.getEntity();
+            assertEquals("user-to-delete", dto.getSecurityName());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        assertEquals(0, captor.getValue().getSnmpv3UserCount());
+    }
+
+    @Test
+    public void deleteUserShouldReturnBadRequestWhenValidationFails() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("test-user");
+        config.addSnmpv3User(user);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        whenValidationFailsOnUpdate("delete validation error");
+
+        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("delete validation error", response.getEntity());
+        }
+    }
+
+    @Test
+    public void deleteUserShouldReturnServerErrorWhenPersistenceThrows() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("test-user");
+        config.addSnmpv3User(user);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+
+        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
+            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
+            assertEquals("Failed to delete trapd user.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void updateUserShouldReturnBadRequestWhenIndexNull() {
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(null, user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Valid user index is required.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateUserShouldReturnBadRequestWhenIndexNegative() {
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(-1, user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Valid user index is required.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateUserShouldReturnBadRequestWhenPayloadNull() {
+        try (Response response = m_trapdRestService.updateTrapdUser(0, null, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Missing SNMPv3 user in request body.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateUserShouldReturnNotFoundWhenNoConfig() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
+            assertEquals("Trapd configuration not found.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateUserShouldReturnBadRequestWhenIndexOutOfRange() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(5, user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("out of range"));
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User existing = new Snmpv3User();
+        existing.setSecurityName("existing-user");
+        config.addSnmpv3User(existing);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        // securityLevel 3 requires privacy — missing privacy intentionally
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel 3 requires both auth and privacy credentials.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateUserShouldReplaceUserAtIndexAndReturnDto() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User existing = new Snmpv3User();
+        existing.setSecurityName("old-user");
+        existing.setSecurityLevel(1);
+        config.addSnmpv3User(existing);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        Snmpv3UserDto updated = new Snmpv3UserDto();
+        updated.setSecurityName("new-user");
+        updated.setSecurityLevel(3);
+        updated.setAuthProtocol("SHA");
+        updated.setAuthPassphrase("auth-pass");
+        updated.setPrivacyProtocol("AES");
+        updated.setPrivacyPassphrase("priv-pass");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(0, updated, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
+            Snmpv3UserDto dto = (Snmpv3UserDto) response.getEntity();
+            assertEquals("new-user", dto.getSecurityName());
+            assertEquals(Integer.valueOf(3), dto.getSecurityLevel());
+            assertEquals("AES", dto.getPrivacyProtocol());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        assertEquals(1, captor.getValue().getSnmpv3UserCount());
+        assertEquals("new-user", captor.getValue().getSnmpv3User(0).getSecurityName());
+    }
+
+    @Test
+    public void updateUserShouldReturnBadRequestWhenSchemaValidationFails() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User existing = new Snmpv3User();
+        existing.setSecurityName("existing-user");
+        config.addSnmpv3User(existing);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        whenValidationFailsOnUpdate("schema update error");
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("schema update error", response.getEntity());
+        }
+    }
+
+    @Test
+    public void updateUserShouldReturnServerErrorWhenPersistenceThrows() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User existing = new Snmpv3User();
+        existing.setSecurityName("existing-user");
+        config.addSnmpv3User(existing);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
+            assertEquals("Failed to update trapd user.", response.getEntity());
+        }
+    }
+
     @Test
     public void updateShouldReturnBadRequestWhenPayloadMissing() {
         try (Response response = m_trapdRestService.updateTrapdConfiguration(null, null)) {

From dbab24dc700b0dfab646689fd785d808c51d4441 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 17 Mar 2026 23:15:14 +0500
Subject: [PATCH 05/41] mappers fixes

---
 .../netmgt/dao/jaxb/DefaultTrapdConfigDao.java       |  6 ++++++
 .../org/opennms/web/rest/v2/TrapdRestService.java    | 12 ++++++------
 .../org/opennms/web/rest/v2/model/Snmpv3UserDto.java |  2 +-
 .../opennms/web/rest/v2/model/TrapdConfigDto.java    | 11 ++++++-----
 4 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
index 9c49af73da65..a9ae43205383 100644
--- a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
+++ b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
@@ -23,6 +23,7 @@
 
 import org.opennms.features.config.service.api.ConfigUpdateInfo;
 import org.opennms.features.config.service.impl.AbstractCmJaxbConfigDao;
+import org.opennms.features.config.service.util.ConfigConvertUtil;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.netmgt.dao.jaxb.callback.ConfigurationReloadEventCallback;
@@ -51,6 +52,11 @@ public TrapdConfiguration getConfig() {
         return this.getConfig(this.getDefaultConfigId());
     }
 
+    @Override
+    public void updateConfig(final TrapdConfiguration config) {
+        this.updateConfig(this.getDefaultConfigId(), ConfigConvertUtil.objectToJson(config), true);
+    }
+
     @Override
     public Consumer<ConfigUpdateInfo> getUpdateCallback(){
         return new ConfigurationReloadEventCallback(eventForwarder, this);
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 5c2262c66b08..33929bbe6f4c 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -70,7 +70,7 @@ public Response uploadTrapdConfiguration(final Attachment attachment, final Secu
 
         try {
             m_trapdConfigDao.updateConfig(config);
-            return Response.ok(new TrapdConfigDto().toDto(config)).build();
+            return Response.ok(TrapdConfigDto.toDto(config)).build();
         } catch (ValidationException e) {
             LOG.warn("Uploaded trapd configuration failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -87,7 +87,7 @@ public Response getTrapdConfiguration(final SecurityContext securityContext) {
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
-            return Response.ok(new TrapdConfigDto().toDto(config)).build();
+            return Response.ok(TrapdConfigDto.toDto(config)).build();
         } catch (Exception e) {
             LOG.error("Failed to retrieve trapd configuration.", e);
             return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to retrieve trapd configuration.").build();
@@ -110,7 +110,7 @@ public Response updateTrapdConfiguration(TrapdConfigDto config, SecurityContext
 
         try {
             m_trapdConfigDao.updateConfig(updatedConfig);
-            return Response.ok(new TrapdConfigDto().toDto(m_trapdConfigDao.getConfig())).build();
+            return Response.ok(TrapdConfigDto.toDto(m_trapdConfigDao.getConfig())).build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -155,7 +155,7 @@ public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContex
 
             config.addSnmpv3User(snmpv3User);
             m_trapdConfigDao.updateConfig(config);
-            return Response.ok(new Snmpv3UserDto().toDto(snmpv3User)).build();
+            return Response.ok(Snmpv3UserDto.toDto(snmpv3User)).build();
         } catch (ValidationException e) {
             LOG.warn("Provided SNMPv3 user failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -202,7 +202,7 @@ public Response updateTrapdUser(Integer index, Snmpv3UserDto user, SecurityConte
 
             config.setSnmpv3User(index, snmpv3User);
             m_trapdConfigDao.updateConfig(config);
-            return Response.ok(new Snmpv3UserDto().toDto(snmpv3User)).build();
+            return Response.ok(Snmpv3UserDto.toDto(snmpv3User)).build();
         } catch (ValidationException e) {
             LOG.warn("Updating SNMPv3 user failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -232,7 +232,7 @@ public Response deleteTrapdUser(Integer index, SecurityContext securityContext)
 
             final Snmpv3User removed = config.removeSnmpv3UserAt(index);
             m_trapdConfigDao.updateConfig(config);
-            return Response.ok(new Snmpv3UserDto().toDto(removed)).build();
+            return Response.ok(Snmpv3UserDto.toDto(removed)).build();
         } catch (ValidationException e) {
             LOG.warn("Removing SNMPv3 user failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
index 5dc6fbd968ad..7470e5b21baa 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
@@ -89,7 +89,7 @@ public void setPrivacyPassphrase(String privacyPassphrase) {
         this.privacyPassphrase = privacyPassphrase;
     }
 
-    public Snmpv3UserDto toDto(Snmpv3User user) {
+    public static Snmpv3UserDto toDto(Snmpv3User user) {
         if (user == null) {
             return null;
         }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
index 3f8f432861fd..e1ebbe990925 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
@@ -24,6 +24,7 @@
 import org.opennms.netmgt.config.trapd.Snmpv3User;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 
+import java.util.Arrays;
 import java.util.List;
 
 public class TrapdConfigDto {
@@ -36,7 +37,7 @@ public class TrapdConfigDto {
     private Integer batchSize;
     private Integer batchInterval;
     private Boolean useAddressFromVarbind;
-    private List<Snmpv3User> snmpv3User;
+    private List<Snmpv3UserDto> snmpv3User;
 
     public String getSnmpTrapAddress() {
         return snmpTrapAddress;
@@ -110,11 +111,11 @@ public void setUseAddressFromVarbind(final Boolean useAddressFromVarbind) {
         this.useAddressFromVarbind = useAddressFromVarbind;
     }
 
-    public List<Snmpv3User> getSnmpv3User() { return snmpv3User; }
+    public List<Snmpv3UserDto> getSnmpv3User() { return snmpv3User; }
 
-    public void setSnmpv3User(List<Snmpv3User> snmpv3Users) { this.snmpv3User = snmpv3Users; }
+    public void setSnmpv3User(List<Snmpv3UserDto> snmpv3Users) { this.snmpv3User = snmpv3Users; }
 
-    public TrapdConfigDto toDto(final TrapdConfiguration config) {
+    public static TrapdConfigDto toDto(final TrapdConfiguration config) {
         TrapdConfigDto dto = new TrapdConfigDto();
         dto.setSnmpTrapAddress(config.getSnmpTrapAddress());
         dto.setSnmpTrapPort(config.getSnmpTrapPort());
@@ -125,7 +126,7 @@ public TrapdConfigDto toDto(final TrapdConfiguration config) {
         dto.setBatchSize(config.getBatchSize());
         dto.setBatchInterval(config.getBatchInterval());
         dto.setUseAddressFromVarbind(config.shouldUseAddressFromVarbind());
-        dto.setSnmpv3User(List.of(config.getSnmpv3User()));
+        dto.setSnmpv3User(Arrays.stream(config.getSnmpv3User()).map(Snmpv3UserDto::toDto).toList());
         return dto;
     }
 }

From 7b025cee3c9f6a779fd3d96d1d91bc50960a3bef Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Wed, 18 Mar 2026 21:34:41 +0500
Subject: [PATCH 06/41] field use address from varbind fix

---
 .../config/service/config/FakeXsdForTest.java | 14 +++---
 .../config/trapd/TrapdConfiguration.java      | 14 +++---
 .../netmgt/config/TrapdConfigFactory.java     |  1 +
 .../web/rest/v2/model/TrapdConfigDto.java     |  9 ++--
 .../web/rest/v2/TrapdRestServiceIT.java       | 49 +++++++++++++++++++
 5 files changed, 70 insertions(+), 17 deletions(-)

diff --git a/features/config/test/src/test/java/org/opennms/features/config/service/config/FakeXsdForTest.java b/features/config/test/src/test/java/org/opennms/features/config/service/config/FakeXsdForTest.java
index 32446e1020ac..cb0abdd32b28 100644
--- a/features/config/test/src/test/java/org/opennms/features/config/service/config/FakeXsdForTest.java
+++ b/features/config/test/src/test/java/org/opennms/features/config/service/config/FakeXsdForTest.java
@@ -46,7 +46,7 @@
 public class FakeXsdForTest implements Serializable {
     private static final long serialVersionUID = 2;
 
-    public static final boolean DEFAULT_USE_ADDESS_FROM_VARBIND = false;
+    public static final boolean DEFAULT_USE_ADDRESS_FROM_VARBIND = false;
 
     /**
      * The IP address on which trapd listens for connections.
@@ -127,7 +127,7 @@ public class FakeXsdForTest implements Serializable {
      * SNMPv2 traps.
      */
     @XmlAttribute(name = "use-address-from-varbind", required = false)
-    private Boolean _useAddessFromVarbind;
+    private Boolean _useAddressFromVarbind;
 
     public FakeXsdForTest() {
         super();
@@ -198,7 +198,7 @@ public java.util.Enumeration<Snmpv3User> enumerateSnmpv3User(
 
     public int hashCode() {
         return Objects.hash(_snmpTrapAddress, _snmpTrapPort, _has_snmpTrapPort, _newSuspectOnTrap, _snmpv3UserList,
-                _includeRawMessage, _threads, _queueSize, _batchSize, _batchInterval, _useAddessFromVarbind);
+                _includeRawMessage, _threads, _queueSize, _batchSize, _batchInterval, _useAddressFromVarbind);
     }
 
     @Override()
@@ -218,7 +218,7 @@ public boolean equals(final java.lang.Object obj) {
                     && Objects.equals(_queueSize, other._queueSize)
                     && Objects.equals(_batchSize, other._batchSize)
                     && Objects.equals(_batchInterval, other._batchInterval)
-                    && Objects.equals(_useAddessFromVarbind, other._useAddessFromVarbind);
+                    && Objects.equals(_useAddressFromVarbind, other._useAddressFromVarbind);
             return equals;
         }
         return false;
@@ -355,11 +355,11 @@ public boolean isNewSuspectOnTrap(
     }
 
     public boolean shouldUseAddressFromVarbind() {
-        return _useAddessFromVarbind != null ? _useAddessFromVarbind : DEFAULT_USE_ADDESS_FROM_VARBIND;
+        return _useAddressFromVarbind != null ? _useAddressFromVarbind : DEFAULT_USE_ADDRESS_FROM_VARBIND;
     }
 
-    public void setUseAddressFromVarbind(Boolean useAddessFromVarbind) {
-        _useAddessFromVarbind = useAddessFromVarbind;
+    public void setUseAddressFromVarbind(Boolean useAddressFromVarbind) {
+        _useAddressFromVarbind = useAddressFromVarbind;
     }
 
     /**
diff --git a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
index 4e9f8e86ffc3..6d600a9c8be1 100644
--- a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
+++ b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
@@ -49,7 +49,7 @@
 public class TrapdConfiguration implements  Serializable {
 	private static final long serialVersionUID = 2;
 
-	public static final boolean DEFAULT_USE_ADDESS_FROM_VARBIND = false;
+	public static final boolean DEFAULT_USE_ADDRESS_FROM_VARBIND = false;
 
 	/**
      * The IP address on which trapd listens for connections.
@@ -132,7 +132,7 @@ public class TrapdConfiguration implements  Serializable {
      * SNMPv2 traps.
 	 */
 	@XmlAttribute(name="use-address-from-varbind", required=false)
-    private Boolean useAddessFromVarbind;
+    private Boolean useAddressFromVarbind;
 
     public TrapdConfiguration() {
         super();
@@ -205,7 +205,7 @@ public java.util.Enumeration<Snmpv3User> enumerateSnmpv3User(
 
     public int hashCode() {
         return Objects.hash(snmpTrapAddress, snmpTrapPort, hasSnmpTrapPort, newSuspectOnTrap, snmpv3User,
-                includeRawMessage, threads, queueSize, batchSize, batchInterval, useAddessFromVarbind);
+                includeRawMessage, threads, queueSize, batchSize, batchInterval, useAddressFromVarbind);
     }
 
     @Override()
@@ -225,7 +225,7 @@ public boolean equals(final java.lang.Object obj) {
                     && Objects.equals(queueSize, other.queueSize)
                     && Objects.equals(batchSize, other.batchSize)
                     && Objects.equals(batchInterval, other.batchInterval)
-                    && Objects.equals(useAddessFromVarbind, other.useAddessFromVarbind);
+                    && Objects.equals(useAddressFromVarbind, other.useAddressFromVarbind);
             return equals;
         }
         return false;
@@ -363,11 +363,11 @@ public boolean isNewSuspectOnTrap(
     }
 
     public boolean shouldUseAddressFromVarbind() {
-        return useAddessFromVarbind != null ? useAddessFromVarbind : DEFAULT_USE_ADDESS_FROM_VARBIND;
+        return useAddressFromVarbind != null ? useAddressFromVarbind : DEFAULT_USE_ADDRESS_FROM_VARBIND;
     }
 
-    public void setUseAddressFromVarbind(Boolean useAddessFromVarbind) {
-        this.useAddessFromVarbind = useAddessFromVarbind;
+    public void setUseAddressFromVarbind(Boolean useAddressFromVarbind) {
+        this.useAddressFromVarbind = useAddressFromVarbind;
     }
 
     /**
diff --git a/opennms-config/src/main/java/org/opennms/netmgt/config/TrapdConfigFactory.java b/opennms-config/src/main/java/org/opennms/netmgt/config/TrapdConfigFactory.java
index 4c28c363ee3c..b4adbc64b299 100644
--- a/opennms-config/src/main/java/org/opennms/netmgt/config/TrapdConfigFactory.java
+++ b/opennms-config/src/main/java/org/opennms/netmgt/config/TrapdConfigFactory.java
@@ -221,6 +221,7 @@ public void update(TrapdConfig config) {
         m_config.setSnmpTrapAddress(config.getSnmpTrapAddress());
         m_config.setSnmpTrapPort(config.getSnmpTrapPort());
         m_config.setNewSuspectOnTrap(config.getNewSuspectOnTrap());
+        m_config.setUseAddressFromVarbind(config.shouldUseAddressFromVarbind());
         m_config.setQueueSize(config.getQueueSize());
         m_config.setBatchSize(config.getBatchSize());
         m_config.setBatchInterval(config.getBatchIntervalMs());
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
index e1ebbe990925..7349f0ef682d 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
@@ -21,7 +21,6 @@
  */
 package org.opennms.web.rest.v2.model;
 
-import org.opennms.netmgt.config.trapd.Snmpv3User;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 
 import java.util.Arrays;
@@ -111,9 +110,13 @@ public void setUseAddressFromVarbind(final Boolean useAddressFromVarbind) {
         this.useAddressFromVarbind = useAddressFromVarbind;
     }
 
-    public List<Snmpv3UserDto> getSnmpv3User() { return snmpv3User; }
+    public List<Snmpv3UserDto> getSnmpv3User() {
+        return snmpv3User;
+    }
 
-    public void setSnmpv3User(List<Snmpv3UserDto> snmpv3Users) { this.snmpv3User = snmpv3Users; }
+    public void setSnmpv3User(List<Snmpv3UserDto> snmpv3Users) {
+        this.snmpv3User = snmpv3Users;
+    }
 
     public static TrapdConfigDto toDto(final TrapdConfiguration config) {
         TrapdConfigDto dto = new TrapdConfigDto();
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 3855895f853e..c0c11c0d1090 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -121,6 +121,25 @@ public void uploadShouldPersistValidXmlAndReturnDto() {
         assertEquals(10163, captor.getValue().getSnmpTrapPort());
     }
 
+    @Test
+    public void uploadShouldPersistUseAddressFromVarbindWhenProvidedInXml() {
+        Attachment attachment = mock(Attachment.class);
+        when(attachment.getObject(InputStream.class)).thenReturn(
+                new ByteArrayInputStream(validTrapdConfigXmlWithUseAddressFromVarbind().getBytes(StandardCharsets.UTF_8))
+        );
+
+        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            assertTrue(response.getEntity() instanceof TrapdConfigDto);
+            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
+            assertEquals(Boolean.TRUE, dto.getUseAddressFromVarbind());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        assertTrue(captor.getValue().shouldUseAddressFromVarbind());
+    }
+
     @Test
     public void uploadShouldReturnBadRequestWhenValidationFails() {
         Attachment attachment = mock(Attachment.class);
@@ -737,6 +756,29 @@ public void updateShouldMergePayloadAndPersist() {
         assertEquals(4, persisted.getThreads());
     }
 
+    @Test
+    public void updateShouldPersistUseAddressFromVarbindWhenProvided() {
+        TrapdConfiguration existing = new TrapdConfiguration();
+        existing.setSnmpTrapAddress("127.0.0.1");
+        existing.setSnmpTrapPort(1162);
+        existing.setNewSuspectOnTrap(false);
+        existing.setUseAddressFromVarbind(false);
+        when(m_trapdConfigDao.getConfig()).thenReturn(existing, existing);
+
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setUseAddressFromVarbind(Boolean.TRUE);
+
+        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
+            assertEquals(Boolean.TRUE, dto.getUseAddressFromVarbind());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        assertTrue(captor.getValue().shouldUseAddressFromVarbind());
+    }
+
     @Test
     public void updateShouldReturnBadRequestWhenValidationFails() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
@@ -781,5 +823,12 @@ private static String validTrapdConfigXml() {
                 + "include-raw-message=\"false\" threads=\"0\" queue-size=\"10000\" "
                 + "batch-size=\"1000\" batch-interval=\"500\"/>";
     }
+
+    private static String validTrapdConfigXmlWithUseAddressFromVarbind() {
+        return "<trapd-configuration xmlns=\"http://xmlns.opennms.org/xsd/config/trapd\" "
+                + "snmp-trap-address=\"*\" snmp-trap-port=\"10163\" new-suspect-on-trap=\"false\" "
+                + "include-raw-message=\"false\" threads=\"0\" queue-size=\"10000\" "
+                + "batch-size=\"1000\" batch-interval=\"500\" use-address-from-varbind=\"true\"/>";
+    }
 }
 

From 2dc702d0454ca29b0beffb327b1e63b7792947ee Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Wed, 18 Mar 2026 21:36:10 +0500
Subject: [PATCH 07/41] Trapd UI rest endpoint integration

---
 .../GeneralConfiguration.vue                  | 132 +++++++++++++++-
 ui/src/containers/TrapConfiguration.vue       |  56 ++++++-
 ui/src/services/index.ts                      |  14 ++
 ui/src/services/trapdConfigurationService.ts  | 145 ++++++++++++++++++
 ui/src/stores/trapConfigStore.ts              |   9 ++
 ui/src/types/trapConfig.d.ts                  |  34 ++++
 6 files changed, 386 insertions(+), 4 deletions(-)
 create mode 100644 ui/src/services/trapdConfigurationService.ts

diff --git a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
index f8870e0b533a..b4a496b9f08c 100644
--- a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
@@ -10,13 +10,17 @@
       <FeatherInput
         label="Port"
         placeholder="Enter port number"
+        v-model="port"
+        :error="trapConfigError.port"
         type="number"
         :hint="'Default: 162'"
       />
       <FeatherInput
         label="Bind Address"
         placeholder="Enter host name"
-        :hint="'0.0.0.0 for all, or specify IP address'"
+        v-model="bindAddress"
+        :error="trapConfigError.bindAddress"
+        :hint="'* for all, or specify IP address'"
       />
     </div>
     <div class="spacer"></div>
@@ -59,6 +63,8 @@
           <FeatherInput
             label="Threads"
             placeholder="Enter number of threads"
+            v-model="threads"
+            :error="trapConfigError.threads"
             type="number"
             :hint="'Default: 0'"
           />
@@ -67,6 +73,8 @@
           <FeatherInput
             label="Queue Size"
             placeholder="Enter queue size"
+            v-model="queueSize"
+            :error="trapConfigError.queueSize"
             type="number"
             :hint="'Default: 10000'"
           />
@@ -75,6 +83,8 @@
           <FeatherInput
             label="Batch Size"
             placeholder="Enter batch size"
+            v-model="batchSize"
+            :error="trapConfigError.batchSize"
             type="number"
             :hint="'Default: 1000'"
           />
@@ -83,6 +93,8 @@
           <FeatherInput
             label="Batch Interval"
             placeholder="Enter batch interval"
+            v-model="batchInterval"
+            :error="trapConfigError.batchInterval"
             type="number"
             :hint="'Default: 500'"
           />
@@ -97,6 +109,8 @@
       <FeatherButton
         primary
         data-test="save-button"
+        :disabled="isSaveDisabled || isSaving"
+        @click="updateConfig"
       >
         Update Changes
       </FeatherButton>
@@ -105,15 +119,30 @@
 </template>
 
 <script setup lang="ts">
+import useSnackbar from '@/composables/useSnackbar'
+import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
+import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { TrapdConfigurationError } from '@/types/trapConfig'
+import { FeatherButton } from '@featherds/button'
 import { FeatherExpansionPanel } from '@featherds/expansion'
 import { FeatherInput } from '@featherds/input'
 import { SwitchRender } from '@featherds/switch'
 import TableCard from '../Common/TableCard.vue'
-import { FeatherButton } from '@featherds/button'
 
 const status = ref(false)
+const port = ref<number>(162)
+const bindAddress = ref('*')
 const trapMessageStatus = ref(false)
 const trapSourceAddressStatus = ref(false)
+const threads = ref<number>(0)
+const queueSize = ref<number>(10000)
+const batchSize = ref<number>(1000)
+const batchInterval = ref<number>(500)
+const trapConfigError = ref<TrapdConfigurationError>({})
+const isSaveDisabled = ref(false)
+const isSaving = ref(false)
+const store = useTrapConfigStore()
+const { showSnackBar } = useSnackbar()
 
 const onChangeStatus = () => {
   status.value = !status.value
@@ -126,6 +155,105 @@ const onChangeTrapMessageStatus = () => {
 const onChangeTrapSourceAddressStatus = () => {
   trapSourceAddressStatus.value = !trapSourceAddressStatus.value
 }
+
+const validateInputs = (): TrapdConfigurationError => {
+  const trapConfigError: TrapdConfigurationError = {}
+  
+  if (port.value < 1 || port.value > 65535) {
+    trapConfigError.port = 'Port must be between 1 and 65535.'
+  }
+  
+  if (bindAddress.value === '') {
+    trapConfigError.bindAddress = 'Bind Address cannot be empty.'
+  } else if (bindAddress.value !== '*' && !isValidIP(bindAddress.value)) {
+    trapConfigError.bindAddress = 'Bind Address must be * or a valid IP address.'
+  }
+  
+  if (threads.value < 0) {
+    trapConfigError.threads = 'Threads cannot be negative.'
+  }
+  
+  if (queueSize.value < 0) {
+    trapConfigError.queueSize = 'Queue Size cannot be negative.'
+  }
+  
+  if (batchSize.value < 0) {
+    trapConfigError.batchSize = 'Batch Size cannot be negative.'
+  }
+  
+  if (batchInterval.value < 0) {
+    trapConfigError.batchInterval = 'Batch Interval cannot be negative.'
+  }
+  
+  return trapConfigError
+}
+
+// Add this helper function
+const isValidIP = (ip: string): boolean => {
+  const parts = ip.split('.')
+  if (parts.length !== 4) return false
+  return parts.every(part => {
+    const num = parseInt(part, 10)
+    return !isNaN(num) && num >= 0 && num <= 255
+  })
+}
+
+const updateConfig = async () => {
+  if (isSaveDisabled.value || isSaving.value) {
+    return
+  }
+
+  const newConfig = {
+    snmpTrapPort: port.value,
+    snmpTrapAddress: bindAddress.value,
+    newSuspectOnTrap: status.value,
+    useAddressFromVarbind: trapSourceAddressStatus.value,
+    includeRawMessage: trapMessageStatus.value,
+    threads: threads.value,
+    queueSize: queueSize.value,
+    batchSize: batchSize.value,
+    batchInterval: batchInterval.value
+  }
+
+  try {
+    isSaving.value = true
+
+    const response = await updateTrapdConfiguration(newConfig)
+    store.trapdConfig = response
+    store.SnmpV3Users = response.snmpv3User
+
+    showSnackBar({ msg: 'Trap configuration updated successfully.' })
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : 'Failed to update trap configuration.'
+    showSnackBar({ msg, error: true })
+  } finally {
+    isSaving.value = false
+  }
+}
+
+const loadInitialConfig = () => {
+  if (store.trapdConfig) {
+    port.value = store.trapdConfig.snmpTrapPort || 162
+    bindAddress.value = store.trapdConfig.snmpTrapAddress || '*'
+    status.value = store.trapdConfig.newSuspectOnTrap || false
+    trapSourceAddressStatus.value = store.trapdConfig.useAddressFromVarbind || false
+    trapMessageStatus.value = store.trapdConfig.includeRawMessage || false
+    threads.value = store.trapdConfig.threads || 0
+    queueSize.value = store.trapdConfig.queueSize || 10000
+    batchSize.value = store.trapdConfig.batchSize || 1000
+    batchInterval.value = store.trapdConfig.batchInterval || 500
+  }
+}
+
+watchEffect(() => {
+  trapConfigError.value = validateInputs()
+  isSaveDisabled.value = Object.keys(trapConfigError.value).length > 0
+})
+
+onMounted(() => {
+  loadInitialConfig()
+})
+
 </script>
 
 <style lang="scss" scoped>
diff --git a/ui/src/containers/TrapConfiguration.vue b/ui/src/containers/TrapConfiguration.vue
index 33324cc8cbec..a17ccf9796e7 100644
--- a/ui/src/containers/TrapConfiguration.vue
+++ b/ui/src/containers/TrapConfiguration.vue
@@ -9,6 +9,12 @@
       <div class="heading">
         <h1>TrapD Configuration</h1>
       </div>
+      <div class="action">
+        <input type="file" accept=".xml" single @change="handleConfigurationUpload" ref="fileInput" />
+        <FeatherButton secondary @click="openFileDialog">
+          Upload Configuration
+        </FeatherButton>
+      </div>
     </div>
     <div class="tab-container">
       <FeatherTabContainer v-model="store.activeTab">
@@ -17,7 +23,7 @@
           <FeatherTab>SNMPv3 User Management</FeatherTab>
         </template>
         <FeatherTabPanel>
-            <GeneralConfiguration />
+          <GeneralConfiguration />
         </FeatherTabPanel>
         <FeatherTabPanel>
           <SnmpV3UserManagement />
@@ -33,19 +39,60 @@ import BreadCrumbs from '@/components/Layout/BreadCrumbs.vue'
 import CreateSnmpV3User from '@/components/TrapConfiguration/CreateSnmpV3User.vue'
 import GeneralConfiguration from '@/components/TrapConfiguration/GeneralConfiguration.vue'
 import SnmpV3UserManagement from '@/components/TrapConfiguration/SnmpV3UserManagement.vue'
+import useSnackbar from '@/composables/useSnackbar'
+import { uploadTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useMenuStore } from '@/stores/menuStore'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { BreadCrumb } from '@/types'
+import { FeatherButton } from '@featherds/button'
 import { FeatherTab, FeatherTabContainer, FeatherTabPanel } from '@featherds/tabs'
 
 const menuStore = useMenuStore()
 const store = useTrapConfigStore()
+const fileInput = ref<HTMLInputElement | null>(null)
+const { showSnackBar } = useSnackbar()
 const homeUrl = computed<string>(() => menuStore.mainMenu?.homeUrl)
 
 const breadcrumbs = computed<BreadCrumb[]>(() => ([
   { label: 'Home', to: homeUrl.value, isAbsoluteLink: true },
   { label: 'Trap Configurations', to: '#', position: 'last' }
 ]))
+
+const openFileDialog = () => {
+  fileInput.value?.click()
+}
+
+const handleConfigurationUpload = async (event: Event) => {
+  const input = event.target as HTMLInputElement
+  if (!input.files || input.files.length === 0) return
+
+  const file = input.files[0]
+
+  // Reset input so the same file can be re-uploaded
+  if (fileInput.value) fileInput.value.value = ''
+
+  if (!file.name.endsWith('.xml')) {
+    showSnackBar({ msg: 'Only .xml files are supported.', error: true })
+    return
+  }
+
+  try {
+    const response = await uploadTrapdConfiguration(file)
+    if (response) {
+      await store.fetchTrapConfig()
+      showSnackBar({ msg: 'Trap configuration uploaded successfully.' })
+    } else {
+      showSnackBar({ msg: 'Upload failed: server returned no configuration.', error: true })
+    }
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : 'Failed to upload trap configuration.'
+    showSnackBar({ msg, error: true })
+  }
+}
+
+onMounted(() => {
+  store.fetchTrapConfig()
+})
 </script>
 
 <style lang="scss" scoped>
@@ -58,6 +105,12 @@ const breadcrumbs = computed<BreadCrumb[]>(() => ([
     align-items: center;
     margin-bottom: 20px;
     padding: 60px 40px 25px 40px;
+
+    .action {
+      input {
+        display: none;
+      }
+    }
   }
 
   .tab-container {
@@ -65,4 +118,3 @@ const breadcrumbs = computed<BreadCrumb[]>(() => ([
   }
 }
 </style>
-
diff --git a/ui/src/services/index.ts b/ui/src/services/index.ts
index c749b96573eb..4ff81dcc13ab 100644
--- a/ui/src/services/index.ts
+++ b/ui/src/services/index.ts
@@ -76,6 +76,14 @@ import {
   addZenithRegistration,
   getZenithRegistrations
 } from './zenithConnectService'
+import {
+  deleteTrapdUser,
+  getTrapdConfiguration,
+  saveTrapdUser,
+  updateTrapdConfiguration,
+  updateTrapdUser,
+  uploadTrapdConfiguration
+} from './trapdConfigurationService'
 
 export default {
   search,
@@ -135,5 +143,11 @@ export default {
   setUsageStatisticsStatus,
   addZenithRegistration,
   getZenithRegistrations,
+  uploadTrapdConfiguration,
+  getTrapdConfiguration,
+  updateTrapdConfiguration,
+  saveTrapdUser,
+  updateTrapdUser,
+  deleteTrapdUser,
   performLogout
 }
diff --git a/ui/src/services/trapdConfigurationService.ts b/ui/src/services/trapdConfigurationService.ts
new file mode 100644
index 000000000000..6f0340c7a40b
--- /dev/null
+++ b/ui/src/services/trapdConfigurationService.ts
@@ -0,0 +1,145 @@
+import axios from 'axios'
+
+import type { SnmpV3User, TrapConfig } from '@/types/trapConfig'
+
+import { v2 } from './axiosInstances'
+
+const endpoint = '/trapd'
+
+export type TrapdConfigurationUpdatePayload = Partial<Omit<TrapConfig, 'snmpv3User'>>
+
+const getTrapdServiceErrorMessage = (error: unknown, fallbackMessage: string): string => {
+  if (axios.isAxiosError(error)) {
+    const responseData = error.response?.data
+
+    if (typeof responseData === 'string' && responseData.trim().length > 0) {
+      return responseData
+    }
+
+    if (
+      responseData &&
+      typeof responseData === 'object' &&
+      'message' in responseData &&
+      typeof responseData.message === 'string' &&
+      responseData.message.trim().length > 0
+    ) {
+      return responseData.message
+    }
+
+    if (typeof error.message === 'string' && error.message.trim().length > 0) {
+      return error.message
+    }
+  }
+
+  if (error instanceof Error && error.message.trim().length > 0) {
+    return error.message
+  }
+
+  return fallbackMessage
+}
+
+const throwTrapdServiceError = (error: unknown, fallbackMessage: string): never => {
+  console.error(fallbackMessage, error)
+  throw new Error(getTrapdServiceErrorMessage(error, fallbackMessage))
+}
+
+export const uploadTrapdConfiguration = async (file: File): Promise<TrapConfig | null> => {
+  const formData = new FormData()
+  formData.append('upload', file)
+
+  try {
+    const response = await v2.post(`${endpoint}/upload`, formData)
+
+    if (response.status === 204) {
+      return null
+    }
+
+    if (response.status === 200) {
+      return response.data as TrapConfig
+    }
+
+    throw new Error(`Unexpected response status: ${response.status}`)
+  } catch (error) {
+    return throwTrapdServiceError(error, 'Failed to upload trapd configuration.')
+  }
+}
+
+export const getTrapdConfiguration = async (): Promise<TrapConfig> => {
+  try {
+    const response = await v2.get(`${endpoint}/get-config`)
+
+    if (response.status === 200) {
+      return response.data as TrapConfig
+    }
+
+    throw new Error(`Unexpected response status: ${response.status}`)
+  } catch (error) {
+    return throwTrapdServiceError(error, 'Failed to retrieve trapd configuration.')
+  }
+}
+
+export const updateTrapdConfiguration = async (
+  payload: TrapdConfigurationUpdatePayload
+): Promise<TrapConfig> => {
+  try {
+    const response = await v2.put(`${endpoint}/update-config`, payload)
+
+    if (response.status === 200) {
+      return response.data as TrapConfig
+    }
+
+    throw new Error(`Unexpected response status: ${response.status}`)
+  } catch (error) {
+    return throwTrapdServiceError(error, 'Failed to update trapd configuration.')
+  }
+}
+
+export const saveTrapdUser = async (user: SnmpV3User): Promise<SnmpV3User> => {
+  try {
+    const response = await v2.post(`${endpoint}/save-user`, user)
+
+    if (response.status === 200) {
+      return response.data as SnmpV3User
+    }
+
+    throw new Error(`Unexpected response status: ${response.status}`)
+  } catch (error) {
+    return throwTrapdServiceError(error, 'Failed to save trapd user.')
+  }
+}
+
+export const updateTrapdUser = async (index: number, user: SnmpV3User): Promise<SnmpV3User> => {
+  try {
+    const response = await v2.put(`${endpoint}/update-user`, user, {
+      params: {
+        index
+      }
+    })
+
+    if (response.status === 200) {
+      return response.data as SnmpV3User
+    }
+
+    throw new Error(`Unexpected response status: ${response.status}`)
+  } catch (error) {
+    return throwTrapdServiceError(error, 'Failed to update trapd user.')
+  }
+}
+
+export const deleteTrapdUser = async (index: number): Promise<SnmpV3User> => {
+  try {
+    const response = await v2.delete(`${endpoint}/delete-user`, {
+      params: {
+        index
+      }
+    })
+
+    if (response.status === 200) {
+      return response.data as SnmpV3User
+    }
+
+    throw new Error(`Unexpected response status: ${response.status}`)
+  } catch (error) {
+    return throwTrapdServiceError(error, 'Failed to delete trapd user.')
+  }
+}
\ No newline at end of file
diff --git a/ui/src/stores/trapConfigStore.ts b/ui/src/stores/trapConfigStore.ts
index b968e9cc68a4..eb54d3db63b0 100644
--- a/ui/src/stores/trapConfigStore.ts
+++ b/ui/src/stores/trapConfigStore.ts
@@ -1,3 +1,4 @@
+import { getTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { CreateEditMode } from '@/types'
 import { TrapConfigStoreState } from '@/types/trapConfig'
 import { defineStore } from 'pinia'
@@ -5,6 +6,8 @@ import { defineStore } from 'pinia'
 export const useTrapConfigStore = defineStore('useTrapConfigStore', {
   state: (): TrapConfigStoreState => ({
     isLoading: false,
+    trapdConfig: null,
+    SnmpV3Users: [],
     activeTab: 0,
     credentialDrawerState: {
       visible: false
@@ -15,6 +18,12 @@ export const useTrapConfigStore = defineStore('useTrapConfigStore', {
     }
   }),
   actions: {
+    async fetchTrapConfig() {
+      // Implementation for fetching trap configuration goes here
+      const response = await getTrapdConfiguration()
+      this.trapdConfig = response
+      this.SnmpV3Users = response.snmpv3User
+    },
     openCredentialDrawer() {
       this.credentialDrawerState.visible = true
     },
diff --git a/ui/src/types/trapConfig.d.ts b/ui/src/types/trapConfig.d.ts
index e09be1d468cb..6e4a1940676a 100644
--- a/ui/src/types/trapConfig.d.ts
+++ b/ui/src/types/trapConfig.d.ts
@@ -2,6 +2,8 @@ import { CreateEditMode } from '.'
 
 export interface TrapConfigStoreState {
   isLoading: boolean
+  trapdConfig: TrapConfig | null
+  SnmpV3Users: SnmpV3User[]
   activeTab: number
   credentialDrawerState: {
     visible: boolean
@@ -12,3 +14,35 @@ export interface TrapConfigStoreState {
   }
 }
 
+export interface TrapConfig {
+  snmpTrapAddress: string
+  snmpTrapPort: number
+  newSuspectOnTrap: boolean
+  includeRawMessage: boolean
+  threads: number
+  queueSize: number
+  batchSize: number
+  batchInterval: number
+  useAddressFromVarbind: boolean
+  snmpv3User: SnmpV3User[]
+}
+
+export interface SnmpV3User {
+  engineId: string | null
+  securityName: string
+  securityLevel: number
+  authProtocol: string | null
+  authPassphrase: string | null
+  privacyProtocol: string | null
+  privacyPassphrase: string | null
+}
+
+export interface TrapdConfigurationError {
+  port?: string
+  bindAddress?: string
+  threads?: string
+  queueSize?: string
+  batchSize?: string
+  batchInterval?: string
+  snmpv3User?: string
+}
\ No newline at end of file

From 0622433047dabd3d0f8b334eb89c20c95620c84c Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 19 Mar 2026 02:04:40 +0500
Subject: [PATCH 08/41] new changes

---
 .../TrapConfiguration/CreateSnmpV3User.vue    | 256 ++++++++++++++----
 .../Dialog/DeleteUserConfirmationDialog.vue   |  55 ++++
 .../{ => Drawer}/SearchExistingCredential.vue |   2 +-
 .../GeneralConfiguration.vue                  |  28 +-
 .../SnmpV3UserManagement.vue                  |  70 +++--
 .../components/TrapConfiguration/contants.ts  |  32 +++
 ui/src/mappers/trapdConfig.mapper.ts          |  52 ++++
 ui/src/services/trapdConfigurationService.ts  |  13 +-
 ui/src/stores/trapConfigStore.ts              |   7 +-
 ui/src/types/trapConfig.d.ts                  |  13 +-
 10 files changed, 436 insertions(+), 92 deletions(-)
 create mode 100644 ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
 rename ui/src/components/TrapConfiguration/{ => Drawer}/SearchExistingCredential.vue (98%)
 create mode 100644 ui/src/components/TrapConfiguration/contants.ts
 create mode 100644 ui/src/mappers/trapdConfig.mapper.ts

diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
index 9eddeda31578..7229ee89d3db 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
@@ -21,21 +21,19 @@
     <div class="content">
       <div class="username-version-row">
         <div class="left">
-          <FeatherSelect
-            label="Username"
-            :options="[
-            // { label: 'MD5', value: 'MD5' },
-            // { label: 'SHA', value: 'SHA' },
-          ]"
+          <FeatherInput
+            label="Secuirity Name"
+            data-test="security-name-input"
+            v-model="securityName"
+            :error="error.securityName"
           />
         </div>
         <div class="right">
-          <FeatherSelect
-            label="Version"
-            :options="[
-            // { label: 'DES', value: 'DES' },
-            // { label: 'AES', value: 'AES' },
-          ]"
+          <FeatherInput
+            label="Engine ID"
+            data-test="engine-id-input"
+            v-model="engineId"
+            :error="error.engineId"
           />
         </div>
       </div>
@@ -46,62 +44,68 @@
         <div class="left">
           <FeatherSelect
             label="Security Level"
-            :options="[
-            // { label: 'MD5', value: 'MD5' },
-            // { label: 'SHA', value: 'SHA' },
-          ]"
+            v-model="securityLevel"
+            :clear="'true'"
+            :options="SECURITY_LEVEL_OPTIONS"
+            :error="error.securityLevel"
           />
         </div>
         <div class="right"></div>
       </div>
-      <div class="row">
+      <div
+        class="row"
+        v-if="authProtocolVisible"
+      >
         <div class="left">
           <FeatherSelect
             label="Auth Protocol"
-            :options="[
-            // { label: 'MD5', value: 'MD5' },
-            // { label: 'SHA', value: 'SHA' },
-          ]"
+            v-model="authProtocol"
+            :clear="'true'"
+            :options="AUTH_PROTOCOLS_OPTIONS"
+            :error="error.authProtocol"
           />
         </div>
         <div class="right">
-          <FeatherSelect
+          <FeatherInput
             label="Auth Passphrase"
-            :options="[
-            // { label: 'DES', value: 'DES' },
-            // { label: 'AES', value: 'AES' },
-          ]"
+            type="password"
+            data-test="auth-passphrase-input"
+            v-model="authPassphrase"
+            :error="error.authPassphrase"
           />
           <FeatherButton
             icon="Save"
-            data-test="text-button"
+            data-test="auth-passphrase-save-button"
             @click="store.openCredentialDrawer"
           >
             <FeatherIcon :icon="Security"> </FeatherIcon>
           </FeatherButton>
         </div>
       </div>
-      <div class="row">
+      <div
+        class="row"
+        v-if="privacyProtocolVisible"
+      >
         <div class="left">
           <FeatherSelect
             label="Privacy Protocol"
-            :options="[
-            // { label: 'MD5', value: 'MD5' },
-            // { label: 'SHA', value: 'SHA' },
-          ]"
+            v-model="privacyProtocol"
+            :clear="'true'"
+            :options="PRIVACY_PROTOCOLS_OPTIONS"
+            :error="error.privacyProtocol"
           />
         </div>
         <div class="right">
-          <FeatherSelect
+          <FeatherInput
             label="Privacy Passphrase"
-            :options="[
-            // { label: 'DES', value: 'DES' },
-            // { label: 'AES', value: 'AES' },
-          ]"
+            type="password"
+            data-test="privacy-passphrase-input"
+            v-model="privacyPassphrase"
+            :error="error.privacyPassphrase"
           />
           <FeatherButton
             icon="Save"
-            data-test="text-button"
+            data-test="privacy-passphrase-save-button"
             @click="store.openCredentialDrawer"
           >
             <FeatherIcon :icon="Security"> </FeatherIcon>
@@ -112,17 +116,18 @@
     <div class="footer">
       <FeatherButton
         secondary
-        data-test="text-button"
+        data-test="cancel-button"
         @click="store.closeCreateUserDrawer"
       >
         Cancel
       </FeatherButton>
       <FeatherButton
         primary
-        data-test="text-button"
-        @click="createUser"
+        data-test="create-user-button"
+        @click="saveUser"
+        :disabled="isSaveDisabled || isSaving"
       >
-        Create New User
+        {{ store.createUserDrawerState.mode === CreateEditMode.Create ? 'Create User' : 'Update User' }}
       </FeatherButton>
     </div>
     <SearchExistingCredential />
@@ -130,21 +135,178 @@
 </template>
 
 <script setup lang="ts">
+import useSnackbar from '@/composables/useSnackbar'
+import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
+import { saveTrapdUser, updateTrapdUser } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { CreateEditMode } from '@/types'
+import { SnmpV3UserError } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherIcon } from '@featherds/icon'
 import Security from '@featherds/icon/hardware/Security'
 import ChevronLeft from '@featherds/icon/navigation/ChevronLeft'
-import { FeatherSelect } from '@featherds/select'
+import { FeatherInput } from '@featherds/input'
+import { FeatherSelect, ISelectItemType } from '@featherds/select'
 import TableCard from '../Common/TableCard.vue'
-import SearchExistingCredential from './SearchExistingCredential.vue'
+import { AUTH_PROTOCOLS_OPTIONS, PRIVACY_PROTOCOLS_OPTIONS, SECURITY_LEVEL_OPTIONS } from './contants'
+import SearchExistingCredential from './Drawer/SearchExistingCredential.vue'
 
 const store = useTrapConfigStore()
+const { showSnackBar } = useSnackbar()
+const createEmptySelectItem = (): ISelectItemType => (undefined as unknown as ISelectItemType)
+const securityName = ref<string>('')
+const engineId = ref<string>('')
+const securityLevel = ref<ISelectItemType>(createEmptySelectItem())
+const authProtocol = ref<ISelectItemType>(createEmptySelectItem())
+const privacyProtocol = ref<ISelectItemType>(createEmptySelectItem())
+const authPassphrase = ref<string>('')
+const privacyPassphrase = ref<string>('')
+const isSaveDisabled = ref<boolean>(true)
+const isSaving = ref<boolean>(false)
+const error = ref<SnmpV3UserError>({})
+
+const authProtocolVisible = computed(() => {
+  const selectedSecurityLevel = securityLevel.value?._value
+
+  return selectedSecurityLevel === 2 || selectedSecurityLevel === 3
+})
+
+const privacyProtocolVisible = computed(() => {
+  return securityLevel.value?._value === 3
+})
 
-const createUser = () => {
-  // Logic to create SNMPv3 user goes here
-  console.log('Creating SNMPv3 user...')  
+watch(securityLevel, (selectedSecurityLevel) => {
+  const levelValue = selectedSecurityLevel?._value
+
+  if (levelValue !== 2 && levelValue !== 3) {
+    authProtocol.value = createEmptySelectItem()
+    authPassphrase.value = ''
+  }
+
+  if (levelValue !== 3) {
+    authProtocol.value = createEmptySelectItem()
+    privacyProtocol.value = createEmptySelectItem()
+    authPassphrase.value = ''
+    privacyPassphrase.value = ''
+  }
+
+  error.value = validateInputs()
+  isSaveDisabled.value = Object.keys(error.value).length > 0
+})
+
+const saveUser = async () => {
+  const validationError = validateInputs()
+  if (Object.keys(validationError).length > 0) {
+    showSnackBar({ msg: 'Please fix validation errors before saving.', error: true })
+    return
+  }
+
+  if (isSaving.value) {
+    return
+  }
+
+  const payload = mapUserToServer({
+    securityName: securityName.value,
+    engineId: engineId.value,
+    securityLevel: Number(securityLevel.value?._value),
+    authProtocol: String(authProtocol.value?._value),
+    privacyProtocol: String(privacyProtocol.value?._value),
+    authPassphrase: authPassphrase.value,
+    privacyPassphrase: privacyPassphrase.value
+  })
+
+  try {
+    isSaving.value = true
+
+    let response
+    if (store.createUserDrawerState.mode === CreateEditMode.Create) {
+      response = await saveTrapdUser(payload)
+    } else if (store.createUserDrawerState.mode === CreateEditMode.Edit) {
+      response = await updateTrapdUser(store.createUserDrawerState.selectedUserIndex, payload)
+    }
+
+    if (response) {
+      await store.fetchTrapConfig()
+      store.closeCreateUserDrawer()
+      const successMsg = store.createUserDrawerState.mode === CreateEditMode.Create
+        ? 'SNMPv3 user created successfully.'
+        : 'SNMPv3 user updated successfully.'
+      showSnackBar({ msg: successMsg })
+    } else {
+      showSnackBar({ msg: 'Failed to save SNMPv3 user: Server returned no response.', error: true })
+    }
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : 'Failed to save SNMPv3 user.'
+    showSnackBar({ msg, error: true })
+  } finally {
+    isSaving.value = false
+  }
 }
+
+const validateInputs = () => {
+  const newError: SnmpV3UserError = {}
+
+  if (!securityName.value) {
+    newError.securityName = 'Security Name is required'
+  }
+
+  if (!securityLevel.value) {
+    newError.securityLevel = 'Security Level is required'
+  }
+
+  if (authProtocolVisible.value && !authProtocol.value) {
+    newError.authProtocol = 'Auth Protocol is required for selected security level'
+  }
+
+  if (privacyProtocolVisible.value && !privacyProtocol.value) {
+    newError.privacyProtocol = 'Privacy Protocol is required for selected security level'
+  }
+
+  if (authProtocolVisible.value && authProtocol.value && !authPassphrase.value) {
+    newError.authPassphrase = 'Auth Passphrase is required for selected auth protocol'
+  }
+
+  if (privacyProtocolVisible.value && privacyProtocol.value && !privacyPassphrase.value) {
+    newError.privacyPassphrase = 'Privacy Passphrase is required for selected privacy protocol'
+  }
+  return newError
+}
+
+const loadUserData = (drawerState: typeof store.createUserDrawerState) => {
+  if (drawerState.mode === CreateEditMode.Edit && drawerState.selectedUserIndex > -1) {
+    const selectedUser = store.SnmpV3Users ? store.SnmpV3Users[drawerState.selectedUserIndex] : null
+
+    if (selectedUser) {
+      securityLevel.value = SECURITY_LEVEL_OPTIONS.find(option => option._value === selectedUser.securityLevel) || createEmptySelectItem()
+      authProtocol.value = AUTH_PROTOCOLS_OPTIONS.find(option => option._value === selectedUser.authProtocol) || createEmptySelectItem()
+      privacyProtocol.value = PRIVACY_PROTOCOLS_OPTIONS.find(option => option._value === selectedUser.privacyProtocol) || createEmptySelectItem()
+      securityName.value = selectedUser.securityName
+      engineId.value = selectedUser.engineId || ''
+      authPassphrase.value = selectedUser.authPassphrase || ''
+      privacyPassphrase.value = selectedUser.privacyPassphrase || ''
+
+    }
+  } else {
+    securityLevel.value = createEmptySelectItem()
+    authProtocol.value = createEmptySelectItem()
+    privacyProtocol.value = createEmptySelectItem()
+    securityName.value = ''
+    engineId.value = ''
+    authPassphrase.value = ''
+    privacyPassphrase.value = ''
+  }
+}
+
+watchEffect(() => {
+  error.value = validateInputs()
+  isSaveDisabled.value = Object.keys(error.value).length > 0
+})
+
+watch(
+  () => store.createUserDrawerState, () => {
+    loadUserData(store.createUserDrawerState)
+  }, { deep: true, immediate: true }
+)
 </script>
 
 <style lang="scss" scoped>
diff --git a/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue b/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
new file mode 100644
index 000000000000..751e2eca02cf
--- /dev/null
+++ b/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
@@ -0,0 +1,55 @@
+<template>
+  <div class="delete-user-confirmation-dialog">
+    <FeatherDialog
+      v-model="isVisible"
+      :labels="label"
+      hide-close
+      @hidden="emit('close')"
+    >
+      <div>
+        <p>Are you sure you want to delete this SNMPv3 user?</p>
+        <p><strong>Note:</strong> This action cannot be undone.</p>
+      </div>
+      <template #footer>
+        <FeatherButton
+          secondary
+          @click="emit('close')"
+        >
+          Cancel
+        </FeatherButton>
+        <FeatherButton
+          primary
+          @click="emit('confirm')"
+        >
+          Delete
+        </FeatherButton>
+      </template>
+    </FeatherDialog>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { FeatherButton } from '@featherds/button'
+import { FeatherDialog } from '@featherds/dialog'
+
+const label = {
+  title: 'Snmpv3 User Delete Confirmation'
+}
+const isVisible = ref(false)
+
+const props = defineProps<{
+  visible: boolean
+}>()
+
+const emit = defineEmits<{
+  (e: 'close'): void
+  (e: 'confirm'): void
+}>()
+
+watch(() => props.visible, (newVal) => {
+  isVisible.value = newVal
+}, { immediate: true })
+</script>
+
+<style scoped lang="scss"></style>
+
diff --git a/ui/src/components/TrapConfiguration/SearchExistingCredential.vue b/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
similarity index 98%
rename from ui/src/components/TrapConfiguration/SearchExistingCredential.vue
rename to ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
index 860a6f691bb9..a096cbee5ecb 100644
--- a/ui/src/components/TrapConfiguration/SearchExistingCredential.vue
+++ b/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
@@ -87,13 +87,13 @@
 </template>
 
 <script setup lang="ts">
+import EmptyList from '@/components/Common/EmptyList.vue'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import FeatherButton from '@featherds/button/src/components/FeatherButton.vue'
 import { FeatherDrawer } from '@featherds/drawer'
 import { FeatherIcon } from '@featherds/icon'
 import Search from '@featherds/icon/action/Search'
 import { FeatherSelect } from '@featherds/select'
-import EmptyList from '../Common/EmptyList.vue'
 
 const store = useTrapConfigStore()
 const tableRecords = ref<{ alias: string; value: string }[]>([
diff --git a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
index b4a496b9f08c..30b1d930e573 100644
--- a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
@@ -13,7 +13,7 @@
         v-model="port"
         :error="trapConfigError.port"
         type="number"
-        :hint="'Default: 162'"
+        :hint="'Default: 10162'"
       />
       <FeatherInput
         label="Bind Address"
@@ -128,9 +128,10 @@ import { FeatherExpansionPanel } from '@featherds/expansion'
 import { FeatherInput } from '@featherds/input'
 import { SwitchRender } from '@featherds/switch'
 import TableCard from '../Common/TableCard.vue'
+import { isValidIP } from './contants'
 
 const status = ref(false)
-const port = ref<number>(162)
+const port = ref<number>(10162)
 const bindAddress = ref('*')
 const trapMessageStatus = ref(false)
 const trapSourceAddressStatus = ref(false)
@@ -139,7 +140,7 @@ const queueSize = ref<number>(10000)
 const batchSize = ref<number>(1000)
 const batchInterval = ref<number>(500)
 const trapConfigError = ref<TrapdConfigurationError>({})
-const isSaveDisabled = ref(false)
+const isSaveDisabled = ref(true)
 const isSaving = ref(false)
 const store = useTrapConfigStore()
 const { showSnackBar } = useSnackbar()
@@ -188,18 +189,9 @@ const validateInputs = (): TrapdConfigurationError => {
   return trapConfigError
 }
 
-// Add this helper function
-const isValidIP = (ip: string): boolean => {
-  const parts = ip.split('.')
-  if (parts.length !== 4) return false
-  return parts.every(part => {
-    const num = parseInt(part, 10)
-    return !isNaN(num) && num >= 0 && num <= 255
-  })
-}
-
 const updateConfig = async () => {
-  if (isSaveDisabled.value || isSaving.value) {
+  const error = validateInputs()
+  if (Object.keys(error).length > 0) {
     return
   }
 
@@ -223,6 +215,7 @@ const updateConfig = async () => {
     store.SnmpV3Users = response.snmpv3User
 
     showSnackBar({ msg: 'Trap configuration updated successfully.' })
+    await store.fetchTrapConfig()
   } catch (err) {
     const msg = err instanceof Error ? err.message : 'Failed to update trap configuration.'
     showSnackBar({ msg, error: true })
@@ -233,7 +226,7 @@ const updateConfig = async () => {
 
 const loadInitialConfig = () => {
   if (store.trapdConfig) {
-    port.value = store.trapdConfig.snmpTrapPort || 162
+    port.value = store.trapdConfig.snmpTrapPort || 10162
     bindAddress.value = store.trapdConfig.snmpTrapAddress || '*'
     status.value = store.trapdConfig.newSuspectOnTrap || false
     trapSourceAddressStatus.value = store.trapdConfig.useAddressFromVarbind || false
@@ -250,10 +243,9 @@ watchEffect(() => {
   isSaveDisabled.value = Object.keys(trapConfigError.value).length > 0
 })
 
-onMounted(() => {
+watch(() => store.trapdConfig, () => {
   loadInitialConfig()
-})
-
+}, { immediate: true, deep: true })
 </script>
 
 <style lang="scss" scoped>
diff --git a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue b/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
index a0ef08253e37..0871008fa5da 100644
--- a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
+++ b/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
@@ -13,7 +13,7 @@
         <FeatherButton
           primary
           data-test="add-user-button"
-          @click="store.openCreateUserDrawer(CreateEditMode.Create)"
+          @click="store.openCreateUserDrawer(CreateEditMode.Create, -1)"
         >
           Add User
         </FeatherButton>
@@ -47,21 +47,23 @@
             v-for="(user, index) in tableRecords"
             :key="index"
           >
-            <td>{{ user.username }}</td>
+            <td>{{ user.securityName }}</td>
             <td>{{ user.securityLevel }}</td>
-            <td>{{ user.authenticationProtocol }}</td>
+            <td>{{ user.authProtocol }}</td>
             <td>{{ user.privacyProtocol }}</td>
             <td>
               <div class="action-container">
                 <FeatherButton
                   icon="Edit User"
                   data-test="edit-user-button"
+                  @click="store.openCreateUserDrawer(CreateEditMode.Edit, index)"
                 >
                   <FeatherIcon :icon="Edit"> </FeatherIcon>
                 </FeatherButton>
                 <FeatherButton
                   icon="Delete User"
                   data-test="delete-user-button"
+                  @click="openDeleteUserDialog(index)"
                 >
                   <FeatherIcon :icon="Delete"> </FeatherIcon>
                 </FeatherButton>
@@ -74,12 +76,20 @@
         <EmptyList :content="{ msg: 'No SNMPv3 users found' }" />
       </div>
     </div>
+    <DeleteUserConfirmationDialog
+      :visible="deleteDialogVisible"
+      @close="cancelDeleteUser"
+      @confirm="confirmDeleteUser"
+    />
   </TableCard>
 </template>
 
 <script setup lang="ts">
+import useSnackbar from '@/composables/useSnackbar'
+import { deleteTrapdUser } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { CreateEditMode } from '@/types'
+import { SnmpV3User } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherIcon } from '@featherds/icon'
 import Delete from '@featherds/icon/action/Delete'
@@ -87,21 +97,14 @@ import Edit from '@featherds/icon/action/Edit'
 import { FeatherSortHeader, SORT } from '@featherds/table'
 import EmptyList from '../Common/EmptyList.vue'
 import TableCard from '../Common/TableCard.vue'
+import DeleteUserConfirmationDialog from './Dialog/DeleteUserConfirmationDialog.vue'
 
 const store = useTrapConfigStore()
-
-interface User {
-  username: string
-  securityLevel: number
-  authenticationProtocol: string
-  privacyProtocol: string
-}
-
-const tableRecords = ref<User[]>([
-  { username: 'user1', securityLevel: 3, authenticationProtocol: 'SHA', privacyProtocol: 'AES' },
-  { username: 'user2', securityLevel: 2, authenticationProtocol: 'MD5', privacyProtocol: 'DES' },
-  { username: 'user3', securityLevel: 1, authenticationProtocol: 'MD5', privacyProtocol: 'DES' }
-])
+const { showSnackBar } = useSnackbar()
+const tableRecords = ref<SnmpV3User[]>([])
+const deleteUserIndex = ref<number | null>(null)
+const deleteDialogVisible = ref<boolean>(false)
+const isDeleting = ref(false)
 
 const columns = computed(() => [
   { id: 'username', label: 'SnmpV3 Username' },
@@ -123,6 +126,41 @@ const sortChanged = (sortObj: { property: string; value: SORT }) => {
   }
   sort[sortObj.property] = sortObj.value
 }
+
+const openDeleteUserDialog = (index: number) => {
+  deleteUserIndex.value = index
+  deleteDialogVisible.value = true
+}
+
+const cancelDeleteUser = () => {
+  deleteUserIndex.value = null
+  deleteDialogVisible.value = false
+}
+
+const confirmDeleteUser = async () => {
+  if (deleteUserIndex.value === null || isDeleting.value) {
+    return
+  }
+
+  try {
+    isDeleting.value = true
+    await deleteTrapdUser(deleteUserIndex.value)
+    await store.fetchTrapConfig()
+    cancelDeleteUser()
+    showSnackBar({ msg: 'SNMPv3 user deleted successfully.' })
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : 'Failed to delete SNMPv3 user.'
+    showSnackBar({ msg, error: true })
+  } finally {
+    isDeleting.value = false
+  }
+}
+
+watch(
+  () => store.SnmpV3Users, () => {
+    tableRecords.value = store.SnmpV3Users || []
+  }, { immediate: true, deep: true }
+)
 </script>
 
 <style lang="scss" scoped>
diff --git a/ui/src/components/TrapConfiguration/contants.ts b/ui/src/components/TrapConfiguration/contants.ts
new file mode 100644
index 000000000000..c643af15a513
--- /dev/null
+++ b/ui/src/components/TrapConfiguration/contants.ts
@@ -0,0 +1,32 @@
+import { ISelectItemType } from '@featherds/select'
+
+export const isValidIP = (ip: string): boolean => {
+  const parts = ip.split('.')
+  if (parts.length !== 4) return false
+  return parts.every((part) => {
+    const num = parseInt(part, 10)
+    return !isNaN(num) && num >= 0 && num <= 255
+  })
+}
+
+export const SECURITY_LEVEL_OPTIONS: ISelectItemType[] = [
+  { _text: '1 - NoAuthNoPriv', _value: 1 },
+  { _text: '2 - AuthNoPriv', _value: 2 },
+  { _text: '3 - AuthPriv', _value: 3 }
+]
+
+export const PRIVACY_PROTOCOLS_OPTIONS: ISelectItemType[] = [
+  { _text: 'DES', _value: 'DES' },
+  { _text: 'AES', _value: 'AES' },
+  { _text: 'AES192', _value: 'AES192' },
+  { _text: 'AES256', _value: 'AES256' }
+]
+
+export const AUTH_PROTOCOLS_OPTIONS: ISelectItemType[] = [
+  { _text: 'MD5', _value: 'MD5' },
+  { _text: 'SHA', _value: 'SHA' },
+  { _text: 'SHA224', _value: 'SHA224' },
+  { _text: 'SHA256', _value: 'SHA256' },
+  { _text: 'SHA512', _value: 'SHA512' }
+]
+
diff --git a/ui/src/mappers/trapdConfig.mapper.ts b/ui/src/mappers/trapdConfig.mapper.ts
new file mode 100644
index 000000000000..baa4b1cd7ff3
--- /dev/null
+++ b/ui/src/mappers/trapdConfig.mapper.ts
@@ -0,0 +1,52 @@
+import { SnmpV3User, TrapConfig } from '@/types/trapConfig'
+
+export const mapTrapdConfigFromServer = (data: any): TrapConfig => {
+  return {
+    snmpTrapPort: data.snmpTrapPort,
+    snmpTrapAddress: data.snmpTrapAddress,
+    newSuspectOnTrap: data.newSuspectOnTrap,
+    includeRawMessage: data.includeRawMessage,
+    threads: data.threads,
+    queueSize: data.queueSize,
+    batchSize: data.batchSize,
+    batchInterval: data.batchInterval,
+    useAddressFromVarbind: data.useAddressFromVarbind,
+    snmpv3User: (data.snmpv3User || []).map((user: any) => ({
+      securityName: user.securityName,
+      securityLevel: user.securityLevel,
+      authProtocol: user.authProtocol,
+      authPassword: user.authPassword,
+      privacyProtocol: user.privacyProtocol,
+      privacyPassword: user.privacyPassword
+    }))
+  }
+}
+
+export const mapUserToServer = (payload: any): SnmpV3User => {
+  const user = {
+    securityName: payload.securityName,
+    engineId: payload.engineId,
+    securityLevel: payload.securityLevel
+  } as SnmpV3User
+
+  if (payload.securityLevel === 1) {
+    user.authProtocol = null
+    user.authPassphrase = null
+    user.privacyProtocol = null
+    user.privacyPassphrase = null
+  }
+  else if (payload.securityLevel === 2) {
+    user.authProtocol = payload.authProtocol
+    user.authPassphrase = payload.authPassphrase
+    user.privacyProtocol = null
+    user.privacyPassphrase = null
+  }
+  else if (payload.securityLevel === 3) {
+    user.authProtocol = payload.authProtocol
+    user.authPassphrase = payload.authPassphrase
+    user.privacyProtocol = payload.privacyProtocol
+    user.privacyPassphrase = payload.privacyPassphrase
+  }
+
+  return user
+}
diff --git a/ui/src/services/trapdConfigurationService.ts b/ui/src/services/trapdConfigurationService.ts
index 6f0340c7a40b..990d2b069f79 100644
--- a/ui/src/services/trapdConfigurationService.ts
+++ b/ui/src/services/trapdConfigurationService.ts
@@ -3,6 +3,7 @@ import axios from 'axios'
 import type { SnmpV3User, TrapConfig } from '@/types/trapConfig'
 
 import { v2 } from './axiosInstances'
+import { mapTrapdConfigFromServer } from '@/mappers/trapdConfig.mapper'
 
 const endpoint = '/trapd'
 
@@ -55,7 +56,7 @@ export const uploadTrapdConfiguration = async (file: File): Promise<TrapConfig |
     }
 
     if (response.status === 200) {
-      return response.data as TrapConfig
+      return mapTrapdConfigFromServer(response.data)
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)
@@ -69,7 +70,7 @@ export const getTrapdConfiguration = async (): Promise<TrapConfig> => {
     const response = await v2.get(`${endpoint}/get-config`)
 
     if (response.status === 200) {
-      return response.data as TrapConfig
+      return mapTrapdConfigFromServer(response.data) as TrapConfig
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)
@@ -78,14 +79,12 @@ export const getTrapdConfiguration = async (): Promise<TrapConfig> => {
   }
 }
 
-export const updateTrapdConfiguration = async (
-  payload: TrapdConfigurationUpdatePayload
-): Promise<TrapConfig> => {
+export const updateTrapdConfiguration = async (payload: TrapdConfigurationUpdatePayload): Promise<TrapConfig> => {
   try {
     const response = await v2.put(`${endpoint}/update-config`, payload)
 
     if (response.status === 200) {
-      return response.data as TrapConfig
+      return mapTrapdConfigFromServer(response.data) as TrapConfig
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)
@@ -142,4 +141,4 @@ export const deleteTrapdUser = async (index: number): Promise<SnmpV3User> => {
   } catch (error) {
     return throwTrapdServiceError(error, 'Failed to delete trapd user.')
   }
-}
\ No newline at end of file
+}
diff --git a/ui/src/stores/trapConfigStore.ts b/ui/src/stores/trapConfigStore.ts
index eb54d3db63b0..2c1d7ac084cc 100644
--- a/ui/src/stores/trapConfigStore.ts
+++ b/ui/src/stores/trapConfigStore.ts
@@ -14,7 +14,8 @@ export const useTrapConfigStore = defineStore('useTrapConfigStore', {
     },
     createUserDrawerState: {
       visible: false,
-      mode: CreateEditMode.None
+      mode: CreateEditMode.None,
+      selectedUserIndex: -1
     }
   }),
   actions: {
@@ -30,13 +31,15 @@ export const useTrapConfigStore = defineStore('useTrapConfigStore', {
     closeCredentialDrawer() {
       this.credentialDrawerState.visible = false
     },
-    openCreateUserDrawer(mode: CreateEditMode) {
+    openCreateUserDrawer(mode: CreateEditMode, selectedUserIndex: number) {
       this.createUserDrawerState.visible = true
       this.createUserDrawerState.mode = mode
+      this.createUserDrawerState.selectedUserIndex = selectedUserIndex
     },
     closeCreateUserDrawer() {
       this.createUserDrawerState.visible = false
       this.createUserDrawerState.mode = CreateEditMode.None
+      this.createUserDrawerState.selectedUserIndex = -1
     }
   }
 })
diff --git a/ui/src/types/trapConfig.d.ts b/ui/src/types/trapConfig.d.ts
index 6e4a1940676a..845cee9e8981 100644
--- a/ui/src/types/trapConfig.d.ts
+++ b/ui/src/types/trapConfig.d.ts
@@ -11,6 +11,7 @@ export interface TrapConfigStoreState {
   createUserDrawerState: {
     visible: boolean
     mode: CreateEditMode
+    selectedUserIndex: number
   }
 }
 
@@ -45,4 +46,14 @@ export interface TrapdConfigurationError {
   batchSize?: string
   batchInterval?: string
   snmpv3User?: string
-}
\ No newline at end of file
+}
+
+export interface SnmpV3UserError {
+  engineId?: string
+  securityName?: string
+  securityLevel?: string
+  authProtocol?: string
+  authPassphrase?: string
+  privacyProtocol?: string
+  privacyPassphrase?: string
+}

From 9d79643fd3a004b0bcf6d0c07d39fd3c92b8dc49 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 19 Mar 2026 17:26:34 +0500
Subject: [PATCH 09/41] new changes

---
 ui/src/components/SCV/SCVForm.vue             |  5 +-
 .../Drawer/SearchExistingCredential.vue       |  6 ++
 ui/src/lib/constants.ts                       | 44 +++++++++
 ui/src/services/index.ts                      | 24 +----
 ui/src/services/scvService.ts                 | 24 ++++-
 ui/src/stores/scvStore.ts                     | 93 ++++++++++++++++---
 ui/src/types/scv.d.ts                         | 28 ++++++
 ui/tests/scv.test.ts                          |  9 +-
 8 files changed, 189 insertions(+), 44 deletions(-)
 create mode 100644 ui/src/lib/constants.ts

diff --git a/ui/src/components/SCV/SCVForm.vue b/ui/src/components/SCV/SCVForm.vue
index 8aa26443bac4..6616808dbb82 100644
--- a/ui/src/components/SCV/SCVForm.vue
+++ b/ui/src/components/SCV/SCVForm.vue
@@ -79,7 +79,8 @@ import { FeatherInput } from '@featherds/input'
 import { FeatherButton } from '@featherds/button'
 import { FeatherIcon } from '@featherds/icon'
 import Add from '@featherds/icon/action/Add' 
-import { GET_ALL_ALIAS, useScvStore } from '@/stores/scvStore'
+import { SCV_GET_ALL_ALIAS } from '@/lib/constants'
+import { useScvStore } from '@/stores/scvStore'
 import { SCVCredentials } from '@/types/scv'
 import { UpdateModelFunction } from '@/types'
 import SCVAttribute from './SCVAttribute.vue'
@@ -116,7 +117,7 @@ const passwordError = computed<string | undefined>(() => {
 const aliasError = computed<string | undefined>(() => {
   if (
     !isEditing.value && 
-    scvStore.credentials.alias?.toLowerCase() === GET_ALL_ALIAS) {
+    scvStore.credentials.alias?.toLowerCase() === SCV_GET_ALL_ALIAS) {
     return 'Cannot use reserved alias name.'
   }
 
diff --git a/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue b/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
index a096cbee5ecb..b11c994279e3 100644
--- a/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
+++ b/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
@@ -88,6 +88,7 @@
 
 <script setup lang="ts">
 import EmptyList from '@/components/Common/EmptyList.vue'
+import { useScvStore } from '@/stores/scvStore'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import FeatherButton from '@featherds/button/src/components/FeatherButton.vue'
 import { FeatherDrawer } from '@featherds/drawer'
@@ -96,10 +97,15 @@ import Search from '@featherds/icon/action/Search'
 import { FeatherSelect } from '@featherds/select'
 
 const store = useTrapConfigStore()
+const scvStore = useScvStore()
 const tableRecords = ref<{ alias: string; value: string }[]>([
   { alias: 'credential1', value: 'value1' },
   { alias: 'credential2', value: 'value2' }
 ])
+
+onMounted(() => {
+  scvStore.populate()
+})
 </script>
 
 <style lang="scss" scoped>
diff --git a/ui/src/lib/constants.ts b/ui/src/lib/constants.ts
new file mode 100644
index 000000000000..a3fe19a3babe
--- /dev/null
+++ b/ui/src/lib/constants.ts
@@ -0,0 +1,44 @@
+///
+/// Licensed to The OpenNMS Group, Inc (TOG) under one or more
+/// contributor license agreements.  See the LICENSE.md file
+/// distributed with this work for additional information
+/// regarding copyright ownership.
+///
+/// TOG licenses this file to You under the GNU Affero General
+/// Public License Version 3 (the "License") or (at your option)
+/// any later version.  You may not use this file except in
+/// compliance with the License.  You may obtain a copy of the
+/// License at:
+///
+///      https://www.gnu.org/licenses/agpl-3.0.txt
+///
+/// Unless required by applicable law or agreed to in writing,
+/// software distributed under the License is distributed on an
+/// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+/// either express or implied.  See the License for the specific
+/// language governing permissions and limitations under the
+/// License.
+///
+
+export const DEFAULT_MONITORING_LOCATION = 'Default'
+
+export const SCV_GET_ALL_ALIAS = '_all'
+
+// SNMP Defaults
+export const DEFAULT_SNMP_VERSION = 'v2c'
+export const DEFAULT_SNMP_TIMEOUT = 3000
+export const DEFAULT_SNMP_RETRIES = 1
+export const DEFAULT_SNMP_PORT = 161
+export const DEFAULT_SNMP_TTL = 1
+export const DEFAULT_SNMP_MAX_REQUEST_SIZE = 65535
+export const DEFAULT_SNMP_MAX_VARS_PER_PDU = 10
+export const DEFAULT_SNMP_MAX_REPETITIONS = 2
+export const DEFAULT_SNMP_READ_COMMUNITY_STRING = 'public'
+export const DEFAULT_SNMP_WRITE_COMMUNITY_STRING = 'private'
+export const DEFAULT_SNMP_V3_SECURITY_NAME = 'opennmsUser'
+export const DEFAULT_SNMP_V3_SECURITY_LEVEL = 1
+export const DEFAULT_SNMP_V3_SECURITY_LEVEL_STRING = 'noAuthNoPriv'
+export const DEFAULT_SNMP_V3_AUTH_PASSPHRASE = '0p3nNMSv3'
+export const DEFAULT_SNMP_V3_AUTH_PROTOCOL = 'MD5'
+export const DEFAULT_SNMP_V3_PRIVACY_PASSPHRASE = '0p3nNMSv3'
+export const DEFAULT_SNMP_V3_PRIVACY_PROTOCOL = 'DES'
diff --git a/ui/src/services/index.ts b/ui/src/services/index.ts
index 4ff81dcc13ab..7ef95ff416cc 100644
--- a/ui/src/services/index.ts
+++ b/ui/src/services/index.ts
@@ -52,7 +52,7 @@ import { getGeolocationConfig } from './geolocationService'
 import { getMainMenu, getNotificationSummary } from './menuService'
 import { getMainMonitoringSystem } from './monitoringSystemService'
 import { getFileNames, getFile, getSnippets, postFile, deleteFile, getFileExtensions } from './configService'
-import { getAliases, getCredentialsByAlias, addCredentials, updateCredentials } from './scvService'
+import { getAliases, getAllCredentials, getCredentialsByAlias, addCredentials, updateCredentials } from './scvService'
 
 import { getAlarms, modifyAlarm } from './alarmService'
 import { getEvents } from './eventService'
@@ -72,18 +72,7 @@ import {
   getUsageStatisticsStatus,
   setUsageStatisticsStatus
 } from './usageStatisticsService'
-import {
-  addZenithRegistration,
-  getZenithRegistrations
-} from './zenithConnectService'
-import {
-  deleteTrapdUser,
-  getTrapdConfiguration,
-  saveTrapdUser,
-  updateTrapdConfiguration,
-  updateTrapdUser,
-  uploadTrapdConfiguration
-} from './trapdConfigurationService'
+import { addZenithRegistration, getZenithRegistrations } from './zenithConnectService'
 
 export default {
   search,
@@ -134,20 +123,15 @@ export default {
   getOsImageOptions,
   getHistoryByIpInterface,
   getAliases,
+  getAllCredentials,
   getCredentialsByAlias,
   addCredentials,
   updateCredentials,
   getUsageStatistics,
-  getUsageStatisticsMetadata, 
+  getUsageStatisticsMetadata,
   getUsageStatisticsStatus,
   setUsageStatisticsStatus,
   addZenithRegistration,
   getZenithRegistrations,
-  uploadTrapdConfiguration,
-  getTrapdConfiguration,
-  updateTrapdConfiguration,
-  saveTrapdUser,
-  updateTrapdUser,
-  deleteTrapdUser,
   performLogout
 }
diff --git a/ui/src/services/scvService.ts b/ui/src/services/scvService.ts
index 11219e182929..fcb619ce9405 100644
--- a/ui/src/services/scvService.ts
+++ b/ui/src/services/scvService.ts
@@ -20,10 +20,11 @@
 /// License.
 ///
 
-import { rest } from './axiosInstances'
-import { SCVCredentials } from '@/types/scv'
 import useSnackbar from '@/composables/useSnackbar'
 import useSpinner from '@/composables/useSpinner'
+import { SCV_GET_ALL_ALIAS } from '@/lib/constants'
+import { SCVCredentials } from '@/types/scv'
+import { rest } from './axiosInstances'
 
 const { showSnackBar } = useSnackbar()
 const { startSpinner, stopSpinner } = useSpinner()
@@ -55,6 +56,19 @@ const getCredentialsByAlias = async (alias: string): Promise<SCVCredentials | nu
   }
 }
 
+const getAllCredentials = async (): Promise<SCVCredentials[] | null> => {
+  try {
+    startSpinner()
+    const resp = await rest.get(`${endpoint}/${SCV_GET_ALL_ALIAS}`)
+    return resp.data
+  } catch (err) {
+    showSnackBar({ msg: 'Failed to retrieve credentials.' })
+    return null
+  } finally {
+    stopSpinner()
+  }
+}
+
 const addCredentials = async (credentials: SCVCredentials): Promise<number | null> => {
   try {
     startSpinner()
@@ -83,4 +97,8 @@ const updateCredentials = async (credentials: SCVCredentials): Promise<number |
   }
 }
 
-export { getAliases, getCredentialsByAlias, addCredentials, updateCredentials }
+export {
+  addCredentials, getAliases,
+  getAllCredentials,
+  getCredentialsByAlias, updateCredentials
+}
diff --git a/ui/src/stores/scvStore.ts b/ui/src/stores/scvStore.ts
index a8148c18ecdd..a3f10a04a617 100644
--- a/ui/src/stores/scvStore.ts
+++ b/ui/src/stores/scvStore.ts
@@ -22,9 +22,8 @@
 
 import { defineStore } from 'pinia'
 import API from '@/services'
-import { SCVCredentials } from '@/types/scv'
-
-export const GET_ALL_ALIAS = '_all'
+import { SCVCredentials, ScvSearchItem } from '@/types/scv'
+import { SCV_GET_ALL_ALIAS } from '@/lib/constants'
 
 export const useScvStore = defineStore('scvStore', () => {
   const aliases = ref([] as string[])
@@ -35,6 +34,8 @@ export const useScvStore = defineStore('scvStore', () => {
     attributes: {}
   } as SCVCredentials)
 
+  const allCredentials = ref([] as SCVCredentials[])
+
   // used to track changes
   const dbCredentials = ref({} as SCVCredentials)
   const isEditing = ref(false)
@@ -54,13 +55,27 @@ export const useScvStore = defineStore('scvStore', () => {
     }
   }
 
+  const getAllCredentials = () => {
+    return {
+      ...allCredentials.value
+    }
+  }
+
+  const populate = async () => {
+    const resp = await API.getAllCredentials()
+
+    if (resp) {
+      allCredentials.value = resp
+    }
+  }
+
   const addCredentials = async () => {
     if (!credentials.value.alias) {
       throw new Error('Alias is required to add new credentials.')
     }
 
-    if (credentials.value.alias.toLowerCase() === GET_ALL_ALIAS) {
-      throw new Error(`The alias "${GET_ALL_ALIAS}" is reserved and cannot be used.`)
+    if (credentials.value.alias.toLowerCase() === SCV_GET_ALL_ALIAS) {
+      throw new Error(`The alias "${SCV_GET_ALL_ALIAS}" is reserved and cannot be used.`)
     }
 
     const success = await API.addCredentials(credentials.value)
@@ -76,8 +91,8 @@ export const useScvStore = defineStore('scvStore', () => {
       throw new Error('Alias is required to add new credentials.')
     }
 
-    if (credentials.value.alias.toLowerCase() === GET_ALL_ALIAS) {
-      throw new Error(`The alias "${GET_ALL_ALIAS}" is reserved and cannot be used.`)
+    if (credentials.value.alias.toLowerCase() === SCV_GET_ALL_ALIAS) {
+      throw new Error(`The alias "${SCV_GET_ALL_ALIAS}" is reserved and cannot be used.`)
     }
 
     const success = await API.updateCredentials(credentials.value)
@@ -87,13 +102,59 @@ export const useScvStore = defineStore('scvStore', () => {
     }
   }
 
+  const createScvSearchItem = (cred: SCVCredentials, key: string, type: 'alias' | 'key'): ScvSearchItem => {
+    return {
+      alias: cred.alias,
+      key: key,
+      type: type
+    }
+  }
+
+  /**
+   * Returns a sorted list of ScvSearchItems grouped by alias which matches the query.
+   * Match by alias returns the alias items, as well as all keys for the aliases.
+   * Match by key returns the parent alias, then only the matching keys.
+   * If query is empty, returns all aliases and keys.
+   */
+  const queryCredentials = (query: string) => {
+    const items = [] as ScvSearchItem[]
+
+    const sortedByAlias = [...allCredentials.value].sort((a, b) => a.alias.localeCompare(b.alias))
+    const displayAll = !query
+
+    sortedByAlias.forEach((cred) => {
+      let aliasPushed = false
+      let aliasMatched = false
+
+      if (displayAll || cred.alias.toLowerCase().includes(query.toLowerCase())) {
+        items.push(createScvSearchItem(cred, cred.alias, 'alias'))
+        aliasPushed = true
+        aliasMatched = true
+      }
+
+      const keys = ['username', 'password', ...Object.keys(cred.attributes)]
+
+      keys.forEach((key) => {
+        if (displayAll || aliasMatched || key.toLowerCase().includes(query.toLowerCase())) {
+          if (!aliasPushed) {
+            items.push(createScvSearchItem(cred, cred.alias, 'alias'))
+            aliasPushed = true
+          }
+
+          items.push(createScvSearchItem(cred, key, 'key'))
+        }
+      })
+    })
+
+    return items
+  }
+
   const setValue = (keyVal: Record<string, string>) => {
     credentials.value = { ...credentials.value, ...keyVal }
   }
 
   const clearCredentials = async () => {
     const creds = {
-      id: undefined,
       alias: '',
       username: '',
       password: '',
@@ -110,7 +171,6 @@ export const useScvStore = defineStore('scvStore', () => {
   }
 
   const updateAttribute = (attribute: { key: string; keyVal: { key: string; value: string } }) => {
-    // TODO: Do we need to replace entire credential.values object, or can we just modify credentials.value.attributes?
     const attributes = { ...credentials.value.attributes }
 
     // updating the value
@@ -133,18 +193,21 @@ export const useScvStore = defineStore('scvStore', () => {
   }
 
   return {
+    addAttribute,
+    addCredentials,
     aliases,
+    clearCredentials,
     credentials,
     dbCredentials,
-    isEditing,
     getAliases,
+    getAllCredentials,
     getCredentialsByAlias,
-    addCredentials,
-    updateCredentials,
+    isEditing,
+    populate,
+    queryCredentials,
+    removeAttribute,
     setValue,
-    clearCredentials,
-    addAttribute,
     updateAttribute,
-    removeAttribute
+    updateCredentials
   }
 })
diff --git a/ui/src/types/scv.d.ts b/ui/src/types/scv.d.ts
index cd1a66113b22..682a2d8eceab 100644
--- a/ui/src/types/scv.d.ts
+++ b/ui/src/types/scv.d.ts
@@ -1,6 +1,34 @@
+///
+/// Licensed to The OpenNMS Group, Inc (TOG) under one or more
+/// contributor license agreements.  See the LICENSE.md file
+/// distributed with this work for additional information
+/// regarding copyright ownership.
+///
+/// TOG licenses this file to You under the GNU Affero General
+/// Public License Version 3 (the "License") or (at your option)
+/// any later version.  You may not use this file except in
+/// compliance with the License.  You may obtain a copy of the
+/// License at:
+///
+///      https://www.gnu.org/licenses/agpl-3.0.txt
+///
+/// Unless required by applicable law or agreed to in writing,
+/// software distributed under the License is distributed on an
+/// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+/// either express or implied.  See the License for the specific
+/// language governing permissions and limitations under the
+/// License.
+///
+
 export interface SCVCredentials {
   alias: string
   username: string
   password: string
   attributes: Record<string, string>
 }
+
+export interface ScvSearchItem {
+  alias: string
+  key: string
+  type: 'alias' | 'key'
+}
diff --git a/ui/tests/scv.test.ts b/ui/tests/scv.test.ts
index f308803c0fd5..8d7aede4e7fe 100644
--- a/ui/tests/scv.test.ts
+++ b/ui/tests/scv.test.ts
@@ -23,7 +23,8 @@
 import { mount } from '@vue/test-utils'
 import { createTestingPinia } from '@pinia/testing'
 import { beforeEach, describe, expect, test } from 'vitest'
-import { GET_ALL_ALIAS, useScvStore } from '@/stores/scvStore'
+import { SCV_GET_ALL_ALIAS } from '@/lib/constants'
+import { useScvStore } from '@/stores/scvStore'
 import { SCVCredentials } from '@/types/scv'
 import SCV from '@/containers/SecureCredentialsVault.vue'
 
@@ -34,7 +35,7 @@ const mockCredentials: SCVCredentials = {
   attributes: {}
 }
 
-describe('scvStore test', () => {
+describe('scv test', () => {
   let wrapper: any
 
   beforeEach(() => {
@@ -87,8 +88,8 @@ describe('scvStore test', () => {
 
     // add alias1 to the list of current aliases
     scvStore.aliases = ['alias1']
-    // start to create new with GET_ALL_ALIAS
-    await aliasInput.setValue(GET_ALL_ALIAS)
+    // start to create new with SCV_GET_ALL_ALIAS
+    await aliasInput.setValue(SCV_GET_ALL_ALIAS)
     // expect add btn to remain disabled
     expect(addCredsBtn.attributes('aria-disabled')).toBe('true')
     // replace with alias2

From 5e211abe283fed7c4a47a09d6849223674e09562 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 19 Mar 2026 21:20:33 +0500
Subject: [PATCH 10/41] changes

---
 ui/src/lib/trapdValidator.ts | 41 ++++++++++++++++++++++++++++++++++++
 ui/src/types/trapConfig.d.ts | 29 +++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 ui/src/lib/trapdValidator.ts

diff --git a/ui/src/lib/trapdValidator.ts b/ui/src/lib/trapdValidator.ts
new file mode 100644
index 000000000000..65d017887327
--- /dev/null
+++ b/ui/src/lib/trapdValidator.ts
@@ -0,0 +1,41 @@
+///
+/// Licensed to The OpenNMS Group, Inc (TOG) under one or more
+/// contributor license agreements.  See the LICENSE.md file
+/// distributed with this work for additional information
+/// regarding copyright ownership.
+///
+/// TOG licenses this file to You under the GNU Affero General
+/// Public License Version 3 (the "License") or (at your option)
+/// any later version.  You may not use this file except in
+/// compliance with the License.  You may obtain a copy of the
+/// License at:
+///
+///      https://www.gnu.org/licenses/agpl-3.0.txt
+///
+/// Unless required by applicable law or agreed to in writing,
+/// software distributed under the License is distributed on an
+/// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+/// either express or implied.  See the License for the specific
+/// language governing permissions and limitations under the
+/// License.
+///
+
+import { SnmpSecurityLevel } from '@/types/trapConfig'
+
+const VALID_SECURITY_LEVELS = [SnmpSecurityLevel.NoAuthNoPriv, SnmpSecurityLevel.AuthNoPriv, SnmpSecurityLevel.AuthPriv]
+const MIN_PORT = 1
+const MAX_PORT = 65535
+
+export const SecurityLevelSelectionOptions = [
+  { _text: 'No Auth (1)', _value: String(SnmpSecurityLevel.NoAuthNoPriv) },
+  { _text: 'Auth Only (2)', _value: String(SnmpSecurityLevel.AuthNoPriv) },
+  { _text: 'Auth and Privacy (3)', _value: String(SnmpSecurityLevel.AuthPriv) }
+]
+
+export const SnmpAuthProtocols = ['MD5', 'SHA', 'SHA-224', 'SHA-256', 'SHA-512']
+
+export const SnmpPrivacyProtocols = ['DES', 'AES', 'AES192', 'AES256']
+
+export const isValidSnmpSecurityLevel = (level: number | undefined): boolean => {
+  return level !== undefined && VALID_SECURITY_LEVELS.includes(level)
+}
diff --git a/ui/src/types/trapConfig.d.ts b/ui/src/types/trapConfig.d.ts
index 845cee9e8981..d67eb1d54a94 100644
--- a/ui/src/types/trapConfig.d.ts
+++ b/ui/src/types/trapConfig.d.ts
@@ -1,3 +1,25 @@
+///
+/// Licensed to The OpenNMS Group, Inc (TOG) under one or more
+/// contributor license agreements.  See the LICENSE.md file
+/// distributed with this work for additional information
+/// regarding copyright ownership.
+///
+/// TOG licenses this file to You under the GNU Affero General
+/// Public License Version 3 (the "License") or (at your option)
+/// any later version.  You may not use this file except in
+/// compliance with the License.  You may obtain a copy of the
+/// License at:
+///
+///      https://www.gnu.org/licenses/agpl-3.0.txt
+///
+/// Unless required by applicable law or agreed to in writing,
+/// software distributed under the License is distributed on an
+/// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+/// either express or implied.  See the License for the specific
+/// language governing permissions and limitations under the
+/// License.
+///
+
 import { CreateEditMode } from '.'
 
 export interface TrapConfigStoreState {
@@ -57,3 +79,10 @@ export interface SnmpV3UserError {
   privacyProtocol?: string
   privacyPassphrase?: string
 }
+
+export enum SnmpSecurityLevel {
+  None = 0,
+  NoAuthNoPriv = 1,
+  AuthNoPriv = 2,
+  AuthPriv = 3
+}

From 09781f695da7a11611de552af937f8ea038e6ece Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 19 Mar 2026 22:56:15 +0500
Subject: [PATCH 11/41] changes

---
 .../TrapConfiguration/CreateSnmpV3User.vue    | 10 +--
 .../GeneralConfiguration.vue                  | 65 ++++++++++---------
 .../components/TrapConfiguration/contants.ts  | 32 ---------
 ui/src/lib/constants.ts                       | 12 ++++
 ui/src/lib/trapdValidator.ts                  | 60 ++++++++++++++---
 ui/src/types/trapConfig.d.ts                  | 17 ++++-
 6 files changed, 119 insertions(+), 77 deletions(-)
 delete mode 100644 ui/src/components/TrapConfiguration/contants.ts

diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
index 7229ee89d3db..d534cca2890c 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
@@ -61,7 +61,7 @@
             label="Auth Protocol"
             v-model="authProtocol"
             :clear="'true'"
-            :options="AUTH_PROTOCOLS_OPTIONS"
+            :options="AUTH_PROTOCOL_OPTIONS"
             :error="error.authProtocol"
           />
         </div>
@@ -91,7 +91,7 @@
             label="Privacy Protocol"
             v-model="privacyProtocol"
             :clear="'true'"
-            :options="PRIVACY_PROTOCOLS_OPTIONS"
+            :options="PRIVACY_PROTOCOL_OPTIONS"
             :error="error.privacyProtocol"
           />
         </div>
@@ -148,8 +148,8 @@ import ChevronLeft from '@featherds/icon/navigation/ChevronLeft'
 import { FeatherInput } from '@featherds/input'
 import { FeatherSelect, ISelectItemType } from '@featherds/select'
 import TableCard from '../Common/TableCard.vue'
-import { AUTH_PROTOCOLS_OPTIONS, PRIVACY_PROTOCOLS_OPTIONS, SECURITY_LEVEL_OPTIONS } from './contants'
 import SearchExistingCredential from './Drawer/SearchExistingCredential.vue'
+import { AUTH_PROTOCOL_OPTIONS, PRIVACY_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS } from '@/lib/trapdValidator'
 
 const store = useTrapConfigStore()
 const { showSnackBar } = useSnackbar()
@@ -278,8 +278,8 @@ const loadUserData = (drawerState: typeof store.createUserDrawerState) => {
 
     if (selectedUser) {
       securityLevel.value = SECURITY_LEVEL_OPTIONS.find(option => option._value === selectedUser.securityLevel) || createEmptySelectItem()
-      authProtocol.value = AUTH_PROTOCOLS_OPTIONS.find(option => option._value === selectedUser.authProtocol) || createEmptySelectItem()
-      privacyProtocol.value = PRIVACY_PROTOCOLS_OPTIONS.find(option => option._value === selectedUser.privacyProtocol) || createEmptySelectItem()
+      authProtocol.value = AUTH_PROTOCOL_OPTIONS.find(option => option._value === selectedUser.authProtocol) || createEmptySelectItem()
+      privacyProtocol.value = PRIVACY_PROTOCOL_OPTIONS.find(option => option._value === selectedUser.privacyProtocol) || createEmptySelectItem()
       securityName.value = selectedUser.securityName
       engineId.value = selectedUser.engineId || ''
       authPassphrase.value = selectedUser.authPassphrase || ''
diff --git a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
index 30b1d930e573..d471d81a18fb 100644
--- a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
@@ -11,6 +11,8 @@
         label="Port"
         placeholder="Enter port number"
         v-model="port"
+        :min="MIN_PORT"
+        :max="MAX_PORT"
         :error="trapConfigError.port"
         type="number"
         :hint="'Default: 10162'"
@@ -64,6 +66,7 @@
             label="Threads"
             placeholder="Enter number of threads"
             v-model="threads"
+            :min="0"
             :error="trapConfigError.threads"
             type="number"
             :hint="'Default: 0'"
@@ -74,6 +77,7 @@
             label="Queue Size"
             placeholder="Enter queue size"
             v-model="queueSize"
+            :min="0"
             :error="trapConfigError.queueSize"
             type="number"
             :hint="'Default: 10000'"
@@ -84,6 +88,7 @@
             label="Batch Size"
             placeholder="Enter batch size"
             v-model="batchSize"
+            :min="0"
             :error="trapConfigError.batchSize"
             type="number"
             :hint="'Default: 1000'"
@@ -94,6 +99,7 @@
             label="Batch Interval"
             placeholder="Enter batch interval"
             v-model="batchInterval"
+            :min="0"
             :error="trapConfigError.batchInterval"
             type="number"
             :hint="'Default: 500'"
@@ -120,6 +126,8 @@
 
 <script setup lang="ts">
 import useSnackbar from '@/composables/useSnackbar'
+import { DEFAULT_TRAPD_BATCH_INTERVAL, DEFAULT_TRAPD_BATCH_SIZE, DEFAULT_TRAPD_BIND_ADDRESS, DEFAULT_TRAPD_INCLUDE_RAW_MESSAGE, DEFAULT_TRAPD_NEW_SUSPECT_ON_TRAP, DEFAULT_TRAPD_PORT, DEFAULT_TRAPD_QUEUE_SIZE, DEFAULT_TRAPD_THREADS, DEFAULT_TRAPD_USE_ADDRESS_FROM_VARBIND } from '@/lib/constants'
+import { isValidIP, isValidPort, MAX_PORT, MIN_PORT } from '@/lib/trapdValidator'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { TrapdConfigurationError } from '@/types/trapConfig'
@@ -128,17 +136,16 @@ import { FeatherExpansionPanel } from '@featherds/expansion'
 import { FeatherInput } from '@featherds/input'
 import { SwitchRender } from '@featherds/switch'
 import TableCard from '../Common/TableCard.vue'
-import { isValidIP } from './contants'
-
-const status = ref(false)
-const port = ref<number>(10162)
-const bindAddress = ref('*')
-const trapMessageStatus = ref(false)
-const trapSourceAddressStatus = ref(false)
-const threads = ref<number>(0)
-const queueSize = ref<number>(10000)
-const batchSize = ref<number>(1000)
-const batchInterval = ref<number>(500)
+
+const status = ref(DEFAULT_TRAPD_NEW_SUSPECT_ON_TRAP)
+const port = ref<number>(DEFAULT_TRAPD_PORT)
+const bindAddress = ref(DEFAULT_TRAPD_BIND_ADDRESS)
+const trapMessageStatus = ref(DEFAULT_TRAPD_INCLUDE_RAW_MESSAGE)
+const trapSourceAddressStatus = ref(DEFAULT_TRAPD_USE_ADDRESS_FROM_VARBIND)
+const threads = ref<number>(DEFAULT_TRAPD_THREADS)
+const queueSize = ref<number>(DEFAULT_TRAPD_QUEUE_SIZE)
+const batchSize = ref<number>(DEFAULT_TRAPD_BATCH_SIZE)
+const batchInterval = ref<number>(DEFAULT_TRAPD_BATCH_INTERVAL)
 const trapConfigError = ref<TrapdConfigurationError>({})
 const isSaveDisabled = ref(true)
 const isSaving = ref(false)
@@ -159,33 +166,33 @@ const onChangeTrapSourceAddressStatus = () => {
 
 const validateInputs = (): TrapdConfigurationError => {
   const trapConfigError: TrapdConfigurationError = {}
-  
-  if (port.value < 1 || port.value > 65535) {
-    trapConfigError.port = 'Port must be between 1 and 65535.'
+
+  if (!isValidPort(port.value)) {
+    trapConfigError.port = `Port must be between ${MIN_PORT} and ${MAX_PORT}.`
   }
-  
+
   if (bindAddress.value === '') {
     trapConfigError.bindAddress = 'Bind Address cannot be empty.'
   } else if (bindAddress.value !== '*' && !isValidIP(bindAddress.value)) {
     trapConfigError.bindAddress = 'Bind Address must be * or a valid IP address.'
   }
-  
+
   if (threads.value < 0) {
     trapConfigError.threads = 'Threads cannot be negative.'
   }
-  
+
   if (queueSize.value < 0) {
     trapConfigError.queueSize = 'Queue Size cannot be negative.'
   }
-  
+
   if (batchSize.value < 0) {
     trapConfigError.batchSize = 'Batch Size cannot be negative.'
   }
-  
+
   if (batchInterval.value < 0) {
     trapConfigError.batchInterval = 'Batch Interval cannot be negative.'
   }
-  
+
   return trapConfigError
 }
 
@@ -226,15 +233,15 @@ const updateConfig = async () => {
 
 const loadInitialConfig = () => {
   if (store.trapdConfig) {
-    port.value = store.trapdConfig.snmpTrapPort || 10162
-    bindAddress.value = store.trapdConfig.snmpTrapAddress || '*'
-    status.value = store.trapdConfig.newSuspectOnTrap || false
-    trapSourceAddressStatus.value = store.trapdConfig.useAddressFromVarbind || false
-    trapMessageStatus.value = store.trapdConfig.includeRawMessage || false
-    threads.value = store.trapdConfig.threads || 0
-    queueSize.value = store.trapdConfig.queueSize || 10000
-    batchSize.value = store.trapdConfig.batchSize || 1000
-    batchInterval.value = store.trapdConfig.batchInterval || 500
+    port.value = store.trapdConfig.snmpTrapPort || DEFAULT_TRAPD_PORT
+    bindAddress.value = store.trapdConfig.snmpTrapAddress || DEFAULT_TRAPD_BIND_ADDRESS
+    status.value = store.trapdConfig.newSuspectOnTrap || DEFAULT_TRAPD_NEW_SUSPECT_ON_TRAP
+    trapSourceAddressStatus.value = store.trapdConfig.useAddressFromVarbind || DEFAULT_TRAPD_USE_ADDRESS_FROM_VARBIND
+    trapMessageStatus.value = store.trapdConfig.includeRawMessage || DEFAULT_TRAPD_INCLUDE_RAW_MESSAGE
+    threads.value = store.trapdConfig.threads || DEFAULT_TRAPD_THREADS
+    queueSize.value = store.trapdConfig.queueSize || DEFAULT_TRAPD_QUEUE_SIZE
+    batchSize.value = store.trapdConfig.batchSize || DEFAULT_TRAPD_BATCH_SIZE
+    batchInterval.value = store.trapdConfig.batchInterval || DEFAULT_TRAPD_BATCH_INTERVAL
   }
 }
 
diff --git a/ui/src/components/TrapConfiguration/contants.ts b/ui/src/components/TrapConfiguration/contants.ts
deleted file mode 100644
index c643af15a513..000000000000
--- a/ui/src/components/TrapConfiguration/contants.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-import { ISelectItemType } from '@featherds/select'
-
-export const isValidIP = (ip: string): boolean => {
-  const parts = ip.split('.')
-  if (parts.length !== 4) return false
-  return parts.every((part) => {
-    const num = parseInt(part, 10)
-    return !isNaN(num) && num >= 0 && num <= 255
-  })
-}
-
-export const SECURITY_LEVEL_OPTIONS: ISelectItemType[] = [
-  { _text: '1 - NoAuthNoPriv', _value: 1 },
-  { _text: '2 - AuthNoPriv', _value: 2 },
-  { _text: '3 - AuthPriv', _value: 3 }
-]
-
-export const PRIVACY_PROTOCOLS_OPTIONS: ISelectItemType[] = [
-  { _text: 'DES', _value: 'DES' },
-  { _text: 'AES', _value: 'AES' },
-  { _text: 'AES192', _value: 'AES192' },
-  { _text: 'AES256', _value: 'AES256' }
-]
-
-export const AUTH_PROTOCOLS_OPTIONS: ISelectItemType[] = [
-  { _text: 'MD5', _value: 'MD5' },
-  { _text: 'SHA', _value: 'SHA' },
-  { _text: 'SHA224', _value: 'SHA224' },
-  { _text: 'SHA256', _value: 'SHA256' },
-  { _text: 'SHA512', _value: 'SHA512' }
-]
-
diff --git a/ui/src/lib/constants.ts b/ui/src/lib/constants.ts
index a3fe19a3babe..b943758d3277 100644
--- a/ui/src/lib/constants.ts
+++ b/ui/src/lib/constants.ts
@@ -42,3 +42,15 @@ export const DEFAULT_SNMP_V3_AUTH_PASSPHRASE = '0p3nNMSv3'
 export const DEFAULT_SNMP_V3_AUTH_PROTOCOL = 'MD5'
 export const DEFAULT_SNMP_V3_PRIVACY_PASSPHRASE = '0p3nNMSv3'
 export const DEFAULT_SNMP_V3_PRIVACY_PROTOCOL = 'DES'
+
+// Trapd Defaults
+export const DEFAULT_TRAPD_PORT = 10162
+export const DEFAULT_TRAPD_BIND_ADDRESS = '*'
+export const DEFAULT_TRAPD_THREADS = 0
+export const DEFAULT_TRAPD_QUEUE_SIZE = 10000
+export const DEFAULT_TRAPD_BATCH_SIZE = 1000
+export const DEFAULT_TRAPD_BATCH_INTERVAL = 500
+export const DEFAULT_TRAPD_USE_ADDRESS_FROM_VARBIND = false
+export const DEFAULT_TRAPD_INCLUDE_RAW_MESSAGE = false
+export const DEFAULT_TRAPD_NEW_SUSPECT_ON_TRAP = false
+
diff --git a/ui/src/lib/trapdValidator.ts b/ui/src/lib/trapdValidator.ts
index 65d017887327..0dfe2151e94e 100644
--- a/ui/src/lib/trapdValidator.ts
+++ b/ui/src/lib/trapdValidator.ts
@@ -20,22 +20,62 @@
 /// License.
 ///
 
-import { SnmpSecurityLevel } from '@/types/trapConfig'
+import { SecurityLevel, AuthProtocol, PrivacyProtocol } from '@/types/trapConfig'
+import { ISelectItemType } from '@featherds/select'
 
-const VALID_SECURITY_LEVELS = [SnmpSecurityLevel.NoAuthNoPriv, SnmpSecurityLevel.AuthNoPriv, SnmpSecurityLevel.AuthPriv]
-const MIN_PORT = 1
-const MAX_PORT = 65535
+export const MIN_PORT = 1
+export const MAX_PORT = 65535
 
-export const SecurityLevelSelectionOptions = [
-  { _text: 'No Auth (1)', _value: String(SnmpSecurityLevel.NoAuthNoPriv) },
-  { _text: 'Auth Only (2)', _value: String(SnmpSecurityLevel.AuthNoPriv) },
-  { _text: 'Auth and Privacy (3)', _value: String(SnmpSecurityLevel.AuthPriv) }
+const VALID_SECURITY_LEVELS = [SecurityLevel.NoAuthNoPriv, SecurityLevel.AuthNoPriv, SecurityLevel.AuthPriv]
+
+export const SECURITY_LEVEL_OPTIONS: ISelectItemType[] = [
+  { _text: 'No Auth (1)', _value: String(SecurityLevel.NoAuthNoPriv) },
+  { _text: 'Auth Only (2)', _value: String(SecurityLevel.AuthNoPriv) },
+  { _text: 'Auth and Privacy (3)', _value: String(SecurityLevel.AuthPriv) }
 ]
 
-export const SnmpAuthProtocols = ['MD5', 'SHA', 'SHA-224', 'SHA-256', 'SHA-512']
+export const AuthProtocols = [
+  AuthProtocol.MD5,
+  AuthProtocol.SHA,
+  AuthProtocol.SHA224,
+  AuthProtocol.SHA256,
+  AuthProtocol.SHA512
+]
 
-export const SnmpPrivacyProtocols = ['DES', 'AES', 'AES192', 'AES256']
+export const PrivacyProtocols = [
+  PrivacyProtocol.DES,
+  PrivacyProtocol.AES,
+  PrivacyProtocol.AES192,
+  PrivacyProtocol.AES256
+]
 
 export const isValidSnmpSecurityLevel = (level: number | undefined): boolean => {
   return level !== undefined && VALID_SECURITY_LEVELS.includes(level)
 }
+
+export const isValidIP = (ip: string): boolean => {
+  const parts = ip.split('.')
+  if (parts.length !== 4) return false
+  return parts.every((part) => {
+    const num = parseInt(part, 10)
+    return !isNaN(num) && num >= 0 && num <= 255
+  })
+}
+
+export const isValidPort = (port: number | undefined): boolean => {
+  return port !== undefined && !isNaN(port) && port >= MIN_PORT && port <= MAX_PORT
+}
+
+export const AUTH_PROTOCOL_OPTIONS: ISelectItemType[] = AuthProtocols.map((protocol) => ({
+  _text: protocol,
+  _value: protocol
+}))
+
+export const PRIVACY_PROTOCOL_OPTIONS: ISelectItemType[] = PrivacyProtocols.map((protocol) => ({
+  _text: protocol,
+  _value: protocol
+}))
+
+export const isEqual = (obj1: any, obj2: any): boolean => {
+  return JSON.stringify(obj1) === JSON.stringify(obj2)
+}
diff --git a/ui/src/types/trapConfig.d.ts b/ui/src/types/trapConfig.d.ts
index d67eb1d54a94..abfa6df2c188 100644
--- a/ui/src/types/trapConfig.d.ts
+++ b/ui/src/types/trapConfig.d.ts
@@ -80,9 +80,24 @@ export interface SnmpV3UserError {
   privacyPassphrase?: string
 }
 
-export enum SnmpSecurityLevel {
+export enum SecurityLevel {
   None = 0,
   NoAuthNoPriv = 1,
   AuthNoPriv = 2,
   AuthPriv = 3
 }
+
+export enum AuthProtocol {
+  MD5 = 'MD5',
+  SHA = 'SHA',
+  SHA224 = 'SHA224',
+  SHA256 = 'SHA256',
+  SHA512 = 'SHA512'
+}
+
+export enum PrivacyProtocol {
+  DES = 'DES',
+  AES = 'AES',
+  AES192 = 'AES192',
+  AES256 = 'AES256'
+}

From 6d8a9e6d5d583cfe8db5bbfe753f2fb0e4b73375 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 19 Mar 2026 23:53:23 +0500
Subject: [PATCH 12/41] changes

---
 .../GeneralConfiguration.vue                  | 37 +++++++++++++----
 ui/src/lib/trapdValidator.ts                  | 41 +++++++++++++++++--
 ui/src/services/trapdConfigurationService.ts  |  6 +--
 ui/src/stores/trapConfigStore.ts              |  3 +-
 ui/src/types/trapConfig.d.ts                  | 35 ++++++----------
 5 files changed, 83 insertions(+), 39 deletions(-)

diff --git a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
index d471d81a18fb..d27a20e69f8e 100644
--- a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
@@ -130,11 +130,12 @@ import { DEFAULT_TRAPD_BATCH_INTERVAL, DEFAULT_TRAPD_BATCH_SIZE, DEFAULT_TRAPD_B
 import { isValidIP, isValidPort, MAX_PORT, MIN_PORT } from '@/lib/trapdValidator'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
-import { TrapdConfigurationError } from '@/types/trapConfig'
+import { TrapConfigPayload, TrapdConfigurationError } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherExpansionPanel } from '@featherds/expansion'
 import { FeatherInput } from '@featherds/input'
 import { SwitchRender } from '@featherds/switch'
+import { isEqual } from 'lodash'
 import TableCard from '../Common/TableCard.vue'
 
 const status = ref(DEFAULT_TRAPD_NEW_SUSPECT_ON_TRAP)
@@ -203,16 +204,16 @@ const updateConfig = async () => {
   }
 
   const newConfig = {
-    snmpTrapPort: port.value,
+    snmpTrapPort: Number(port.value),
     snmpTrapAddress: bindAddress.value,
     newSuspectOnTrap: status.value,
     useAddressFromVarbind: trapSourceAddressStatus.value,
     includeRawMessage: trapMessageStatus.value,
-    threads: threads.value,
-    queueSize: queueSize.value,
-    batchSize: batchSize.value,
-    batchInterval: batchInterval.value
-  }
+    threads: Number(threads.value),
+    queueSize: Number(queueSize.value),
+    batchSize: Number(batchSize.value),
+    batchInterval: Number(batchInterval.value)
+  } as TrapConfigPayload
 
   try {
     isSaving.value = true
@@ -247,7 +248,27 @@ const loadInitialConfig = () => {
 
 watchEffect(() => {
   trapConfigError.value = validateInputs()
-  isSaveDisabled.value = Object.keys(trapConfigError.value).length > 0
+  isSaveDisabled.value = Object.keys(trapConfigError.value).length > 0 || isEqual({
+    snmpTrapPort: Number(port.value),
+    snmpTrapAddress: bindAddress.value,
+    newSuspectOnTrap: status.value,
+    useAddressFromVarbind: trapSourceAddressStatus.value,
+    includeRawMessage: trapMessageStatus.value,
+    threads: Number(threads.value),
+    queueSize: Number(queueSize.value),
+    batchSize: Number(batchSize.value),
+    batchInterval: Number(batchInterval.value)
+  }, {
+    snmpTrapPort: store.trapdConfig?.snmpTrapPort,
+    snmpTrapAddress: store.trapdConfig?.snmpTrapAddress,
+    newSuspectOnTrap: store.trapdConfig?.newSuspectOnTrap,
+    useAddressFromVarbind: store.trapdConfig?.useAddressFromVarbind,
+    includeRawMessage: store.trapdConfig?.includeRawMessage,
+    threads: store.trapdConfig?.threads,
+    queueSize: store.trapdConfig?.queueSize,
+    batchSize: store.trapdConfig?.batchSize,
+    batchInterval: store.trapdConfig?.batchInterval
+  })
 })
 
 watch(() => store.trapdConfig, () => {
diff --git a/ui/src/lib/trapdValidator.ts b/ui/src/lib/trapdValidator.ts
index 0dfe2151e94e..d5a42250f5ae 100644
--- a/ui/src/lib/trapdValidator.ts
+++ b/ui/src/lib/trapdValidator.ts
@@ -20,12 +20,35 @@
 /// License.
 ///
 
-import { SecurityLevel, AuthProtocol, PrivacyProtocol } from '@/types/trapConfig'
+import { TrapConfig } from '@/types/trapConfig'
 import { ISelectItemType } from '@featherds/select'
+import { DEFAULT_TRAPD_BIND_ADDRESS } from './constants'
 
 export const MIN_PORT = 1
 export const MAX_PORT = 65535
 
+export enum SecurityLevel {
+  None = 0,
+  NoAuthNoPriv = 1,
+  AuthNoPriv = 2,
+  AuthPriv = 3
+}
+
+export enum AuthProtocol {
+  MD5 = 'MD5',
+  SHA = 'SHA',
+  SHA224 = 'SHA224',
+  SHA256 = 'SHA256',
+  SHA512 = 'SHA512'
+}
+
+export enum PrivacyProtocol {
+  DES = 'DES',
+  AES = 'AES',
+  AES192 = 'AES192',
+  AES256 = 'AES256'
+}
+
 const VALID_SECURITY_LEVELS = [SecurityLevel.NoAuthNoPriv, SecurityLevel.AuthNoPriv, SecurityLevel.AuthPriv]
 
 export const SECURITY_LEVEL_OPTIONS: ISelectItemType[] = [
@@ -76,6 +99,16 @@ export const PRIVACY_PROTOCOL_OPTIONS: ISelectItemType[] = PrivacyProtocols.map(
   _value: protocol
 }))
 
-export const isEqual = (obj1: any, obj2: any): boolean => {
-  return JSON.stringify(obj1) === JSON.stringify(obj2)
-}
+export const getDefaultTrapdConfig = (): TrapConfig => ({
+  snmpTrapAddress: DEFAULT_TRAPD_BIND_ADDRESS,
+  snmpTrapPort: 10162,
+  newSuspectOnTrap: false,
+  includeRawMessage: false,
+  threads: 0,
+  queueSize: 10000,
+  batchSize: 1000,
+  batchInterval: 500,
+  useAddressFromVarbind: false,
+  snmpv3User: []
+})
+
diff --git a/ui/src/services/trapdConfigurationService.ts b/ui/src/services/trapdConfigurationService.ts
index 990d2b069f79..ca4c69812de0 100644
--- a/ui/src/services/trapdConfigurationService.ts
+++ b/ui/src/services/trapdConfigurationService.ts
@@ -1,14 +1,12 @@
 import axios from 'axios'
 
-import type { SnmpV3User, TrapConfig } from '@/types/trapConfig'
+import type { SnmpV3User, TrapConfig, TrapConfigPayload } from '@/types/trapConfig'
 
 import { v2 } from './axiosInstances'
 import { mapTrapdConfigFromServer } from '@/mappers/trapdConfig.mapper'
 
 const endpoint = '/trapd'
 
-export type TrapdConfigurationUpdatePayload = Partial<Omit<TrapConfig, 'snmpv3User'>>
-
 const getTrapdServiceErrorMessage = (error: unknown, fallbackMessage: string): string => {
   if (axios.isAxiosError(error)) {
     const responseData = error.response?.data
@@ -79,7 +77,7 @@ export const getTrapdConfiguration = async (): Promise<TrapConfig> => {
   }
 }
 
-export const updateTrapdConfiguration = async (payload: TrapdConfigurationUpdatePayload): Promise<TrapConfig> => {
+export const updateTrapdConfiguration = async (payload: TrapConfigPayload): Promise<TrapConfig> => {
   try {
     const response = await v2.put(`${endpoint}/update-config`, payload)
 
diff --git a/ui/src/stores/trapConfigStore.ts b/ui/src/stores/trapConfigStore.ts
index 2c1d7ac084cc..22c2e41a23a6 100644
--- a/ui/src/stores/trapConfigStore.ts
+++ b/ui/src/stores/trapConfigStore.ts
@@ -1,3 +1,4 @@
+import { getDefaultTrapdConfig } from '@/lib/trapdValidator'
 import { getTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { CreateEditMode } from '@/types'
 import { TrapConfigStoreState } from '@/types/trapConfig'
@@ -6,7 +7,7 @@ import { defineStore } from 'pinia'
 export const useTrapConfigStore = defineStore('useTrapConfigStore', {
   state: (): TrapConfigStoreState => ({
     isLoading: false,
-    trapdConfig: null,
+    trapdConfig: getDefaultTrapdConfig(),
     SnmpV3Users: [],
     activeTab: 0,
     credentialDrawerState: {
diff --git a/ui/src/types/trapConfig.d.ts b/ui/src/types/trapConfig.d.ts
index abfa6df2c188..b26ec341ef3f 100644
--- a/ui/src/types/trapConfig.d.ts
+++ b/ui/src/types/trapConfig.d.ts
@@ -24,7 +24,7 @@ import { CreateEditMode } from '.'
 
 export interface TrapConfigStoreState {
   isLoading: boolean
-  trapdConfig: TrapConfig | null
+  trapdConfig: TrapConfig
   SnmpV3Users: SnmpV3User[]
   activeTab: number
   credentialDrawerState: {
@@ -50,6 +50,18 @@ export interface TrapConfig {
   snmpv3User: SnmpV3User[]
 }
 
+export interface TrapConfigPayload {
+  snmpTrapAddress: string
+  snmpTrapPort: number
+  newSuspectOnTrap: boolean
+  includeRawMessage: boolean
+  threads: number
+  queueSize: number
+  batchSize: number
+  batchInterval: number
+  useAddressFromVarbind: boolean
+}
+
 export interface SnmpV3User {
   engineId: string | null
   securityName: string
@@ -80,24 +92,3 @@ export interface SnmpV3UserError {
   privacyPassphrase?: string
 }
 
-export enum SecurityLevel {
-  None = 0,
-  NoAuthNoPriv = 1,
-  AuthNoPriv = 2,
-  AuthPriv = 3
-}
-
-export enum AuthProtocol {
-  MD5 = 'MD5',
-  SHA = 'SHA',
-  SHA224 = 'SHA224',
-  SHA256 = 'SHA256',
-  SHA512 = 'SHA512'
-}
-
-export enum PrivacyProtocol {
-  DES = 'DES',
-  AES = 'AES',
-  AES192 = 'AES192',
-  AES256 = 'AES256'
-}

From 3871d576d7d5e7863a2163ee2c909c4becb1f402 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 20 Mar 2026 18:40:38 +0500
Subject: [PATCH 13/41] change

---
 .../TrapConfiguration/CreateSnmpV3User.vue    | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
index d534cca2890c..774a117c8f87 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
@@ -136,11 +136,12 @@
 
 <script setup lang="ts">
 import useSnackbar from '@/composables/useSnackbar'
+import { AUTH_PROTOCOL_OPTIONS, PRIVACY_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS, SecurityLevel } from '@/lib/trapdValidator'
 import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
 import { saveTrapdUser, updateTrapdUser } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { CreateEditMode } from '@/types'
-import { SnmpV3UserError } from '@/types/trapConfig'
+import type { SnmpV3UserError } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherIcon } from '@featherds/icon'
 import Security from '@featherds/icon/hardware/Security'
@@ -149,7 +150,6 @@ import { FeatherInput } from '@featherds/input'
 import { FeatherSelect, ISelectItemType } from '@featherds/select'
 import TableCard from '../Common/TableCard.vue'
 import SearchExistingCredential from './Drawer/SearchExistingCredential.vue'
-import { AUTH_PROTOCOL_OPTIONS, PRIVACY_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS } from '@/lib/trapdValidator'
 
 const store = useTrapConfigStore()
 const { showSnackBar } = useSnackbar()
@@ -166,24 +166,24 @@ const isSaving = ref<boolean>(false)
 const error = ref<SnmpV3UserError>({})
 
 const authProtocolVisible = computed(() => {
-  const selectedSecurityLevel = securityLevel.value?._value
-
-  return selectedSecurityLevel === 2 || selectedSecurityLevel === 3
+  const selectedSecurityLevel = Number(securityLevel.value?._value)
+  return selectedSecurityLevel === SecurityLevel.AuthNoPriv || selectedSecurityLevel === SecurityLevel.AuthPriv
 })
 
 const privacyProtocolVisible = computed(() => {
-  return securityLevel.value?._value === 3
+  const selectedSecurityLevel = Number(securityLevel.value?._value)
+  return selectedSecurityLevel === SecurityLevel.AuthPriv
 })
 
 watch(securityLevel, (selectedSecurityLevel) => {
-  const levelValue = selectedSecurityLevel?._value
+  const levelValue = Number(selectedSecurityLevel?._value)
 
-  if (levelValue !== 2 && levelValue !== 3) {
+  if (levelValue !== SecurityLevel.AuthNoPriv && levelValue !== SecurityLevel.AuthPriv) {
     authProtocol.value = createEmptySelectItem()
     authPassphrase.value = ''
   }
 
-  if (levelValue !== 3) {
+  if (levelValue !== SecurityLevel.AuthPriv) {
     authProtocol.value = createEmptySelectItem()
     privacyProtocol.value = createEmptySelectItem()
     authPassphrase.value = ''
@@ -294,7 +294,7 @@ const loadUserData = (drawerState: typeof store.createUserDrawerState) => {
     engineId.value = ''
     authPassphrase.value = ''
     privacyPassphrase.value = ''
-  }
+  } 
 }
 
 watchEffect(() => {

From 38a969dad104c55645b45e275072ac7948ebbfb6 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 24 Mar 2026 19:52:37 +0500
Subject: [PATCH 14/41] search changes

---
 .../Drawer/SearchExistingCredential.vue       | 50 ++++++++++++++++---
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue b/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
index b11c994279e3..6f88e7d040c1 100644
--- a/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
+++ b/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
@@ -25,15 +25,15 @@
             />
           </div>
           <div class="value">
-            <FeatherSelect
-              class="my-select"
-              label="Key Type"
-              clear="Clear Selection"
+            <FeatherInput
+              :modelValue="searchValue"
+              @update:modelValue="val => onSearch(val as string)"
+              label="Search for credentials"
             >
-              <template v-slot:pre>
+              <template v-slot:post>
                 <FeatherIcon :icon="Search" />
               </template>
-            </FeatherSelect>
+            </FeatherInput>
           </div>
         </div>
         <div class="search-row">
@@ -59,12 +59,25 @@
               name="data-table"
               tag="tbody"
             >
-              <tr
+              <!-- <tr
                 v-for="(user, index) in tableRecords"
                 :key="index"
               >
                 <td>{{ user.alias }}</td>
                 <td>{{ user.value }}</td>
+              </tr> -->
+              <tr
+                v-for="(item, index) of filteredResults"
+                :key="`${item.alias}-${item.key}-${index}`"
+                style="cursor: pointer;"
+              >
+                <td>
+                  {{ item.type === 'alias' ? item.alias : '' }}
+                </td>
+                <td v-if="item.type === 'key' && item.key">
+                  <a @click.prevent="onItemSelected(item)">{{ item.type === 'key' ? item.key : '' }}</a>
+                </td>
+                <td v-else></td>
               </tr>
             </TransitionGroup>
           </table>
@@ -90,19 +103,42 @@
 import EmptyList from '@/components/Common/EmptyList.vue'
 import { useScvStore } from '@/stores/scvStore'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { ScvSearchItem } from '@/types/scv'
 import FeatherButton from '@featherds/button/src/components/FeatherButton.vue'
 import { FeatherDrawer } from '@featherds/drawer'
 import { FeatherIcon } from '@featherds/icon'
 import Search from '@featherds/icon/action/Search'
+import { FeatherInput } from '@featherds/input'
 import { FeatherSelect } from '@featherds/select'
+import { debounce } from 'lodash'
 
+const emit = defineEmits<{
+  (e: 'hidden'): void
+  (e: 'item-selected', item: ScvSearchItem): void
+}>()
+
+const DEBOUNCE_DELAY = 300
 const store = useTrapConfigStore()
 const scvStore = useScvStore()
+const credentialsLoading = ref(false)
+const filteredResults = ref<ScvSearchItem[]>([])
+const searchValue = ref<string>('')
 const tableRecords = ref<{ alias: string; value: string }[]>([
   { alias: 'credential1', value: 'value1' },
   { alias: 'credential2', value: 'value2' }
 ])
 
+const onSearch = debounce((query: string) => {
+  credentialsLoading.value = true
+  searchValue.value = query
+  filteredResults.value = scvStore.queryCredentials(query)
+  credentialsLoading.value = false
+}, DEBOUNCE_DELAY)
+
+const onItemSelected = (item: ScvSearchItem) => {
+  emit('item-selected', item)
+}
+
 onMounted(() => {
   scvStore.populate()
 })

From 474dd50adb7658abf18c9e1954d8a2c187b09081 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 24 Mar 2026 21:48:21 +0500
Subject: [PATCH 15/41] changes

---
 .../opennms/web/rest/v2/TrapdRestService.java |  97 ++++++-----
 .../opennms/web/rest/v2/api/TrapdRestApi.java |  38 +++--
 .../web/rest/v2/TrapdRestServiceIT.java       | 150 ++++++++++--------
 3 files changed, 167 insertions(+), 118 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 33929bbe6f4c..e90a2e37446b 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -30,6 +30,7 @@
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.SecurityContext;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.opennms.core.xml.JaxbUtils;
 import org.opennms.features.config.exception.ValidationException;
@@ -52,7 +53,7 @@ public class TrapdRestService implements TrapdRestApi {
     private static final Set<String> PRIVACY_PROTOCOLS = new HashSet<>(Arrays.asList("DES", "AES", "AES192", "AES256"));
 
     @Autowired
-    private TrapdConfigDao m_trapdConfigDao;
+    private TrapdConfigDao trapdConfigDao;
 
     @Override
     public Response uploadTrapdConfiguration(final Attachment attachment, final SecurityContext securityContext) {
@@ -69,8 +70,8 @@ public Response uploadTrapdConfiguration(final Attachment attachment, final Secu
         }
 
         try {
-            m_trapdConfigDao.updateConfig(config);
-            return Response.ok(TrapdConfigDto.toDto(config)).build();
+            trapdConfigDao.updateConfig(config);
+            return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Uploaded trapd configuration failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -83,7 +84,7 @@ public Response uploadTrapdConfiguration(final Attachment attachment, final Secu
     @Override
     public Response getTrapdConfiguration(final SecurityContext securityContext) {
         try {
-            TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            TrapdConfiguration config = trapdConfigDao.getConfig();
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
@@ -109,8 +110,8 @@ public Response updateTrapdConfiguration(TrapdConfigDto config, SecurityContext
         }
 
         try {
-            m_trapdConfigDao.updateConfig(updatedConfig);
-            return Response.ok(TrapdConfigDto.toDto(m_trapdConfigDao.getConfig())).build();
+            trapdConfigDao.updateConfig(updatedConfig);
+            return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -135,11 +136,17 @@ public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContex
         }
 
         try {
-            TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            TrapdConfiguration config = trapdConfigDao.getConfig();
             if (config == null) {
                 config = new TrapdConfiguration();
             }
 
+            if (findUserIndexBySecurityName(config, user.getSecurityName()) >= 0) {
+                return Response.status(Status.CONFLICT)
+                        .entity("SNMPv3 user with securityName '" + user.getSecurityName() + "' already exists.")
+                        .build();
+            }
+
             final String validationMessage = validateSnmpv3UserPayload(user);
             if (validationMessage != null) {
                 return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
@@ -154,8 +161,8 @@ public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContex
             }
 
             config.addSnmpv3User(snmpv3User);
-            m_trapdConfigDao.updateConfig(config);
-            return Response.ok(Snmpv3UserDto.toDto(snmpv3User)).build();
+            trapdConfigDao.updateConfig(config);
+            return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Provided SNMPv3 user failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
@@ -166,9 +173,9 @@ public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContex
     }
 
     @Override
-    public Response updateTrapdUser(Integer index, Snmpv3UserDto user, SecurityContext securityContext) {
-        if (index == null || index < 0) {
-            return Response.status(Status.BAD_REQUEST).entity("Valid user index is required.").build();
+    public Response updateTrapdUser(String securityName, Snmpv3UserDto user, SecurityContext securityContext) {
+        if (StringUtils.isBlank(securityName)) {
+            return Response.status(Status.BAD_REQUEST).entity("Valid security name is required.").build();
         }
 
         if (user == null) {
@@ -184,14 +191,15 @@ public Response updateTrapdUser(Integer index, Snmpv3UserDto user, SecurityConte
         }
 
         try {
-            final TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            final TrapdConfiguration config = trapdConfigDao.getConfig();
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
 
-            if (index >= config.getSnmpv3UserCount()) {
-                return Response.status(Status.BAD_REQUEST)
-                        .entity("Index " + index + " is out of range. There are " + config.getSnmpv3UserCount() + " user(s) configured.")
+            final int index = findUserIndexBySecurityName(config, securityName);
+            if (index < 0) {
+                return Response.status(Status.NOT_FOUND)
+                        .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
                         .build();
             }
 
@@ -201,49 +209,60 @@ public Response updateTrapdUser(Integer index, Snmpv3UserDto user, SecurityConte
             }
 
             config.setSnmpv3User(index, snmpv3User);
-            m_trapdConfigDao.updateConfig(config);
-            return Response.ok(Snmpv3UserDto.toDto(snmpv3User)).build();
+            trapdConfigDao.updateConfig(config);
+            return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Updating SNMPv3 user failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
         } catch (Exception e) {
-            LOG.error("Failed to update SNMPv3 user at index {}.", index, e);
+            LOG.error("Failed to update SNMPv3 user for securityName {}.", securityName, e);
             return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to update trapd user.").build();
         }
     }
 
     @Override
-    public Response deleteTrapdUser(Integer index, SecurityContext securityContext) {
-        if (index == null || index < 0) {
-            return Response.status(Status.BAD_REQUEST).entity("Valid user index is required.").build();
+    public Response deleteTrapdUser(String securityName, SecurityContext securityContext) {
+        if (StringUtils.isBlank(securityName)) {
+            return Response.status(Status.BAD_REQUEST).entity("Valid security name is required.").build();
         }
 
         try {
-            final TrapdConfiguration config = m_trapdConfigDao.getConfig();
+            final TrapdConfiguration config = trapdConfigDao.getConfig();
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
 
-            if (index >= config.getSnmpv3UserCount()) {
-                return Response.status(Status.BAD_REQUEST)
-                        .entity("Index " + index + " is out of range. There are " + config.getSnmpv3UserCount() + " user(s) configured.")
+            final int index = findUserIndexBySecurityName(config, securityName);
+            if (index < 0) {
+                return Response.status(Status.NOT_FOUND)
+                        .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
                         .build();
             }
 
             final Snmpv3User removed = config.removeSnmpv3UserAt(index);
-            m_trapdConfigDao.updateConfig(config);
-            return Response.ok(Snmpv3UserDto.toDto(removed)).build();
+            trapdConfigDao.updateConfig(config);
+            return Response.noContent().build();
         } catch (ValidationException e) {
             LOG.warn("Removing SNMPv3 user failed schema validation.", e);
             return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
         } catch (Exception e) {
-            LOG.error("Failed to delete SNMPv3 user at index {}.", index, e);
+            LOG.error("Failed to delete SNMPv3 user for securityName {}.", securityName, e);
             return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to delete trapd user.").build();
         }
     }
 
+    private int findUserIndexBySecurityName(final TrapdConfiguration config, final String securityName) {
+        for (int i = 0; i < config.getSnmpv3UserCount(); i++) {
+            final Snmpv3User existing = config.getSnmpv3User(i);
+            if (StringUtils.equals(existing.getSecurityName(), securityName)) {
+                return i;
+            }
+        }
+        return -1;
+    }
+
     private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigDto payload) {
-        TrapdConfiguration config = m_trapdConfigDao.getConfig();
+        TrapdConfiguration config = trapdConfigDao.getConfig();
         if (config == null) {
             config = new TrapdConfiguration();
         }
@@ -291,7 +310,7 @@ private Snmpv3User toSnmpv3User(final Snmpv3UserDto userDto) {
     }
 
     private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
-        if (isBlank(user.getSecurityName())) {
+        if (StringUtils.isBlank(user.getSecurityName())) {
             return "securityName is required.";
         }
 
@@ -300,17 +319,17 @@ private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
             return "securityLevel must be between 1 and 3.";
         }
 
-        if (!isBlank(user.getAuthProtocol()) && !AUTH_PROTOCOLS.contains(user.getAuthProtocol())) {
+        if (!StringUtils.isBlank(user.getAuthProtocol()) && !AUTH_PROTOCOLS.contains(user.getAuthProtocol())) {
             return "Unsupported authProtocol.";
         }
-        if (!isBlank(user.getPrivacyProtocol()) && !PRIVACY_PROTOCOLS.contains(user.getPrivacyProtocol())) {
+        if (!StringUtils.isBlank(user.getPrivacyProtocol()) && !PRIVACY_PROTOCOLS.contains(user.getPrivacyProtocol())) {
             return "Unsupported privacyProtocol.";
         }
 
-        final boolean hasAuthProtocol = !isBlank(user.getAuthProtocol());
-        final boolean hasAuthPassphrase = !isBlank(user.getAuthPassphrase());
-        final boolean hasPrivacyProtocol = !isBlank(user.getPrivacyProtocol());
-        final boolean hasPrivacyPassphrase = !isBlank(user.getPrivacyPassphrase());
+        final boolean hasAuthProtocol = !StringUtils.isBlank(user.getAuthProtocol());
+        final boolean hasAuthPassphrase = !StringUtils.isBlank(user.getAuthPassphrase());
+        final boolean hasPrivacyProtocol = !StringUtils.isBlank(user.getPrivacyProtocol());
+        final boolean hasPrivacyPassphrase = !StringUtils.isBlank(user.getPrivacyPassphrase());
 
         if (hasAuthProtocol != hasAuthPassphrase) {
             return "authProtocol and authPassphrase must be provided together.";
@@ -334,8 +353,4 @@ private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
         return null;
     }
 
-    private boolean isBlank(final String value) {
-        return value == null || value.trim().isEmpty();
-    }
-
 }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index 420c254f0ce6..17008b518d33 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -21,12 +21,18 @@
  */
 package org.opennms.web.rest.v2.api;
 
-import javax.ws.rs.*;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.PUT;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.QueryParam;
 
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.apache.cxf.jaxrs.ext.multipart.Multipart;
@@ -52,14 +58,14 @@ public interface TrapdRestApi {
             operationId = "uploadTrapdConfiguration"
     )
     @ApiResponses(value = {
-            @ApiResponse(responseCode = "204", description = "Configuration updated successfully"),
+            @ApiResponse(responseCode = "200", description = "Configuration updated successfully"),
             @ApiResponse(responseCode = "400", description = "Invalid trapd XML or missing upload field"),
             @ApiResponse(responseCode = "500", description = "Failed to persist trapd configuration")
     })
     Response uploadTrapdConfiguration(@Multipart("upload") Attachment attachment, @Context SecurityContext securityContext);
     
     @GET
-    @Path("get-config")
+    @Path("config")
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(
             summary = "Get trapd configuration",
@@ -74,7 +80,7 @@ public interface TrapdRestApi {
     Response getTrapdConfiguration(@Context SecurityContext securityContext);
     
     @PUT
-    @Path("update-config")
+    @Path("config")
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(
@@ -90,7 +96,7 @@ public interface TrapdRestApi {
     Response updateTrapdConfiguration(TrapdConfigDto payload, @Context SecurityContext securityContext);
 
     @POST
-    @Path("save-user")
+    @Path("user")
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(
@@ -101,40 +107,42 @@ public interface TrapdRestApi {
     @ApiResponses(value = {
             @ApiResponse(responseCode = "200", description = "User saved successfully"),
             @ApiResponse(responseCode = "400", description = "Invalid user payload"),
+            @ApiResponse(responseCode = "409", description = "SNMPv3 user with provided securityName already exists"),
             @ApiResponse(responseCode = "500", description = "Failed to save user")
     })
     Response saveTrapdUser(Snmpv3UserDto user, @Context SecurityContext securityContext);
 
     @PUT
-    @Path("update-user")
+    @Path("user/{securityName}")
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(
             summary = "Update SNMPv3 user",
-            description = "Update SNMPv3 user configuration with provided JSON payload.",
+            description = "Update SNMPv3 user configuration for the provided securityName.",
             operationId = "updateTrapdUser"
     )
     @ApiResponses(value = {
             @ApiResponse(responseCode = "200", description = "User updated successfully"),
             @ApiResponse(responseCode = "400", description = "Invalid user payload"),
+            @ApiResponse(responseCode = "404", description = "SNMPv3 user with provided securityName was not found"),
             @ApiResponse(responseCode = "500", description = "Failed to update user")
     })
-    Response updateTrapdUser(@QueryParam("index") Integer index, Snmpv3UserDto user, @Context SecurityContext securityContext);
+    Response updateTrapdUser(@PathParam("securityName") String securityName, Snmpv3UserDto user, @Context SecurityContext securityContext);
 
     @DELETE
-    @Path("delete-user")
-    @Consumes(MediaType.APPLICATION_JSON)
+    @Path("user/{securityName}")
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(
             summary = "Delete SNMPv3 user",
-            description = "Delete SNMPv3 user configuration with provided index.",
+            description = "Delete SNMPv3 user configuration with provided securityName.",
             operationId = "deleteTrapdUser"
     )
     @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "User deleted successfully"),
-            @ApiResponse(responseCode = "400", description = "Invalid user index"),
+            @ApiResponse(responseCode = "204", description = "User deleted successfully"),
+            @ApiResponse(responseCode = "400", description = "Invalid securityName"),
+            @ApiResponse(responseCode = "404", description = "SNMPv3 user with provided securityName was not found"),
             @ApiResponse(responseCode = "500", description = "Failed to delete user")
     })
-    Response deleteTrapdUser(@QueryParam("index") Integer index, @Context SecurityContext securityContext);
+    Response deleteTrapdUser(@PathParam("securityName") String securityName, @Context SecurityContext securityContext);
 }
 
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index c0c11c0d1090..2e1fda8d5db9 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -22,6 +22,7 @@
 package org.opennms.web.rest.v2;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -77,7 +78,7 @@ public class TrapdRestServiceIT {
     public void setUp() throws Exception {
         m_trapdRestService = new TrapdRestService();
         m_trapdConfigDao = mock(TrapdConfigDao.class);
-        setField(m_trapdRestService, "m_trapdConfigDao", m_trapdConfigDao);
+        setField(m_trapdRestService, "trapdConfigDao", m_trapdConfigDao);
     }
 
     @Test
@@ -102,7 +103,7 @@ public void uploadShouldReturnBadRequestWhenXmlIsInvalid() {
     }
 
     @Test
-    public void uploadShouldPersistValidXmlAndReturnDto() {
+    public void uploadShouldPersistValidXmlAndReturnOk() {
         Attachment attachment = mock(Attachment.class);
         when(attachment.getObject(InputStream.class)).thenReturn(
                 new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8))
@@ -110,10 +111,7 @@ public void uploadShouldPersistValidXmlAndReturnDto() {
 
         try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof TrapdConfigDto);
-            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
-            assertEquals(Integer.valueOf(10163), dto.getSnmpTrapPort());
-            assertEquals("*", dto.getSnmpTrapAddress());
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
@@ -130,9 +128,7 @@ public void uploadShouldPersistUseAddressFromVarbindWhenProvidedInXml() {
 
         try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof TrapdConfigDto);
-            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
-            assertEquals(Boolean.TRUE, dto.getUseAddressFromVarbind());
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
@@ -205,7 +201,7 @@ public void saveUserShouldReturnBadRequestWhenPayloadMissing() {
     }
 
     @Test
-    public void saveUserShouldPersistUserAndReturnDto() {
+    public void saveUserShouldPersistUserAndReturnOk() {
         TrapdConfiguration existing = new TrapdConfiguration();
         existing.setSnmpTrapPort(1162);
         existing.setNewSuspectOnTrap(false);
@@ -222,11 +218,7 @@ public void saveUserShouldPersistUserAndReturnDto() {
 
         try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
-            Snmpv3UserDto dto = (Snmpv3UserDto) response.getEntity();
-            assertEquals("opennms-user", dto.getSecurityName());
-            assertEquals(Integer.valueOf(3), dto.getSecurityLevel());
-            assertEquals("AES", dto.getPrivacyProtocol());
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
@@ -310,7 +302,7 @@ public void saveUserShouldCreateNewConfigWhenNoneExists() {
 
         try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
@@ -320,6 +312,28 @@ public void saveUserShouldCreateNewConfigWhenNoneExists() {
         assertEquals(162, persisted.getSnmpTrapPort());
     }
 
+    @Test
+    public void saveUserShouldReturnConflictWhenSecurityNameAlreadyExists() {
+        TrapdConfiguration existing = new TrapdConfiguration();
+        existing.setSnmpTrapPort(1162);
+        existing.setNewSuspectOnTrap(false);
+        Snmpv3User existingUser = new Snmpv3User();
+        existingUser.setSecurityName("duplicate-user");
+        existing.addSnmpv3User(existingUser);
+        when(m_trapdConfigDao.getConfig()).thenReturn(existing);
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("duplicate-user");
+        user.setSecurityLevel(1);
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
+            assertEquals("SNMPv3 user with securityName 'duplicate-user' already exists.", response.getEntity());
+        }
+
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
     // --- validateSnmpv3UserPayload rule tests ---
 
     @Test
@@ -458,19 +472,19 @@ public void saveUserShouldRejectWhenSecurityLevelTwoHasPrivacyCredentials() {
     }
 
     @Test
-    public void deleteUserShouldReturnBadRequestWhenIndexNull() {
+    public void deleteUserShouldReturnBadRequestWhenSecurityNameNull() {
         try (Response response = m_trapdRestService.deleteTrapdUser(null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid user index is required.", response.getEntity());
+            assertEquals("Valid security name is required.", response.getEntity());
         }
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
-    public void deleteUserShouldReturnBadRequestWhenIndexNegative() {
-        try (Response response = m_trapdRestService.deleteTrapdUser(-1, null)) {
+    public void deleteUserShouldReturnBadRequestWhenSecurityNameBlank() {
+        try (Response response = m_trapdRestService.deleteTrapdUser("   ", null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid user index is required.", response.getEntity());
+            assertEquals("Valid security name is required.", response.getEntity());
         }
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
@@ -479,7 +493,7 @@ public void deleteUserShouldReturnBadRequestWhenIndexNegative() {
     public void deleteUserShouldReturnNotFoundWhenNoConfig() {
         when(m_trapdConfigDao.getConfig()).thenReturn(null);
 
-        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
+        try (Response response = m_trapdRestService.deleteTrapdUser("missing-user", null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
             assertEquals("Trapd configuration not found.", response.getEntity());
         }
@@ -487,21 +501,21 @@ public void deleteUserShouldReturnNotFoundWhenNoConfig() {
     }
 
     @Test
-    public void deleteUserShouldReturnBadRequestWhenIndexOutOfRange() {
+    public void deleteUserShouldReturnNotFoundWhenSecurityNameMissing() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
 
-        try (Response response = m_trapdRestService.deleteTrapdUser(5, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertTrue(((String) response.getEntity()).contains("out of range"));
+        try (Response response = m_trapdRestService.deleteTrapdUser("missing-user", null)) {
+            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
+            assertEquals("SNMPv3 user with securityName 'missing-user' was not found.", response.getEntity());
         }
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
-    public void deleteUserShouldRemoveUserAndReturnDto() {
+    public void deleteUserShouldRemoveUserAndReturnNoContent() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
@@ -511,11 +525,9 @@ public void deleteUserShouldRemoveUserAndReturnDto() {
         config.addSnmpv3User(user);
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
 
-        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
-            Snmpv3UserDto dto = (Snmpv3UserDto) response.getEntity();
-            assertEquals("user-to-delete", dto.getSecurityName());
+        try (Response response = m_trapdRestService.deleteTrapdUser("user-to-delete", null)) {
+            assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
@@ -523,6 +535,29 @@ public void deleteUserShouldRemoveUserAndReturnDto() {
         assertEquals(0, captor.getValue().getSnmpv3UserCount());
     }
 
+    @Test
+    public void deleteUserShouldRemoveOnlyMatchingSecurityName() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User keep = new Snmpv3User();
+        keep.setSecurityName("keep-user");
+        Snmpv3User remove = new Snmpv3User();
+        remove.setSecurityName("remove-user");
+        config.addSnmpv3User(keep);
+        config.addSnmpv3User(remove);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = m_trapdRestService.deleteTrapdUser("remove-user", null)) {
+            assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        assertEquals(1, captor.getValue().getSnmpv3UserCount());
+        assertEquals("keep-user", captor.getValue().getSnmpv3User(0).getSecurityName());
+    }
+
     @Test
     public void deleteUserShouldReturnBadRequestWhenValidationFails() {
         TrapdConfiguration config = new TrapdConfiguration();
@@ -534,7 +569,7 @@ public void deleteUserShouldReturnBadRequestWhenValidationFails() {
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
         whenValidationFailsOnUpdate("delete validation error");
 
-        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
+        try (Response response = m_trapdRestService.deleteTrapdUser("test-user", null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("delete validation error", response.getEntity());
         }
@@ -551,39 +586,39 @@ public void deleteUserShouldReturnServerErrorWhenPersistenceThrows() {
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
         org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        try (Response response = m_trapdRestService.deleteTrapdUser(0, null)) {
+        try (Response response = m_trapdRestService.deleteTrapdUser("test-user", null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to delete trapd user.", response.getEntity());
         }
     }
 
     @Test
-    public void updateUserShouldReturnBadRequestWhenIndexNull() {
+    public void updateUserShouldReturnBadRequestWhenSecurityNameNull() {
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
         try (Response response = m_trapdRestService.updateTrapdUser(null, user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid user index is required.", response.getEntity());
+            assertEquals("Valid security name is required.", response.getEntity());
         }
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
-    public void updateUserShouldReturnBadRequestWhenIndexNegative() {
+    public void updateUserShouldReturnBadRequestWhenSecurityNameBlank() {
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(-1, user, null)) {
+        try (Response response = m_trapdRestService.updateTrapdUser("", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid user index is required.", response.getEntity());
+            assertEquals("Valid security name is required.", response.getEntity());
         }
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void updateUserShouldReturnBadRequestWhenPayloadNull() {
-        try (Response response = m_trapdRestService.updateTrapdUser(0, null, null)) {
+        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Missing SNMPv3 user in request body.", response.getEntity());
         }
@@ -597,7 +632,7 @@ public void updateUserShouldReturnNotFoundWhenNoConfig() {
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+        try (Response response = m_trapdRestService.updateTrapdUser("opennms-user", user, null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
             assertEquals("Trapd configuration not found.", response.getEntity());
         }
@@ -605,7 +640,7 @@ public void updateUserShouldReturnNotFoundWhenNoConfig() {
     }
 
     @Test
-    public void updateUserShouldReturnBadRequestWhenIndexOutOfRange() {
+    public void updateUserShouldReturnNotFoundWhenSecurityNameMissing() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
@@ -614,9 +649,9 @@ public void updateUserShouldReturnBadRequestWhenIndexOutOfRange() {
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(5, user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertTrue(((String) response.getEntity()).contains("out of range"));
+        try (Response response = m_trapdRestService.updateTrapdUser("missing-user", user, null)) {
+            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
+            assertEquals("SNMPv3 user with securityName 'missing-user' was not found.", response.getEntity());
         }
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
@@ -638,7 +673,7 @@ public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
         user.setAuthProtocol("SHA");
         user.setAuthPassphrase("auth-pass");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel 3 requires both auth and privacy credentials.", response.getEntity());
         }
@@ -646,7 +681,7 @@ public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
     }
 
     @Test
-    public void updateUserShouldReplaceUserAtIndexAndReturnDto() {
+    public void updateUserShouldReplaceUserBySecurityNameAndReturnOk() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
@@ -664,13 +699,9 @@ public void updateUserShouldReplaceUserAtIndexAndReturnDto() {
         updated.setPrivacyProtocol("AES");
         updated.setPrivacyPassphrase("priv-pass");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(0, updated, null)) {
+        try (Response response = m_trapdRestService.updateTrapdUser("old-user", updated, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof Snmpv3UserDto);
-            Snmpv3UserDto dto = (Snmpv3UserDto) response.getEntity();
-            assertEquals("new-user", dto.getSecurityName());
-            assertEquals(Integer.valueOf(3), dto.getSecurityLevel());
-            assertEquals("AES", dto.getPrivacyProtocol());
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
@@ -693,7 +724,7 @@ public void updateUserShouldReturnBadRequestWhenSchemaValidationFails() {
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("schema update error", response.getEntity());
         }
@@ -713,7 +744,7 @@ public void updateUserShouldReturnServerErrorWhenPersistenceThrows() {
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(0, user, null)) {
+        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to update trapd user.", response.getEntity());
         }
@@ -742,11 +773,7 @@ public void updateShouldMergePayloadAndPersist() {
 
         try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
-            assertEquals(Integer.valueOf(10164), dto.getSnmpTrapPort());
-            assertEquals(Integer.valueOf(4), dto.getThreads());
-            assertEquals("127.0.0.1", dto.getSnmpTrapAddress());
-            assertEquals(Boolean.TRUE, dto.getIncludeRawMessage());
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
@@ -770,8 +797,7 @@ public void updateShouldPersistUseAddressFromVarbindWhenProvided() {
 
         try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
-            assertEquals(Boolean.TRUE, dto.getUseAddressFromVarbind());
+            assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);

From 58e68cd2458edd155366256c31405326ea0108e0 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 24 Mar 2026 23:15:45 +0500
Subject: [PATCH 16/41] new fixes

---
 .../netmgt/config/trapd/Snmpv3User.java       |   9 +
 .../config/trapd/TrapdConfiguration.java      |  13 +-
 .../netmgt/dao/api/TrapdConfigDao.java        |   1 +
 .../dao/jaxb/DefaultTrapdConfigDao.java       |   9 +
 .../opennms/web/rest/v2/TrapdRestService.java | 119 +++------
 .../opennms/web/rest/v2/api/TrapdRestApi.java |  10 +-
 .../web/rest/v2/TrapdRestServiceIT.java       | 246 +++++++++++++-----
 7 files changed, 255 insertions(+), 152 deletions(-)

diff --git a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java
index 64097205347d..a147ba652432 100644
--- a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java
+++ b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java
@@ -21,6 +21,8 @@
  */
 package org.opennms.netmgt.config.trapd;
 
+import org.codehaus.jackson.annotate.JsonProperty;
+
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
@@ -46,42 +48,49 @@ public class Snmpv3User implements java.io.Serializable {
      * SNMPv3 Application Engine ID
      */
 	@XmlAttribute(name="engine-id",required=false)
+    @JsonProperty("engineId")
     private java.lang.String engineId;
 
     /**
      * SNMPv3 Security Name (User Name)
      */
 	@XmlAttribute(name="security-name",required=false)
+    @JsonProperty("securityName")
     private java.lang.String securityName;
 
     /**
      * SNMPv3 Security Level (noAuthNoPriv, authNoPriv, authPriv)
      */
 	@XmlAttribute(name="security-level",required=false)
+    @JsonProperty("securityLevel")
     private Integer securityLevel;
 
     /**
      * SNMPv3 Authentication Protocol
      */
 	@XmlAttribute(name="auth-protocol",required=false)
+    @JsonProperty("authProtocol")
     private java.lang.String authProtocol;
 
     /**
      * SNMPv3 Authentication Password Phrase
      */
 	@XmlAttribute(name="auth-passphrase",required=false)
+    @JsonProperty("authPassphrase")
     private java.lang.String authPassphrase;
 
     /**
      * SNMPv3 Privacy Protocol
      */
 	@XmlAttribute(name="privacy-protocol",required=false)
+    @JsonProperty("privacyProtocol")
     private java.lang.String privacyProtocol;
 
     /**
      * SNMPv3 Privacy Password Phrase
      */
 	@XmlAttribute(name="privacy-passphrase",required=false)
+    @JsonProperty("privacyPassphrase")
     private java.lang.String privacyPassphrase;
 
 
diff --git a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
index 6d600a9c8be1..5dcde82b8ada 100644
--- a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
+++ b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
@@ -31,7 +31,8 @@
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
+import org.codehaus.jackson.annotate.JsonIgnore;
+import org.codehaus.jackson.annotate.JsonProperty;
 import org.opennms.core.xml.ValidateUsing;
 
 
@@ -57,6 +58,7 @@ public class TrapdConfiguration implements  Serializable {
      * default is .
      */
 	@XmlAttribute(name="snmp-trap-address")
+    @JsonProperty("snmpTrapAddress")
     private java.lang.String snmpTrapAddress = "*";
 
     /**
@@ -64,6 +66,7 @@ public class TrapdConfiguration implements  Serializable {
      *  standard port is 162.
      */
 	@XmlAttribute(name="snmp-trap-port", required=true)
+    @JsonProperty("snmpTrapPort")
     private int snmpTrapPort;
 
     /**
@@ -78,9 +81,11 @@ public class TrapdConfiguration implements  Serializable {
      *  generate newSuspect events.
      */
 	@XmlAttribute(name="new-suspect-on-trap", required=true)
+    @JsonProperty("newSuspectOnTrap")
     private boolean newSuspectOnTrap;
 
 	@XmlAttribute(name="include-raw-message", required=false)
+    @JsonProperty("includeRawMessage")
     private boolean includeRawMessage;
 
     /**
@@ -88,6 +93,7 @@ public class TrapdConfiguration implements  Serializable {
      * Defaults to 2 x the number of available processors.
      */
 	@XmlAttribute(name="threads", required=false)
+    @JsonProperty("threads")
     private int threads = 0;
 
     /**
@@ -95,6 +101,7 @@ public class TrapdConfiguration implements  Serializable {
      to be dispatched.
      */
 	@XmlAttribute(name="queue-size", required=false)
+    @JsonProperty("queueSize")
     private int queueSize = 10000;
 
     /**
@@ -102,6 +109,7 @@ public class TrapdConfiguration implements  Serializable {
      * When the batch reaches this size, it will be dispatched.
      */
 	@XmlAttribute(name="batch-size", required=false)
+    @JsonProperty("batchSize")
     private int batchSize = 1000;
 
     /**
@@ -110,6 +118,7 @@ public class TrapdConfiguration implements  Serializable {
      * it will be dispatched, regardless of the current size.
      */
 	@XmlAttribute(name="batch-interval", required=false)
+    @JsonProperty("batchInterval")
     private int batchInterval = 500;
 
     /**
@@ -123,6 +132,7 @@ public class TrapdConfiguration implements  Serializable {
      * SNMPv3 configuration.
      */
 	@XmlElement(name="snmpv3-user")
+    @JsonProperty("snmpv3User")
     private java.util.List<Snmpv3User> snmpv3User;
 
 	/**
@@ -132,6 +142,7 @@ public class TrapdConfiguration implements  Serializable {
      * SNMPv2 traps.
 	 */
 	@XmlAttribute(name="use-address-from-varbind", required=false)
+    @JsonProperty("useAddressFromVarbind")
     private Boolean useAddressFromVarbind;
 
     public TrapdConfiguration() {
diff --git a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
index 44bd5d4c1d8a..1ff606120275 100644
--- a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
+++ b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
@@ -26,4 +26,5 @@
 public interface TrapdConfigDao {
     TrapdConfiguration getConfig();
     void updateConfig(TrapdConfiguration config);
+    void updateConfigWithoutUsers(TrapdConfiguration config);
 }
diff --git a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
index a9ae43205383..9bd113ec7dca 100644
--- a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
+++ b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
@@ -66,4 +66,13 @@ public Consumer<ConfigUpdateInfo> getUpdateCallback(){
     public Consumer getValidationCallback() {
         return super.getValidationCallback();
     }
+
+    @Override
+    public void updateConfigWithoutUsers(TrapdConfiguration config) {
+        TrapdConfiguration existingConfig = this.getConfig();
+        if (existingConfig != null) {
+            config.setSnmpv3User(existingConfig.getSnmpv3User());
+        }
+        this.updateConfig(config);
+    }
 }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index e90a2e37446b..31d162a231aa 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -38,8 +38,6 @@
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.web.rest.v2.api.TrapdRestApi;
-import org.opennms.web.rest.v2.model.Snmpv3UserDto;
-import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -88,7 +86,7 @@ public Response getTrapdConfiguration(final SecurityContext securityContext) {
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
-            return Response.ok(TrapdConfigDto.toDto(config)).build();
+            return Response.ok(config).build();
         } catch (Exception e) {
             LOG.error("Failed to retrieve trapd configuration.", e);
             return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to retrieve trapd configuration.").build();
@@ -96,21 +94,18 @@ public Response getTrapdConfiguration(final SecurityContext securityContext) {
     }
 
     @Override
-    public Response updateTrapdConfiguration(TrapdConfigDto config, SecurityContext securityContext) {
+    public Response updateTrapdConfiguration(TrapdConfiguration config, SecurityContext securityContext) {
         if (config == null) {
             return Response.status(Status.BAD_REQUEST).entity("Missing trapd configuration in request body.").build();
         }
 
-        final TrapdConfiguration updatedConfig;
-        try {
-            updatedConfig = mergeTrapdConfiguration(config);
-        } catch (Exception e) {
-            LOG.warn("Failed to map trapd update payload.", e);
-            return Response.status(Status.BAD_REQUEST).entity("Invalid trapd configuration payload.").build();
+        final String validationMessage = validateTrapdConfigurationPayload(config);
+        if (validationMessage != null) {
+            return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
         }
 
         try {
-            trapdConfigDao.updateConfig(updatedConfig);
+            trapdConfigDao.updateConfigWithoutUsers(config);
             return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
@@ -122,19 +117,11 @@ public Response updateTrapdConfiguration(TrapdConfigDto config, SecurityContext
     }
 
     @Override
-    public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContext) {
+    public Response saveTrapdUser(Snmpv3User user, SecurityContext securityContext) {
         if (user == null) {
             return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
         }
 
-        final Snmpv3User snmpv3User;
-        try {
-            snmpv3User = toSnmpv3User(user);
-        } catch (Exception e) {
-            LOG.warn("Failed to map SNMPv3 user payload.", e);
-            return Response.status(Status.BAD_REQUEST).entity("Invalid SNMPv3 user payload.").build();
-        }
-
         try {
             TrapdConfiguration config = trapdConfigDao.getConfig();
             if (config == null) {
@@ -160,7 +147,7 @@ public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContex
                 config.setNewSuspectOnTrap(false);
             }
 
-            config.addSnmpv3User(snmpv3User);
+            config.addSnmpv3User(user);
             trapdConfigDao.updateConfig(config);
             return Response.ok().build();
         } catch (ValidationException e) {
@@ -173,7 +160,7 @@ public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContex
     }
 
     @Override
-    public Response updateTrapdUser(String securityName, Snmpv3UserDto user, SecurityContext securityContext) {
+    public Response updateTrapdUser(String securityName, Snmpv3User user, SecurityContext securityContext) {
         if (StringUtils.isBlank(securityName)) {
             return Response.status(Status.BAD_REQUEST).entity("Valid security name is required.").build();
         }
@@ -182,12 +169,10 @@ public Response updateTrapdUser(String securityName, Snmpv3UserDto user, Securit
             return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
         }
 
-        final Snmpv3User snmpv3User;
-        try {
-            snmpv3User = toSnmpv3User(user);
-        } catch (Exception e) {
-            LOG.warn("Failed to map SNMPv3 user payload.", e);
-            return Response.status(Status.BAD_REQUEST).entity("Invalid SNMPv3 user payload.").build();
+        if (!StringUtils.equals(securityName, user.getSecurityName())) {
+            return Response.status(Status.BAD_REQUEST)
+                    .entity("Path securityName must match payload securityName.")
+                    .build();
         }
 
         try {
@@ -208,7 +193,7 @@ public Response updateTrapdUser(String securityName, Snmpv3UserDto user, Securit
                 return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
             }
 
-            config.setSnmpv3User(index, snmpv3User);
+            config.setSnmpv3User(index, user);
             trapdConfigDao.updateConfig(config);
             return Response.ok().build();
         } catch (ValidationException e) {
@@ -239,7 +224,7 @@ public Response deleteTrapdUser(String securityName, SecurityContext securityCon
                         .build();
             }
 
-            final Snmpv3User removed = config.removeSnmpv3UserAt(index);
+            config.removeSnmpv3UserAt(index);
             trapdConfigDao.updateConfig(config);
             return Response.noContent().build();
         } catch (ValidationException e) {
@@ -261,61 +246,27 @@ private int findUserIndexBySecurityName(final TrapdConfiguration config, final S
         return -1;
     }
 
-    private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfigDto payload) {
-        TrapdConfiguration config = trapdConfigDao.getConfig();
-        if (config == null) {
-            config = new TrapdConfiguration();
-        }
-
-        if (payload.getSnmpTrapAddress() != null) {
-            config.setSnmpTrapAddress(payload.getSnmpTrapAddress());
-        }
-        if (payload.getSnmpTrapPort() != null) {
-            config.setSnmpTrapPort(payload.getSnmpTrapPort());
-        }
-        if (payload.getNewSuspectOnTrap() != null) {
-            config.setNewSuspectOnTrap(payload.getNewSuspectOnTrap());
+    private String validateTrapdConfigurationPayload(final TrapdConfiguration config) {
+        if (!config.hasSnmpTrapPort()) {
+            return "snmpTrapPort is required.";
         }
-        if (payload.getIncludeRawMessage() != null) {
-            config.setIncludeRawMessage(payload.getIncludeRawMessage());
+        if (!config.hasNewSuspectOnTrap()) {
+            return "newSuspectOnTrap is required.";
         }
-        if (payload.getThreads() != null) {
-            config.setThreads(payload.getThreads());
-        }
-        if (payload.getQueueSize() != null) {
-            config.setQueueSize(payload.getQueueSize());
-        }
-        if (payload.getBatchSize() != null) {
-            config.setBatchSize(payload.getBatchSize());
-        }
-        if (payload.getBatchInterval() != null) {
-            config.setBatchInterval(payload.getBatchInterval());
-        }
-        if (payload.getUseAddressFromVarbind() != null) {
-            config.setUseAddressFromVarbind(payload.getUseAddressFromVarbind());
-        }
-        return config;
+        return null;
     }
 
-    private Snmpv3User toSnmpv3User(final Snmpv3UserDto userDto) {
-        final Snmpv3User user = new Snmpv3User();
-        user.setEngineId(userDto.getEngineId());
-        user.setSecurityName(userDto.getSecurityName());
-        user.setSecurityLevel(userDto.getSecurityLevel());
-        user.setAuthProtocol(userDto.getAuthProtocol());
-        user.setAuthPassphrase(userDto.getAuthPassphrase());
-        user.setPrivacyProtocol(userDto.getPrivacyProtocol());
-        user.setPrivacyPassphrase(userDto.getPrivacyPassphrase());
-        return user;
-    }
 
-    private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
+    private String validateSnmpv3UserPayload(final Snmpv3User user) {
         if (StringUtils.isBlank(user.getSecurityName())) {
             return "securityName is required.";
         }
 
         final Integer securityLevel = user.getSecurityLevel();
-        if (securityLevel != null && (securityLevel < 1 || securityLevel > 3)) {
+        if (securityLevel == null) {
+            return "securityLevel is required.";
+        }
+        if (securityLevel < 1 || securityLevel > 3) {
             return "securityLevel must be between 1 and 3.";
         }
 
@@ -338,16 +289,14 @@ private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
             return "privacyProtocol and privacyPassphrase must be provided together.";
         }
 
-        if (securityLevel != null) {
-            if (securityLevel == 1 && (hasAuthProtocol || hasPrivacyProtocol)) {
-                return "securityLevel 1 does not allow auth or privacy credentials.";
-            }
-            if (securityLevel == 2 && (!hasAuthProtocol || hasPrivacyProtocol)) {
-                return "securityLevel 2 requires auth credentials and does not allow privacy credentials.";
-            }
-            if (securityLevel == 3 && (!hasAuthProtocol || !hasPrivacyProtocol)) {
-                return "securityLevel 3 requires both auth and privacy credentials.";
-            }
+        if (securityLevel == 1 && (hasAuthProtocol || hasPrivacyProtocol)) {
+            return "securityLevel 1 does not allow auth or privacy credentials.";
+        }
+        if (securityLevel == 2 && (!hasAuthProtocol || hasPrivacyProtocol)) {
+            return "securityLevel 2 requires auth credentials and does not allow privacy credentials.";
+        }
+        if (securityLevel == 3 && (!hasAuthProtocol || !hasPrivacyProtocol)) {
+            return "securityLevel 3 requires both auth and privacy credentials.";
         }
 
         return null;
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index 17008b518d33..1973c86a2063 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -41,8 +41,8 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import org.opennms.web.rest.v2.model.Snmpv3UserDto;
-import org.opennms.web.rest.v2.model.TrapdConfigDto;
+import org.opennms.netmgt.config.trapd.Snmpv3User;
+import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 
 @Path("trapd")
 @Tag(name = "Trapd", description = "Trapd API V2")
@@ -93,7 +93,7 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "400", description = "Invalid configuration payload"),
             @ApiResponse(responseCode = "500", description = "Failed to update trapd configuration")
     })
-    Response updateTrapdConfiguration(TrapdConfigDto payload, @Context SecurityContext securityContext);
+    Response updateTrapdConfiguration(TrapdConfiguration payload, @Context SecurityContext securityContext);
 
     @POST
     @Path("user")
@@ -110,7 +110,7 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "409", description = "SNMPv3 user with provided securityName already exists"),
             @ApiResponse(responseCode = "500", description = "Failed to save user")
     })
-    Response saveTrapdUser(Snmpv3UserDto user, @Context SecurityContext securityContext);
+    Response saveTrapdUser(Snmpv3User user, @Context SecurityContext securityContext);
 
     @PUT
     @Path("user/{securityName}")
@@ -127,7 +127,7 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "404", description = "SNMPv3 user with provided securityName was not found"),
             @ApiResponse(responseCode = "500", description = "Failed to update user")
     })
-    Response updateTrapdUser(@PathParam("securityName") String securityName, Snmpv3UserDto user, @Context SecurityContext securityContext);
+    Response updateTrapdUser(@PathParam("securityName") String securityName, Snmpv3User user, @Context SecurityContext securityContext);
 
     @DELETE
     @Path("user/{securityName}")
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 2e1fda8d5db9..4bd62d91415a 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -48,8 +48,6 @@
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.test.JUnitConfigurationEnvironment;
 import org.opennms.netmgt.config.trapd.Snmpv3User;
-import org.opennms.web.rest.v2.model.Snmpv3UserDto;
-import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.web.WebAppConfiguration;
@@ -174,10 +172,10 @@ public void getShouldReturnOkWithConfigWhenExists() {
 
         try (Response response = m_trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof TrapdConfigDto);
-            TrapdConfigDto dto = (TrapdConfigDto) response.getEntity();
-            assertEquals(Integer.valueOf(162), dto.getSnmpTrapPort());
-            assertEquals("127.0.0.1", dto.getSnmpTrapAddress());
+            assertTrue(response.getEntity() instanceof TrapdConfiguration);
+            TrapdConfiguration returned = (TrapdConfiguration) response.getEntity();
+            assertEquals(162, returned.getSnmpTrapPort());
+            assertEquals("127.0.0.1", returned.getSnmpTrapAddress());
         }
     }
 
@@ -191,6 +189,16 @@ public void getShouldReturnNotFoundWhenNoConfigurationExists() {
         }
     }
 
+    @Test
+    public void getShouldReturnServerErrorWhenExceptionThrown() {
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).getConfig();
+
+        try (Response response = m_trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
+            assertEquals("Failed to retrieve trapd configuration.", response.getEntity());
+        }
+    }
+
     @Test
     public void saveUserShouldReturnBadRequestWhenPayloadMissing() {
         try (Response response = m_trapdRestService.saveTrapdUser(null, null)) {
@@ -207,7 +215,7 @@ public void saveUserShouldPersistUserAndReturnOk() {
         existing.setNewSuspectOnTrap(false);
         when(m_trapdConfigDao.getConfig()).thenReturn(existing);
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setEngineId("8000000001020304");
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(3);
@@ -232,7 +240,7 @@ public void saveUserShouldPersistUserAndReturnOk() {
     public void saveUserShouldRejectWhenSecurityNameMissing() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityLevel(1);
 
         try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
@@ -243,11 +251,26 @@ public void saveUserShouldRejectWhenSecurityNameMissing() {
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
+    @Test
+    public void saveUserShouldRejectWhenSecurityLevelMissing() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("opennms-user");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel is required.", response.getEntity());
+        }
+
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
     @Test
     public void saveUserShouldRejectWhenSecurityLevelThreeMissingPrivacy() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
@@ -269,8 +292,9 @@ public void saveUserShouldReturnBadRequestWhenValidationFails() {
         when(m_trapdConfigDao.getConfig()).thenReturn(existing);
         whenValidationFailsOnUpdate("user validation failed");
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
+        user.setSecurityLevel(1);
 
         try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -283,8 +307,9 @@ public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
         org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
+        user.setSecurityLevel(1);
 
         try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
@@ -296,7 +321,7 @@ public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
     public void saveUserShouldCreateNewConfigWhenNoneExists() {
         when(m_trapdConfigDao.getConfig()).thenReturn(null);
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(1);
 
@@ -322,7 +347,7 @@ public void saveUserShouldReturnConflictWhenSecurityNameAlreadyExists() {
         existing.addSnmpv3User(existingUser);
         when(m_trapdConfigDao.getConfig()).thenReturn(existing);
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("duplicate-user");
         user.setSecurityLevel(1);
 
@@ -340,7 +365,7 @@ public void saveUserShouldReturnConflictWhenSecurityNameAlreadyExists() {
     public void saveUserShouldRejectWhenSecurityLevelOutOfRange() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(5);
 
@@ -355,8 +380,9 @@ public void saveUserShouldRejectWhenSecurityLevelOutOfRange() {
     public void saveUserShouldRejectWhenAuthProtocolIsInvalid() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
+        user.setSecurityLevel(2);
         user.setAuthProtocol("MD2");
         user.setAuthPassphrase("auth-pass");
 
@@ -371,8 +397,9 @@ public void saveUserShouldRejectWhenAuthProtocolIsInvalid() {
     public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
+        user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
         user.setAuthPassphrase("auth-pass");
         user.setPrivacyProtocol("3DES");
@@ -389,8 +416,9 @@ public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
     public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
+        user.setSecurityLevel(2);
         user.setAuthProtocol("SHA");
         // no authPassphrase
 
@@ -405,8 +433,9 @@ public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
     public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
+        user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
         user.setAuthPassphrase("auth-pass");
         user.setPrivacyProtocol("AES");
@@ -419,11 +448,47 @@ public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
+    @Test
+    public void saveUserShouldRejectWhenAuthPassphraseProvidedWithoutProtocol() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(2);
+        // no authProtocol
+        user.setAuthPassphrase("auth-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("authProtocol and authPassphrase must be provided together.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void saveUserShouldRejectWhenPrivacyPassphraseProvidedWithoutProtocol() {
+        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("opennms-user");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("auth-pass");
+        // no privacyProtocol
+        user.setPrivacyPassphrase("priv-pass");
+
+        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("privacyProtocol and privacyPassphrase must be provided together.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
     @Test
     public void saveUserShouldRejectWhenSecurityLevelOneHasAuthCredentials() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(1);
         user.setAuthProtocol("SHA");
@@ -440,7 +505,7 @@ public void saveUserShouldRejectWhenSecurityLevelOneHasAuthCredentials() {
     public void saveUserShouldRejectWhenSecurityLevelTwoMissingAuthCredentials() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(2);
         // no auth protocol/passphrase
@@ -456,7 +521,7 @@ public void saveUserShouldRejectWhenSecurityLevelTwoMissingAuthCredentials() {
     public void saveUserShouldRejectWhenSecurityLevelTwoHasPrivacyCredentials() {
         when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(2);
         user.setAuthProtocol("SHA");
@@ -594,7 +659,7 @@ public void deleteUserShouldReturnServerErrorWhenPersistenceThrows() {
 
     @Test
     public void updateUserShouldReturnBadRequestWhenSecurityNameNull() {
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
 
         try (Response response = m_trapdRestService.updateTrapdUser(null, user, null)) {
@@ -606,7 +671,7 @@ public void updateUserShouldReturnBadRequestWhenSecurityNameNull() {
 
     @Test
     public void updateUserShouldReturnBadRequestWhenSecurityNameBlank() {
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
 
         try (Response response = m_trapdRestService.updateTrapdUser("", user, null)) {
@@ -616,6 +681,20 @@ public void updateUserShouldReturnBadRequestWhenSecurityNameBlank() {
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
+    @Test
+    public void updateUserShouldReturnBadRequestWhenPathAndPayloadSecurityNameMismatch() {
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("payload-user");
+        user.setSecurityLevel(1);
+
+        try (Response response = m_trapdRestService.updateTrapdUser("path-user", user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("Path securityName must match payload securityName.", response.getEntity());
+        }
+        verify(m_trapdConfigDao, never()).getConfig();
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
     @Test
     public void updateUserShouldReturnBadRequestWhenPayloadNull() {
         try (Response response = m_trapdRestService.updateTrapdUser("existing-user", null, null)) {
@@ -629,7 +708,7 @@ public void updateUserShouldReturnBadRequestWhenPayloadNull() {
     public void updateUserShouldReturnNotFoundWhenNoConfig() {
         when(m_trapdConfigDao.getConfig()).thenReturn(null);
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
+        Snmpv3User user = new Snmpv3User();
         user.setSecurityName("opennms-user");
 
         try (Response response = m_trapdRestService.updateTrapdUser("opennms-user", user, null)) {
@@ -646,8 +725,8 @@ public void updateUserShouldReturnNotFoundWhenSecurityNameMissing() {
         config.setNewSuspectOnTrap(false);
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("missing-user");
 
         try (Response response = m_trapdRestService.updateTrapdUser("missing-user", user, null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
@@ -656,6 +735,27 @@ public void updateUserShouldReturnNotFoundWhenSecurityNameMissing() {
         verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
+    @Test
+    public void updateUserShouldReturnBadRequestWhenSecurityLevelMissing() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        Snmpv3User existing = new Snmpv3User();
+        existing.setSecurityName("existing-user");
+        config.addSnmpv3User(existing);
+        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("existing-user");
+
+        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("securityLevel is required.", response.getEntity());
+        }
+
+        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
     @Test
     public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
         TrapdConfiguration config = new TrapdConfiguration();
@@ -667,8 +767,8 @@ public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
 
         // securityLevel 3 requires privacy — missing privacy intentionally
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("existing-user");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
         user.setAuthPassphrase("auth-pass");
@@ -691,8 +791,8 @@ public void updateUserShouldReplaceUserBySecurityNameAndReturnOk() {
         config.addSnmpv3User(existing);
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
 
-        Snmpv3UserDto updated = new Snmpv3UserDto();
-        updated.setSecurityName("new-user");
+        Snmpv3User updated = new Snmpv3User();
+        updated.setSecurityName("old-user");
         updated.setSecurityLevel(3);
         updated.setAuthProtocol("SHA");
         updated.setAuthPassphrase("auth-pass");
@@ -707,7 +807,7 @@ public void updateUserShouldReplaceUserBySecurityNameAndReturnOk() {
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
         verify(m_trapdConfigDao).updateConfig(captor.capture());
         assertEquals(1, captor.getValue().getSnmpv3UserCount());
-        assertEquals("new-user", captor.getValue().getSnmpv3User(0).getSecurityName());
+        assertEquals("old-user", captor.getValue().getSnmpv3User(0).getSecurityName());
     }
 
     @Test
@@ -721,8 +821,9 @@ public void updateUserShouldReturnBadRequestWhenSchemaValidationFails() {
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
         whenValidationFailsOnUpdate("schema update error");
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("existing-user");
+        user.setSecurityLevel(1);
 
         try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -741,8 +842,9 @@ public void updateUserShouldReturnServerErrorWhenPersistenceThrows() {
         when(m_trapdConfigDao.getConfig()).thenReturn(config);
         org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("existing-user");
+        user.setSecurityLevel(1);
 
         try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
@@ -759,17 +861,40 @@ public void updateShouldReturnBadRequestWhenPayloadMissing() {
     }
 
     @Test
-    public void updateShouldMergePayloadAndPersist() {
-        TrapdConfiguration existing = new TrapdConfiguration();
-        existing.setSnmpTrapAddress("127.0.0.1");
-        existing.setSnmpTrapPort(1162);
-        existing.setThreads(4);
-        existing.setQueueSize(1000);
-        when(m_trapdConfigDao.getConfig()).thenReturn(existing, existing);
+    public void updateShouldReturnBadRequestWhenSnmpTrapPortMissing() {
+        TrapdConfiguration payload = new TrapdConfiguration();
+        payload.setNewSuspectOnTrap(false);
 
-        TrapdConfigDto payload = new TrapdConfigDto();
+        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("snmpTrapPort is required.", response.getEntity());
+        }
+
+        verify(m_trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateShouldReturnBadRequestWhenNewSuspectOnTrapMissing() {
+        TrapdConfiguration payload = new TrapdConfiguration();
         payload.setSnmpTrapPort(10164);
-        payload.setIncludeRawMessage(Boolean.TRUE);
+
+        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("newSuspectOnTrap is required.", response.getEntity());
+        }
+
+        verify(m_trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateShouldMergePayloadAndPersist() {
+        TrapdConfiguration payload = new TrapdConfiguration();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setSnmpTrapPort(10164);
+        payload.setNewSuspectOnTrap(false);
+        payload.setThreads(4);
+        payload.setQueueSize(1000);
+        payload.setIncludeRawMessage(true);
 
         try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -777,23 +902,20 @@ public void updateShouldMergePayloadAndPersist() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(m_trapdConfigDao).updateConfigWithoutUsers(captor.capture());
         TrapdConfiguration persisted = captor.getValue();
         assertEquals(10164, persisted.getSnmpTrapPort());
         assertEquals(4, persisted.getThreads());
+        assertTrue(persisted.isIncludeRawMessage());
     }
 
     @Test
     public void updateShouldPersistUseAddressFromVarbindWhenProvided() {
-        TrapdConfiguration existing = new TrapdConfiguration();
-        existing.setSnmpTrapAddress("127.0.0.1");
-        existing.setSnmpTrapPort(1162);
-        existing.setNewSuspectOnTrap(false);
-        existing.setUseAddressFromVarbind(false);
-        when(m_trapdConfigDao.getConfig()).thenReturn(existing, existing);
-
-        TrapdConfigDto payload = new TrapdConfigDto();
-        payload.setUseAddressFromVarbind(Boolean.TRUE);
+        TrapdConfiguration payload = new TrapdConfiguration();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setSnmpTrapPort(1162);
+        payload.setNewSuspectOnTrap(false);
+        payload.setUseAddressFromVarbind(true);
 
         try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -801,17 +923,18 @@ public void updateShouldPersistUseAddressFromVarbindWhenProvided() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(m_trapdConfigDao).updateConfigWithoutUsers(captor.capture());
         assertTrue(captor.getValue().shouldUseAddressFromVarbind());
     }
 
     @Test
     public void updateShouldReturnBadRequestWhenValidationFails() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
-        whenValidationFailsOnUpdate("validation failed");
+        org.mockito.Mockito.doThrow(new ValidationException("validation failed"))
+                .when(m_trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        TrapdConfigDto payload = new TrapdConfigDto();
+        TrapdConfiguration payload = new TrapdConfiguration();
         payload.setSnmpTrapPort(10164);
+        payload.setNewSuspectOnTrap(false);
 
         try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -821,11 +944,12 @@ public void updateShouldReturnBadRequestWhenValidationFails() {
 
     @Test
     public void updateShouldReturnServerErrorWhenPersistenceThrows() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        org.mockito.Mockito.doThrow(new RuntimeException("db down"))
+                .when(m_trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        TrapdConfigDto payload = new TrapdConfigDto();
+        TrapdConfiguration payload = new TrapdConfiguration();
         payload.setSnmpTrapPort(10164);
+        payload.setNewSuspectOnTrap(false);
 
         try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());

From 6f0c791d0f30cbe6930b9633cdf5b0704be4a39d Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Wed, 25 Mar 2026 22:17:47 +0500
Subject: [PATCH 17/41] new changes

---
 .../netmgt/config/trapd/Snmpv3User.java       |   9 -
 .../config/trapd/TrapdConfiguration.java      |  13 +-
 .../netmgt/dao/api/TrapdConfigDao.java        |   1 +
 .../dao/jaxb/DefaultTrapdConfigDao.java       | 111 ++-
 .../opennms/web/rest/v2/TrapdRestService.java |  60 +-
 .../opennms/web/rest/v2/api/TrapdRestApi.java |  10 +-
 .../web/rest/v2/model/Snmpv3UserDto.java      |  12 +
 .../web/rest/v2/model/TrapdConfigDto.java     |  17 +
 .../web/rest/v2/TrapdRestServiceIT.java       | 649 ++++++++++++------
 pom.xml                                       |   2 +-
 10 files changed, 626 insertions(+), 258 deletions(-)

diff --git a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java
index a147ba652432..64097205347d 100644
--- a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java
+++ b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/Snmpv3User.java
@@ -21,8 +21,6 @@
  */
 package org.opennms.netmgt.config.trapd;
 
-import org.codehaus.jackson.annotate.JsonProperty;
-
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
@@ -48,49 +46,42 @@ public class Snmpv3User implements java.io.Serializable {
      * SNMPv3 Application Engine ID
      */
 	@XmlAttribute(name="engine-id",required=false)
-    @JsonProperty("engineId")
     private java.lang.String engineId;
 
     /**
      * SNMPv3 Security Name (User Name)
      */
 	@XmlAttribute(name="security-name",required=false)
-    @JsonProperty("securityName")
     private java.lang.String securityName;
 
     /**
      * SNMPv3 Security Level (noAuthNoPriv, authNoPriv, authPriv)
      */
 	@XmlAttribute(name="security-level",required=false)
-    @JsonProperty("securityLevel")
     private Integer securityLevel;
 
     /**
      * SNMPv3 Authentication Protocol
      */
 	@XmlAttribute(name="auth-protocol",required=false)
-    @JsonProperty("authProtocol")
     private java.lang.String authProtocol;
 
     /**
      * SNMPv3 Authentication Password Phrase
      */
 	@XmlAttribute(name="auth-passphrase",required=false)
-    @JsonProperty("authPassphrase")
     private java.lang.String authPassphrase;
 
     /**
      * SNMPv3 Privacy Protocol
      */
 	@XmlAttribute(name="privacy-protocol",required=false)
-    @JsonProperty("privacyProtocol")
     private java.lang.String privacyProtocol;
 
     /**
      * SNMPv3 Privacy Password Phrase
      */
 	@XmlAttribute(name="privacy-passphrase",required=false)
-    @JsonProperty("privacyPassphrase")
     private java.lang.String privacyPassphrase;
 
 
diff --git a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
index 5dcde82b8ada..6d600a9c8be1 100644
--- a/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
+++ b/opennms-config-jaxb/src/main/java/org/opennms/netmgt/config/trapd/TrapdConfiguration.java
@@ -31,8 +31,7 @@
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 
-import org.codehaus.jackson.annotate.JsonIgnore;
-import org.codehaus.jackson.annotate.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.opennms.core.xml.ValidateUsing;
 
 
@@ -58,7 +57,6 @@ public class TrapdConfiguration implements  Serializable {
      * default is .
      */
 	@XmlAttribute(name="snmp-trap-address")
-    @JsonProperty("snmpTrapAddress")
     private java.lang.String snmpTrapAddress = "*";
 
     /**
@@ -66,7 +64,6 @@ public class TrapdConfiguration implements  Serializable {
      *  standard port is 162.
      */
 	@XmlAttribute(name="snmp-trap-port", required=true)
-    @JsonProperty("snmpTrapPort")
     private int snmpTrapPort;
 
     /**
@@ -81,11 +78,9 @@ public class TrapdConfiguration implements  Serializable {
      *  generate newSuspect events.
      */
 	@XmlAttribute(name="new-suspect-on-trap", required=true)
-    @JsonProperty("newSuspectOnTrap")
     private boolean newSuspectOnTrap;
 
 	@XmlAttribute(name="include-raw-message", required=false)
-    @JsonProperty("includeRawMessage")
     private boolean includeRawMessage;
 
     /**
@@ -93,7 +88,6 @@ public class TrapdConfiguration implements  Serializable {
      * Defaults to 2 x the number of available processors.
      */
 	@XmlAttribute(name="threads", required=false)
-    @JsonProperty("threads")
     private int threads = 0;
 
     /**
@@ -101,7 +95,6 @@ public class TrapdConfiguration implements  Serializable {
      to be dispatched.
      */
 	@XmlAttribute(name="queue-size", required=false)
-    @JsonProperty("queueSize")
     private int queueSize = 10000;
 
     /**
@@ -109,7 +102,6 @@ public class TrapdConfiguration implements  Serializable {
      * When the batch reaches this size, it will be dispatched.
      */
 	@XmlAttribute(name="batch-size", required=false)
-    @JsonProperty("batchSize")
     private int batchSize = 1000;
 
     /**
@@ -118,7 +110,6 @@ public class TrapdConfiguration implements  Serializable {
      * it will be dispatched, regardless of the current size.
      */
 	@XmlAttribute(name="batch-interval", required=false)
-    @JsonProperty("batchInterval")
     private int batchInterval = 500;
 
     /**
@@ -132,7 +123,6 @@ public class TrapdConfiguration implements  Serializable {
      * SNMPv3 configuration.
      */
 	@XmlElement(name="snmpv3-user")
-    @JsonProperty("snmpv3User")
     private java.util.List<Snmpv3User> snmpv3User;
 
 	/**
@@ -142,7 +132,6 @@ public class TrapdConfiguration implements  Serializable {
      * SNMPv2 traps.
 	 */
 	@XmlAttribute(name="use-address-from-varbind", required=false)
-    @JsonProperty("useAddressFromVarbind")
     private Boolean useAddressFromVarbind;
 
     public TrapdConfiguration() {
diff --git a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
index 1ff606120275..dcd1fcd65aeb 100644
--- a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
+++ b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
@@ -25,6 +25,7 @@
 
 public interface TrapdConfigDao {
     TrapdConfiguration getConfig();
+    TrapdConfiguration getMaskedConfig();
     void updateConfig(TrapdConfiguration config);
     void updateConfigWithoutUsers(TrapdConfiguration config);
 }
diff --git a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
index 9bd113ec7dca..fb692ebf6ff8 100644
--- a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
+++ b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
@@ -21,9 +21,12 @@
  */
 package org.opennms.netmgt.dao.jaxb;
 
+import org.apache.commons.lang3.StringUtils;
+import org.opennms.core.xml.JaxbUtils;
 import org.opennms.features.config.service.api.ConfigUpdateInfo;
 import org.opennms.features.config.service.impl.AbstractCmJaxbConfigDao;
 import org.opennms.features.config.service.util.ConfigConvertUtil;
+import org.opennms.netmgt.config.trapd.Snmpv3User;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.netmgt.dao.jaxb.callback.ConfigurationReloadEventCallback;
@@ -34,6 +37,7 @@
 
 public class DefaultTrapdConfigDao extends AbstractCmJaxbConfigDao<TrapdConfiguration> implements TrapdConfigDao {
     public static final String CONFIG_NAME = "trapd-config";
+    private static final String PASSPHRASE_PLACEHOLDER = "********";
 
     @Autowired
     private EventForwarder eventForwarder;
@@ -52,6 +56,11 @@ public TrapdConfiguration getConfig() {
         return this.getConfig(this.getDefaultConfigId());
     }
 
+    @Override
+    public TrapdConfiguration getMaskedConfig() {
+        return this.maskPassphrases(this.getConfig(this.getDefaultConfigId()));
+    }
+
     @Override
     public void updateConfig(final TrapdConfiguration config) {
         this.updateConfig(this.getDefaultConfigId(), ConfigConvertUtil.objectToJson(config), true);
@@ -69,10 +78,104 @@ public Consumer getValidationCallback() {
 
     @Override
     public void updateConfigWithoutUsers(TrapdConfiguration config) {
-        TrapdConfiguration existingConfig = this.getConfig();
-        if (existingConfig != null) {
-            config.setSnmpv3User(existingConfig.getSnmpv3User());
+        this.updateConfig(mergeTrapdConfiguration(config));
+    }
+    
+    /**
+     * Merges the given payload into the current TrapdConfiguration.
+     * Only non-null fields in the payload will overwrite the current config.
+     * If payload is null, returns the current config as-is.
+     *
+     * @param payload the TrapdConfiguration with new values
+     * @return the merged TrapdConfiguration
+     */
+    private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfiguration payload) {
+        TrapdConfiguration config = this.getConfig();
+        if (config == null) {
+            config = new TrapdConfiguration();
+        }
+        if (payload == null) {
+            return config;
+        }
+
+        // Merge String fields (null-safe, value-safe)
+        if (payload.getSnmpTrapAddress() != null && !java.util.Objects.equals(payload.getSnmpTrapAddress(), config.getSnmpTrapAddress())) {
+            config.setSnmpTrapAddress(payload.getSnmpTrapAddress());
+        }
+
+        // Merge int fields (always set, unless you want to skip 0)
+        if (payload.getSnmpTrapPort() != config.getSnmpTrapPort()) {
+            config.setSnmpTrapPort(payload.getSnmpTrapPort());
+        }
+        if (payload.getThreads() != config.getThreads()) {
+            config.setThreads(payload.getThreads());
+        }
+        if (payload.getQueueSize() != config.getQueueSize()) {
+            config.setQueueSize(payload.getQueueSize());
+        }
+        if (payload.getBatchSize() != config.getBatchSize()) {
+            config.setBatchSize(payload.getBatchSize());
+        }
+        if (payload.getBatchInterval() != config.getBatchInterval()) {
+            config.setBatchInterval(payload.getBatchInterval());
+        }
+
+        // Merge boolean fields (always set)
+        config.setNewSuspectOnTrap(payload.getNewSuspectOnTrap());
+        config.setIncludeRawMessage(payload.isIncludeRawMessage());
+
+        // Merge useAddressFromVarbind (nullable Boolean)
+        try {
+            java.lang.reflect.Field field = payload.getClass().getDeclaredField("useAddressFromVarbind");
+            field.setAccessible(true);
+            Boolean useAddressFromVarbind = (Boolean) field.get(payload);
+            if (useAddressFromVarbind != null) {
+                config.setUseAddressFromVarbind(useAddressFromVarbind);
+            }
+        } catch (Exception e) {
+            // ignore, do not set if not accessible
+        }
+
+        // Merge snmpv3User list if present and not empty
+        java.util.List<Snmpv3User> snmpv3UserList = payload.getSnmpv3UserCollection();
+        if (snmpv3UserList != null && !snmpv3UserList.isEmpty()) {
+            config.setSnmpv3User(snmpv3UserList);
+        }
+
+        return config;
+    }
+
+    /**
+     * Returns a deep copy of the given {@link TrapdConfiguration} with
+     * {@code authPassphrase} and {@code privacyPassphrase} replaced by
+     * {@link #PASSPHRASE_PLACEHOLDER} so that real credentials are never
+     * exposed over the REST API.
+     *
+     * @param config the TrapdConfiguration to sanitize
+     * @return a sanitized deep copy with passphrases masked, or null if input is null
+     */
+    private TrapdConfiguration maskPassphrases(final TrapdConfiguration config) {
+        if (config == null) {
+            return null;
+        }
+        TrapdConfiguration sanitized;
+        try {
+            sanitized = JaxbUtils.unmarshal(
+                    TrapdConfiguration.class, JaxbUtils.marshal(config));
+        } catch (Exception e) {
+            // Optionally log the error
+            throw new RuntimeException("Failed to deep copy TrapdConfiguration for masking", e);
+        }
+        if (sanitized.getSnmpv3UserCollection() != null) {
+            for (final Snmpv3User user : sanitized.getSnmpv3UserCollection()) {
+                if (!StringUtils.isBlank(user.getAuthPassphrase())) {
+                    user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
+                }
+                if (!StringUtils.isBlank(user.getPrivacyPassphrase())) {
+                    user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
+                }
+            }
         }
-        this.updateConfig(config);
+        return sanitized;
     }
 }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 31d162a231aa..3ba113afe631 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -38,6 +38,8 @@
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.web.rest.v2.api.TrapdRestApi;
+import org.opennms.web.rest.v2.model.Snmpv3UserDto;
+import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -82,11 +84,11 @@ public Response uploadTrapdConfiguration(final Attachment attachment, final Secu
     @Override
     public Response getTrapdConfiguration(final SecurityContext securityContext) {
         try {
-            TrapdConfiguration config = trapdConfigDao.getConfig();
+            TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
-            return Response.ok(config).build();
+            return Response.ok(TrapdConfigDto.toDto(config)).build();
         } catch (Exception e) {
             LOG.error("Failed to retrieve trapd configuration.", e);
             return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to retrieve trapd configuration.").build();
@@ -94,18 +96,24 @@ public Response getTrapdConfiguration(final SecurityContext securityContext) {
     }
 
     @Override
-    public Response updateTrapdConfiguration(TrapdConfiguration config, SecurityContext securityContext) {
-        if (config == null) {
+    public Response updateTrapdConfiguration(TrapdConfigDto configDto, SecurityContext securityContext) {
+        if (configDto == null) {
             return Response.status(Status.BAD_REQUEST).entity("Missing trapd configuration in request body.").build();
         }
 
-        final String validationMessage = validateTrapdConfigurationPayload(config);
+        String fieldValidation = validateTrapdConfigDtoFields(configDto);
+        if (fieldValidation != null) {
+            return Response.status(Status.BAD_REQUEST).entity(fieldValidation).build();
+        }
+
+        TrapdConfiguration payload = configDto.toEntity();
+        final String validationMessage = validateTrapdConfigurationPayload(payload);
         if (validationMessage != null) {
             return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
         }
 
         try {
-            trapdConfigDao.updateConfigWithoutUsers(config);
+            trapdConfigDao.updateConfigWithoutUsers(payload);
             return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
@@ -117,15 +125,15 @@ public Response updateTrapdConfiguration(TrapdConfiguration config, SecurityCont
     }
 
     @Override
-    public Response saveTrapdUser(Snmpv3User user, SecurityContext securityContext) {
+    public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContext) {
         if (user == null) {
             return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
         }
 
         try {
-            TrapdConfiguration config = trapdConfigDao.getConfig();
+            TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
             if (config == null) {
-                config = new TrapdConfiguration();
+                return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
 
             if (findUserIndexBySecurityName(config, user.getSecurityName()) >= 0) {
@@ -147,7 +155,7 @@ public Response saveTrapdUser(Snmpv3User user, SecurityContext securityContext)
                 config.setNewSuspectOnTrap(false);
             }
 
-            config.addSnmpv3User(user);
+            config.addSnmpv3User(user.toEntity());
             trapdConfigDao.updateConfig(config);
             return Response.ok().build();
         } catch (ValidationException e) {
@@ -160,7 +168,7 @@ public Response saveTrapdUser(Snmpv3User user, SecurityContext securityContext)
     }
 
     @Override
-    public Response updateTrapdUser(String securityName, Snmpv3User user, SecurityContext securityContext) {
+    public Response updateTrapdUser(String securityName, Snmpv3UserDto user, SecurityContext securityContext) {
         if (StringUtils.isBlank(securityName)) {
             return Response.status(Status.BAD_REQUEST).entity("Valid security name is required.").build();
         }
@@ -176,7 +184,7 @@ public Response updateTrapdUser(String securityName, Snmpv3User user, SecurityCo
         }
 
         try {
-            final TrapdConfiguration config = trapdConfigDao.getConfig();
+            final TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
@@ -193,7 +201,7 @@ public Response updateTrapdUser(String securityName, Snmpv3User user, SecurityCo
                 return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
             }
 
-            config.setSnmpv3User(index, user);
+            config.setSnmpv3User(index, user.toEntity());
             trapdConfigDao.updateConfig(config);
             return Response.ok().build();
         } catch (ValidationException e) {
@@ -212,7 +220,7 @@ public Response deleteTrapdUser(String securityName, SecurityContext securityCon
         }
 
         try {
-            final TrapdConfiguration config = trapdConfigDao.getConfig();
+            final TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
@@ -236,6 +244,28 @@ public Response deleteTrapdUser(String securityName, SecurityContext securityCon
         }
     }
 
+    private String validateTrapdConfigDtoFields(TrapdConfigDto configDto) {
+        if (StringUtils.isBlank(configDto.getSnmpTrapAddress())) {
+            return "snmpTrapAddress is required.";
+        }
+        if (configDto.getSnmpTrapPort() == null || configDto.getSnmpTrapPort() < 1 || configDto.getSnmpTrapPort() > 65535) {
+            return "snmpTrapPort must be between 1 and 65535.";
+        }
+        if (configDto.getThreads() != null && configDto.getThreads() < 0) {
+            return "threads must be non-negative.";
+        }
+        if (configDto.getQueueSize() != null && configDto.getQueueSize() < 0) {
+            return "queueSize must be non-negative.";
+        }
+        if (configDto.getBatchSize() != null && configDto.getBatchSize() < 0) {
+            return "batchSize must be non-negative.";
+        }
+        if (configDto.getBatchInterval() != null && configDto.getBatchInterval() < 0) {
+            return "batchInterval must be non-negative.";
+        }
+        return null;
+    }
+
     private int findUserIndexBySecurityName(final TrapdConfiguration config, final String securityName) {
         for (int i = 0; i < config.getSnmpv3UserCount(); i++) {
             final Snmpv3User existing = config.getSnmpv3User(i);
@@ -257,7 +287,7 @@ private String validateTrapdConfigurationPayload(final TrapdConfiguration config
     }
 
 
-    private String validateSnmpv3UserPayload(final Snmpv3User user) {
+    private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
         if (StringUtils.isBlank(user.getSecurityName())) {
             return "securityName is required.";
         }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index 1973c86a2063..17008b518d33 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -41,8 +41,8 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import org.opennms.netmgt.config.trapd.Snmpv3User;
-import org.opennms.netmgt.config.trapd.TrapdConfiguration;
+import org.opennms.web.rest.v2.model.Snmpv3UserDto;
+import org.opennms.web.rest.v2.model.TrapdConfigDto;
 
 @Path("trapd")
 @Tag(name = "Trapd", description = "Trapd API V2")
@@ -93,7 +93,7 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "400", description = "Invalid configuration payload"),
             @ApiResponse(responseCode = "500", description = "Failed to update trapd configuration")
     })
-    Response updateTrapdConfiguration(TrapdConfiguration payload, @Context SecurityContext securityContext);
+    Response updateTrapdConfiguration(TrapdConfigDto payload, @Context SecurityContext securityContext);
 
     @POST
     @Path("user")
@@ -110,7 +110,7 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "409", description = "SNMPv3 user with provided securityName already exists"),
             @ApiResponse(responseCode = "500", description = "Failed to save user")
     })
-    Response saveTrapdUser(Snmpv3User user, @Context SecurityContext securityContext);
+    Response saveTrapdUser(Snmpv3UserDto user, @Context SecurityContext securityContext);
 
     @PUT
     @Path("user/{securityName}")
@@ -127,7 +127,7 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "404", description = "SNMPv3 user with provided securityName was not found"),
             @ApiResponse(responseCode = "500", description = "Failed to update user")
     })
-    Response updateTrapdUser(@PathParam("securityName") String securityName, Snmpv3User user, @Context SecurityContext securityContext);
+    Response updateTrapdUser(@PathParam("securityName") String securityName, Snmpv3UserDto user, @Context SecurityContext securityContext);
 
     @DELETE
     @Path("user/{securityName}")
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
index 7470e5b21baa..c72715904b67 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/Snmpv3UserDto.java
@@ -103,4 +103,16 @@ public static Snmpv3UserDto toDto(Snmpv3User user) {
         dto.setPrivacyPassphrase(user.getPrivacyPassphrase());
         return dto;
     }
+
+    public Snmpv3User toEntity() {
+        Snmpv3User user = new Snmpv3User();
+        user.setEngineId(engineId);
+        user.setSecurityName(securityName);
+        if (securityLevel != null) user.setSecurityLevel(securityLevel);
+        user.setAuthProtocol(authProtocol);
+        user.setAuthPassphrase(authPassphrase);
+        user.setPrivacyProtocol(privacyProtocol);
+        user.setPrivacyPassphrase(privacyPassphrase);
+        return user;
+    }
 }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
index 7349f0ef682d..0b08d4d4e9a6 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/model/TrapdConfigDto.java
@@ -132,4 +132,21 @@ public static TrapdConfigDto toDto(final TrapdConfiguration config) {
         dto.setSnmpv3User(Arrays.stream(config.getSnmpv3User()).map(Snmpv3UserDto::toDto).toList());
         return dto;
     }
+
+    public TrapdConfiguration toEntity() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        if (snmpTrapAddress != null) config.setSnmpTrapAddress(snmpTrapAddress);
+        if (snmpTrapPort != null) config.setSnmpTrapPort(snmpTrapPort);
+        if (newSuspectOnTrap != null) config.setNewSuspectOnTrap(newSuspectOnTrap);
+        if (includeRawMessage != null) config.setIncludeRawMessage(includeRawMessage);
+        if (threads != null) config.setThreads(threads);
+        if (queueSize != null) config.setQueueSize(queueSize);
+        if (batchSize != null) config.setBatchSize(batchSize);
+        if (batchInterval != null) config.setBatchInterval(batchInterval);
+        if (useAddressFromVarbind != null) config.setUseAddressFromVarbind(useAddressFromVarbind);
+        if (snmpv3User != null) {
+            config.setSnmpv3User(snmpv3User.stream().map(Snmpv3UserDto::toEntity).toArray(size -> new org.opennms.netmgt.config.trapd.Snmpv3User[size]));
+        }
+        return config;
+    }
 }
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 4bd62d91415a..6548465a5999 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -22,6 +22,7 @@
 package org.opennms.web.rest.v2;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
@@ -44,10 +45,13 @@
 import org.opennms.core.test.OpenNMSJUnit4ClassRunner;
 import org.opennms.core.test.db.annotations.JUnitTemporaryDatabase;
 import org.opennms.features.config.exception.ValidationException;
+import org.opennms.features.config.service.util.ConfigConvertUtil;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.test.JUnitConfigurationEnvironment;
 import org.opennms.netmgt.config.trapd.Snmpv3User;
+import org.opennms.web.rest.v2.model.Snmpv3UserDto;
+import org.opennms.web.rest.v2.model.TrapdConfigDto;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.web.WebAppConfiguration;
@@ -65,23 +69,89 @@
 @JUnitConfigurationEnvironment(systemProperties = "org.opennms.timeseries.strategy=integration")
 @JUnitTemporaryDatabase
 public class TrapdRestServiceIT {
+    private static final String PASSPHRASE_PLACEHOLDER = "********";
 
     @Autowired
-    private TrapdRestService m_trapdRestService;
+    private TrapdRestService trapdRestService;
 
     @Autowired
-    private TrapdConfigDao m_trapdConfigDao;
+    private TrapdConfigDao trapdConfigDao;
 
     @Before
     public void setUp() throws Exception {
-        m_trapdRestService = new TrapdRestService();
-        m_trapdConfigDao = mock(TrapdConfigDao.class);
-        setField(m_trapdRestService, "trapdConfigDao", m_trapdConfigDao);
+        trapdRestService = new TrapdRestService();
+        trapdConfigDao = mock(TrapdConfigDao.class);
+        setField(trapdRestService, "trapdConfigDao", trapdConfigDao);
     }
 
+    @Test
+    public void testJsonToObjectSupportsKebabCaseProperties() {
+        final String json = "{"
+                + "\"snmp-trap-address\":\"0.0.0.0\","
+                + "\"snmp-trap-port\":1162,"
+                + "\"new-suspect-on-trap\":true,"
+                + "\"include-raw-message\":true,"
+                + "\"queue-size\":2000,"
+                + "\"batch-size\":250,"
+                + "\"batch-interval\":100,"
+                + "\"threads\":4,"
+                + "\"use-address-from-varbind\":true"
+                + "}";
+
+        final TrapdConfiguration config = ConfigConvertUtil.jsonToObject(json, TrapdConfiguration.class);
+
+        assertEquals("0.0.0.0", config.getSnmpTrapAddress());
+        assertEquals(1162, config.getSnmpTrapPort());
+        assertTrue(config.isNewSuspectOnTrap());
+        assertTrue(config.isIncludeRawMessage());
+        assertEquals(2000, config.getQueueSize());
+        assertEquals(250, config.getBatchSize());
+        assertEquals(100, config.getBatchInterval());
+        assertEquals(4, config.getThreads());
+        assertTrue(config.shouldUseAddressFromVarbind());
+    }
+
+    @Test
+    public void testJsonToObjectSupportsCamelCaseProperties() {
+        final String json = "{"
+                + "\"snmpTrapAddress\":\"127.0.0.1\","
+                + "\"snmpTrapPort\":2162,"
+                + "\"newSuspectOnTrap\":false,"
+                + "\"batchSize\":10"
+                + "}";
+
+        final TrapdConfiguration config = ConfigConvertUtil.jsonToObject(json, TrapdConfiguration.class);
+
+        assertEquals("127.0.0.1", config.getSnmpTrapAddress());
+        assertEquals(2162, config.getSnmpTrapPort());
+        assertFalse(config.isNewSuspectOnTrap());
+        assertEquals(10, config.getBatchSize());
+    }
+
+    @Test
+    public void testUseAddressFromVarbindDefaultsToFalse() {
+        final TrapdConfiguration config = ConfigConvertUtil.jsonToObject("{}", TrapdConfiguration.class);
+        assertFalse(config.shouldUseAddressFromVarbind());
+    }
+
+    @Test
+    public void testObjectToJsonOmitsInternalHasFlags() {
+        final TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(true);
+
+        final String json = ConfigConvertUtil.objectToJson(config);
+
+        assertTrue(json.contains("\"snmp-trap-port\":162"));
+        assertTrue(json.contains("\"new-suspect-on-trap\":true"));
+        assertFalse(json.contains("\"has-snmp-trap-port\""));
+        assertFalse(json.contains("\"has-new-suspect-on-trap\""));
+    }
+
+
     @Test
     public void uploadShouldReturnBadRequestWhenAttachmentMissing() {
-        try (Response response = m_trapdRestService.uploadTrapdConfiguration(null, null)) {
+        try (Response response = trapdRestService.uploadTrapdConfiguration(null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Missing uploaded file field 'upload'.", response.getEntity());
         }
@@ -94,7 +164,7 @@ public void uploadShouldReturnBadRequestWhenXmlIsInvalid() {
                 new ByteArrayInputStream("<trapd-configuration".getBytes(StandardCharsets.UTF_8))
         );
 
-        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+        try (Response response = trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Invalid trapd XML configuration.", response.getEntity());
         }
@@ -107,13 +177,13 @@ public void uploadShouldPersistValidXmlAndReturnOk() {
                 new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8))
         );
 
-        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+        try (Response response = trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         assertEquals(10163, captor.getValue().getSnmpTrapPort());
     }
 
@@ -124,13 +194,13 @@ public void uploadShouldPersistUseAddressFromVarbindWhenProvidedInXml() {
                 new ByteArrayInputStream(validTrapdConfigXmlWithUseAddressFromVarbind().getBytes(StandardCharsets.UTF_8))
         );
 
-        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+        try (Response response = trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         assertTrue(captor.getValue().shouldUseAddressFromVarbind());
     }
 
@@ -142,7 +212,7 @@ public void uploadShouldReturnBadRequestWhenValidationFails() {
         );
         whenValidationFailsOnUpdate("schema error");
 
-        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+        try (Response response = trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("schema error", response.getEntity());
         }
@@ -154,9 +224,9 @@ public void uploadShouldReturnServerErrorWhenPersistenceFails() {
         when(attachment.getObject(InputStream.class)).thenReturn(
                 new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8))
         );
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        try (Response response = m_trapdRestService.uploadTrapdConfiguration(attachment, null)) {
+        try (Response response = trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to persist trapd configuration.", response.getEntity());
         }
@@ -168,22 +238,22 @@ public void getShouldReturnOkWithConfigWhenExists() {
         config.setSnmpTrapPort(162);
         config.setSnmpTrapAddress("127.0.0.1");
         config.setNewSuspectOnTrap(false);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
-        try (Response response = m_trapdRestService.getTrapdConfiguration(null)) {
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertTrue(response.getEntity() instanceof TrapdConfiguration);
-            TrapdConfiguration returned = (TrapdConfiguration) response.getEntity();
-            assertEquals(162, returned.getSnmpTrapPort());
+            assertTrue(response.getEntity() instanceof TrapdConfigDto);
+            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
+            assertEquals(Integer.valueOf(162), returned.getSnmpTrapPort());
             assertEquals("127.0.0.1", returned.getSnmpTrapAddress());
         }
     }
 
     @Test
     public void getShouldReturnNotFoundWhenNoConfigurationExists() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+        when(trapdConfigDao.getConfig()).thenReturn(null);
 
-        try (Response response = m_trapdRestService.getTrapdConfiguration(null)) {
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
             assertEquals("Trapd configuration not found.", response.getEntity());
         }
@@ -191,21 +261,177 @@ public void getShouldReturnNotFoundWhenNoConfigurationExists() {
 
     @Test
     public void getShouldReturnServerErrorWhenExceptionThrown() {
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).getConfig();
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).getConfig();
 
-        try (Response response = m_trapdRestService.getTrapdConfiguration(null)) {
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to retrieve trapd configuration.", response.getEntity());
         }
     }
 
+    // --- passphrase masking tests ---
+
+    @Test
+    public void getShouldMaskBothPassphrasesWithPlaceholder() {
+        TrapdConfiguration config = buildMinimalConfig();
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("real-auth-secret");
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("real-priv-secret");
+        config.addSnmpv3User(user);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
+            Snmpv3UserDto returnedUser = returned.getSnmpv3User().get(0);
+            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getAuthPassphrase());
+            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getPrivacyPassphrase());
+        }
+    }
+
+    @Test
+    public void getShouldMaskAuthPassphraseWhenPrivacyPassphraseIsAbsent() {
+        TrapdConfiguration config = buildMinimalConfig();
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(2);
+        user.setAuthProtocol("MD5");
+        user.setAuthPassphrase("real-auth-secret");
+        config.addSnmpv3User(user);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
+            Snmpv3UserDto returnedUser = returned.getSnmpv3User().get(0);
+            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getAuthPassphrase());
+            assertNull(returnedUser.getPrivacyPassphrase());
+        }
+    }
+
+    @Test
+    public void getShouldNotSetPlaceholderWhenPassphrasesAreNull() {
+        TrapdConfiguration config = buildMinimalConfig();
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(1);
+        // no auth or privacy passphrase set
+        config.addSnmpv3User(user);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
+            Snmpv3UserDto returnedUser = returned.getSnmpv3User().get(0);
+            assertNull(returnedUser.getAuthPassphrase());
+            assertNull(returnedUser.getPrivacyPassphrase());
+        }
+    }
+
+    @Test
+    public void getShouldMaskPassphrasesForEveryUser() {
+        TrapdConfiguration config = buildMinimalConfig();
+
+        Snmpv3User userA = new Snmpv3User();
+        userA.setSecurityName("user-a");
+        userA.setSecurityLevel(3);
+        userA.setAuthProtocol("SHA");
+        userA.setAuthPassphrase("secret-a-auth");
+        userA.setPrivacyProtocol("AES");
+        userA.setPrivacyPassphrase("secret-a-priv");
+        config.addSnmpv3User(userA);
+
+        Snmpv3User userB = new Snmpv3User();
+        userB.setSecurityName("user-b");
+        userB.setSecurityLevel(2);
+        userB.setAuthProtocol("MD5");
+        userB.setAuthPassphrase("secret-b-auth");
+        config.addSnmpv3User(userB);
+
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
+            assertEquals(2, returned.getSnmpv3User().size());
+            assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(0).getAuthPassphrase());
+            assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(0).getPrivacyPassphrase());
+            assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(1).getAuthPassphrase());
+            assertNull(returned.getSnmpv3User().get(1).getPrivacyPassphrase());
+        }
+    }
+
+    @Test
+    public void getShouldNotMutateStoredConfigWhenMaskingPassphrases() {
+        TrapdConfiguration config = buildMinimalConfig();
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("real-auth-secret");
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("real-priv-secret");
+        config.addSnmpv3User(user);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+
+        // Original stored config must be untouched
+        assertEquals("real-auth-secret", config.getSnmpv3User(0).getAuthPassphrase());
+        assertEquals("real-priv-secret", config.getSnmpv3User(0).getPrivacyPassphrase());
+    }
+
+    @Test
+    public void getShouldReturnConfigWithOtherFieldsIntactAfterMasking() {
+        TrapdConfiguration config = buildMinimalConfig();
+        Snmpv3User user = new Snmpv3User();
+        user.setSecurityName("engine-user");
+        user.setEngineId("0x8000000001020304");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("real-auth-secret");
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("real-priv-secret");
+        config.addSnmpv3User(user);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
+            Snmpv3UserDto returnedUser = returned.getSnmpv3User().get(0);
+            // Non-sensitive fields must be preserved
+            assertEquals("engine-user", returnedUser.getSecurityName());
+            assertEquals("0x8000000001020304", returnedUser.getEngineId());
+            assertEquals("SHA", returnedUser.getAuthProtocol());
+            assertEquals("AES", returnedUser.getPrivacyProtocol());
+            assertEquals(Integer.valueOf(3), returnedUser.getSecurityLevel());
+            // Sensitive fields must be masked
+            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getAuthPassphrase());
+            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getPrivacyPassphrase());
+        }
+    }
+
+    private static TrapdConfiguration buildMinimalConfig() {
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setSnmpTrapAddress("*");
+        config.setNewSuspectOnTrap(false);
+        return config;
+    }
+
     @Test
     public void saveUserShouldReturnBadRequestWhenPayloadMissing() {
-        try (Response response = m_trapdRestService.saveTrapdUser(null, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Missing SNMPv3 user in request body.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -213,24 +439,24 @@ public void saveUserShouldPersistUserAndReturnOk() {
         TrapdConfiguration existing = new TrapdConfiguration();
         existing.setSnmpTrapPort(1162);
         existing.setNewSuspectOnTrap(false);
-        when(m_trapdConfigDao.getConfig()).thenReturn(existing);
-
-        Snmpv3User user = new Snmpv3User();
-        user.setEngineId("8000000001020304");
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
-        user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase("priv-pass");
-
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        when(trapdConfigDao.getConfig()).thenReturn(existing);
+
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setEngineId("8000000001020304");
+        userDto.setSecurityName("opennms-user");
+        userDto.setSecurityLevel(3);
+        userDto.setAuthProtocol("SHA");
+        userDto.setAuthPassphrase("auth-pass");
+        userDto.setPrivacyProtocol("AES");
+        userDto.setPrivacyPassphrase("priv-pass");
+
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         TrapdConfiguration persisted = captor.getValue();
         assertEquals(1, persisted.getSnmpv3UserCount());
         assertEquals("opennms-user", persisted.getSnmpv3User(0).getSecurityName());
@@ -238,50 +464,50 @@ public void saveUserShouldPersistUserAndReturnOk() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityNameMissing() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityLevel(1);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityName is required.", response.getEntity());
         }
 
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelMissing() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("opennms-user");
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel is required.", response.getEntity());
         }
 
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelThreeMissingPrivacy() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("opennms-user");
+        userDto.setSecurityLevel(3);
+        userDto.setAuthProtocol("SHA");
+        userDto.setAuthPassphrase("auth-pass");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel 3 requires both auth and privacy credentials.", response.getEntity());
         }
 
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -289,14 +515,14 @@ public void saveUserShouldReturnBadRequestWhenValidationFails() {
         TrapdConfiguration existing = new TrapdConfiguration();
         existing.setSnmpTrapPort(1162);
         existing.setNewSuspectOnTrap(false);
-        when(m_trapdConfigDao.getConfig()).thenReturn(existing);
+        when(trapdConfigDao.getConfig()).thenReturn(existing);
         whenValidationFailsOnUpdate("user validation failed");
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(1);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("opennms-user");
+        userDto.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("user validation failed", response.getEntity());
         }
@@ -304,14 +530,14 @@ public void saveUserShouldReturnBadRequestWhenValidationFails() {
 
     @Test
     public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(1);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("opennms-user");
+        userDto.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to persist trapd user.", response.getEntity());
         }
@@ -319,19 +545,19 @@ public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
 
     @Test
     public void saveUserShouldCreateNewConfigWhenNoneExists() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+        when(trapdConfigDao.getConfig()).thenReturn(null);
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(1);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("opennms-user");
+        userDto.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         TrapdConfiguration persisted = captor.getValue();
         assertEquals(1, persisted.getSnmpv3UserCount());
         assertEquals(162, persisted.getSnmpTrapPort());
@@ -345,59 +571,59 @@ public void saveUserShouldReturnConflictWhenSecurityNameAlreadyExists() {
         Snmpv3User existingUser = new Snmpv3User();
         existingUser.setSecurityName("duplicate-user");
         existing.addSnmpv3User(existingUser);
-        when(m_trapdConfigDao.getConfig()).thenReturn(existing);
+        when(trapdConfigDao.getConfig()).thenReturn(existing);
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("duplicate-user");
-        user.setSecurityLevel(1);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("duplicate-user");
+        userDto.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
             assertEquals("SNMPv3 user with securityName 'duplicate-user' already exists.", response.getEntity());
         }
 
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     // --- validateSnmpv3UserPayload rule tests ---
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelOutOfRange() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(5);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("opennms-user");
+        userDto.setSecurityLevel(5);
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel must be between 1 and 3.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenAuthProtocolIsInvalid() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(2);
         user.setAuthProtocol("MD2");
         user.setAuthPassphrase("auth-pass");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Unsupported authProtocol.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
@@ -405,35 +631,35 @@ public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
         user.setPrivacyProtocol("3DES");
         user.setPrivacyPassphrase("priv-pass");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Unsupported privacyProtocol.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(2);
         user.setAuthProtocol("SHA");
         // no authPassphrase
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("authProtocol and authPassphrase must be provided together.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
@@ -441,35 +667,35 @@ public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
         user.setPrivacyProtocol("AES");
         // no privacyPassphrase
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("privacyProtocol and privacyPassphrase must be provided together.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenAuthPassphraseProvidedWithoutProtocol() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(2);
         // no authProtocol
         user.setAuthPassphrase("auth-pass");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("authProtocol and authPassphrase must be provided together.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenPrivacyPassphraseProvidedWithoutProtocol() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
@@ -477,51 +703,51 @@ public void saveUserShouldRejectWhenPrivacyPassphraseProvidedWithoutProtocol() {
         // no privacyProtocol
         user.setPrivacyPassphrase("priv-pass");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("privacyProtocol and privacyPassphrase must be provided together.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelOneHasAuthCredentials() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(1);
         user.setAuthProtocol("SHA");
         user.setAuthPassphrase("auth-pass");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel 1 does not allow auth or privacy credentials.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelTwoMissingAuthCredentials() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(2);
         // no auth protocol/passphrase
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel 2 requires auth credentials and does not allow privacy credentials.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelTwoHasPrivacyCredentials() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(2);
         user.setAuthProtocol("SHA");
@@ -529,40 +755,40 @@ public void saveUserShouldRejectWhenSecurityLevelTwoHasPrivacyCredentials() {
         user.setPrivacyProtocol("AES");
         user.setPrivacyPassphrase("priv-pass");
 
-        try (Response response = m_trapdRestService.saveTrapdUser(user, null)) {
+        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel 2 requires auth credentials and does not allow privacy credentials.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void deleteUserShouldReturnBadRequestWhenSecurityNameNull() {
-        try (Response response = m_trapdRestService.deleteTrapdUser(null, null)) {
+        try (Response response = trapdRestService.deleteTrapdUser(null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Valid security name is required.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void deleteUserShouldReturnBadRequestWhenSecurityNameBlank() {
-        try (Response response = m_trapdRestService.deleteTrapdUser("   ", null)) {
+        try (Response response = trapdRestService.deleteTrapdUser("   ", null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Valid security name is required.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void deleteUserShouldReturnNotFoundWhenNoConfig() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+        when(trapdConfigDao.getConfig()).thenReturn(null);
 
-        try (Response response = m_trapdRestService.deleteTrapdUser("missing-user", null)) {
+        try (Response response = trapdRestService.deleteTrapdUser("missing-user", null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
             assertEquals("Trapd configuration not found.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -570,13 +796,13 @@ public void deleteUserShouldReturnNotFoundWhenSecurityNameMissing() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
-        try (Response response = m_trapdRestService.deleteTrapdUser("missing-user", null)) {
+        try (Response response = trapdRestService.deleteTrapdUser("missing-user", null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
             assertEquals("SNMPv3 user with securityName 'missing-user' was not found.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -588,15 +814,15 @@ public void deleteUserShouldRemoveUserAndReturnNoContent() {
         user.setSecurityName("user-to-delete");
         user.setSecurityLevel(1);
         config.addSnmpv3User(user);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
-        try (Response response = m_trapdRestService.deleteTrapdUser("user-to-delete", null)) {
+        try (Response response = trapdRestService.deleteTrapdUser("user-to-delete", null)) {
             assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         assertEquals(0, captor.getValue().getSnmpv3UserCount());
     }
 
@@ -611,14 +837,14 @@ public void deleteUserShouldRemoveOnlyMatchingSecurityName() {
         remove.setSecurityName("remove-user");
         config.addSnmpv3User(keep);
         config.addSnmpv3User(remove);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
-        try (Response response = m_trapdRestService.deleteTrapdUser("remove-user", null)) {
+        try (Response response = trapdRestService.deleteTrapdUser("remove-user", null)) {
             assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         assertEquals(1, captor.getValue().getSnmpv3UserCount());
         assertEquals("keep-user", captor.getValue().getSnmpv3User(0).getSecurityName());
     }
@@ -631,10 +857,10 @@ public void deleteUserShouldReturnBadRequestWhenValidationFails() {
         Snmpv3User user = new Snmpv3User();
         user.setSecurityName("test-user");
         config.addSnmpv3User(user);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
         whenValidationFailsOnUpdate("delete validation error");
 
-        try (Response response = m_trapdRestService.deleteTrapdUser("test-user", null)) {
+        try (Response response = trapdRestService.deleteTrapdUser("test-user", null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("delete validation error", response.getEntity());
         }
@@ -648,10 +874,10 @@ public void deleteUserShouldReturnServerErrorWhenPersistenceThrows() {
         Snmpv3User user = new Snmpv3User();
         user.setSecurityName("test-user");
         config.addSnmpv3User(user);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        try (Response response = m_trapdRestService.deleteTrapdUser("test-user", null)) {
+        try (Response response = trapdRestService.deleteTrapdUser("test-user", null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to delete trapd user.", response.getEntity());
         }
@@ -659,63 +885,63 @@ public void deleteUserShouldReturnServerErrorWhenPersistenceThrows() {
 
     @Test
     public void updateUserShouldReturnBadRequestWhenSecurityNameNull() {
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser(null, user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser(null, user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Valid security name is required.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void updateUserShouldReturnBadRequestWhenSecurityNameBlank() {
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser("", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Valid security name is required.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void updateUserShouldReturnBadRequestWhenPathAndPayloadSecurityNameMismatch() {
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("payload-user");
         user.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.updateTrapdUser("path-user", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("path-user", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Path securityName must match payload securityName.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).getConfig();
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).getConfig();
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void updateUserShouldReturnBadRequestWhenPayloadNull() {
-        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", null, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("existing-user", null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Missing SNMPv3 user in request body.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void updateUserShouldReturnNotFoundWhenNoConfig() {
-        when(m_trapdConfigDao.getConfig()).thenReturn(null);
+        when(trapdConfigDao.getConfig()).thenReturn(null);
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser("opennms-user", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("opennms-user", user, null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
             assertEquals("Trapd configuration not found.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -723,16 +949,16 @@ public void updateUserShouldReturnNotFoundWhenSecurityNameMissing() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("missing-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser("missing-user", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("missing-user", user, null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
             assertEquals("SNMPv3 user with securityName 'missing-user' was not found.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -743,17 +969,17 @@ public void updateUserShouldReturnBadRequestWhenSecurityLevelMissing() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("existing-user");
 
-        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("existing-user", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel is required.", response.getEntity());
         }
 
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -764,20 +990,20 @@ public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         // securityLevel 3 requires privacy — missing privacy intentionally
-        Snmpv3User user = new Snmpv3User();
+        Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("existing-user");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
         user.setAuthPassphrase("auth-pass");
 
-        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("existing-user", user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("securityLevel 3 requires both auth and privacy credentials.", response.getEntity());
         }
-        verify(m_trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -789,23 +1015,23 @@ public void updateUserShouldReplaceUserBySecurityNameAndReturnOk() {
         existing.setSecurityName("old-user");
         existing.setSecurityLevel(1);
         config.addSnmpv3User(existing);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
-        Snmpv3User updated = new Snmpv3User();
-        updated.setSecurityName("old-user");
-        updated.setSecurityLevel(3);
-        updated.setAuthProtocol("SHA");
-        updated.setAuthPassphrase("auth-pass");
-        updated.setPrivacyProtocol("AES");
-        updated.setPrivacyPassphrase("priv-pass");
+        Snmpv3UserDto updatedDto = new Snmpv3UserDto();
+        updatedDto.setSecurityName("old-user");
+        updatedDto.setSecurityLevel(3);
+        updatedDto.setAuthProtocol("SHA");
+        updatedDto.setAuthPassphrase("auth-pass");
+        updatedDto.setPrivacyProtocol("AES");
+        updatedDto.setPrivacyPassphrase("priv-pass");
 
-        try (Response response = m_trapdRestService.updateTrapdUser("old-user", updated, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("old-user", updatedDto, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         assertEquals(1, captor.getValue().getSnmpv3UserCount());
         assertEquals("old-user", captor.getValue().getSnmpv3User(0).getSecurityName());
     }
@@ -818,14 +1044,14 @@ public void updateUserShouldReturnBadRequestWhenSchemaValidationFails() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
         whenValidationFailsOnUpdate("schema update error");
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("existing-user");
-        user.setSecurityLevel(1);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("existing-user");
+        userDto.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("existing-user", userDto, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("schema update error", response.getEntity());
         }
@@ -839,14 +1065,14 @@ public void updateUserShouldReturnServerErrorWhenPersistenceThrows() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(m_trapdConfigDao.getConfig()).thenReturn(config);
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        when(trapdConfigDao.getConfig()).thenReturn(config);
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("existing-user");
-        user.setSecurityLevel(1);
+        Snmpv3UserDto userDto = new Snmpv3UserDto();
+        userDto.setSecurityName("existing-user");
+        userDto.setSecurityLevel(1);
 
-        try (Response response = m_trapdRestService.updateTrapdUser("existing-user", user, null)) {
+        try (Response response = trapdRestService.updateTrapdUser("existing-user", userDto, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to update trapd user.", response.getEntity());
         }
@@ -854,7 +1080,7 @@ public void updateUserShouldReturnServerErrorWhenPersistenceThrows() {
 
     @Test
     public void updateShouldReturnBadRequestWhenPayloadMissing() {
-        try (Response response = m_trapdRestService.updateTrapdConfiguration(null, null)) {
+        try (Response response = trapdRestService.updateTrapdConfiguration(null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Missing trapd configuration in request body.", response.getEntity());
         }
@@ -862,33 +1088,33 @@ public void updateShouldReturnBadRequestWhenPayloadMissing() {
 
     @Test
     public void updateShouldReturnBadRequestWhenSnmpTrapPortMissing() {
-        TrapdConfiguration payload = new TrapdConfiguration();
+        TrapdConfigDto payload = new TrapdConfigDto();
         payload.setNewSuspectOnTrap(false);
 
-        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("snmpTrapPort is required.", response.getEntity());
         }
 
-        verify(m_trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void updateShouldReturnBadRequestWhenNewSuspectOnTrapMissing() {
-        TrapdConfiguration payload = new TrapdConfiguration();
+        TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapPort(10164);
 
-        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("newSuspectOnTrap is required.", response.getEntity());
         }
 
-        verify(m_trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
     public void updateShouldMergePayloadAndPersist() {
-        TrapdConfiguration payload = new TrapdConfiguration();
+        TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
         payload.setSnmpTrapPort(10164);
         payload.setNewSuspectOnTrap(false);
@@ -896,13 +1122,13 @@ public void updateShouldMergePayloadAndPersist() {
         payload.setQueueSize(1000);
         payload.setIncludeRawMessage(true);
 
-        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfigWithoutUsers(captor.capture());
+        verify(trapdConfigDao).updateConfigWithoutUsers(captor.capture());
         TrapdConfiguration persisted = captor.getValue();
         assertEquals(10164, persisted.getSnmpTrapPort());
         assertEquals(4, persisted.getThreads());
@@ -911,32 +1137,32 @@ public void updateShouldMergePayloadAndPersist() {
 
     @Test
     public void updateShouldPersistUseAddressFromVarbindWhenProvided() {
-        TrapdConfiguration payload = new TrapdConfiguration();
+        TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
         payload.setSnmpTrapPort(1162);
         payload.setNewSuspectOnTrap(false);
         payload.setUseAddressFromVarbind(true);
 
-        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             assertNull(response.getEntity());
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(m_trapdConfigDao).updateConfigWithoutUsers(captor.capture());
+        verify(trapdConfigDao).updateConfigWithoutUsers(captor.capture());
         assertTrue(captor.getValue().shouldUseAddressFromVarbind());
     }
 
     @Test
     public void updateShouldReturnBadRequestWhenValidationFails() {
         org.mockito.Mockito.doThrow(new ValidationException("validation failed"))
-                .when(m_trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+                .when(trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        TrapdConfiguration payload = new TrapdConfiguration();
+        TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapPort(10164);
         payload.setNewSuspectOnTrap(false);
 
-        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("validation failed", response.getEntity());
         }
@@ -945,20 +1171,20 @@ public void updateShouldReturnBadRequestWhenValidationFails() {
     @Test
     public void updateShouldReturnServerErrorWhenPersistenceThrows() {
         org.mockito.Mockito.doThrow(new RuntimeException("db down"))
-                .when(m_trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+                .when(trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
 
-        TrapdConfiguration payload = new TrapdConfiguration();
+        TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapPort(10164);
         payload.setNewSuspectOnTrap(false);
 
-        try (Response response = m_trapdRestService.updateTrapdConfiguration(payload, null)) {
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
             assertEquals("Failed to persist trapd configuration.", response.getEntity());
         }
     }
 
     private void whenValidationFailsOnUpdate(final String message) {
-        org.mockito.Mockito.doThrow(new ValidationException(message)).when(m_trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        org.mockito.Mockito.doThrow(new ValidationException(message)).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     private static void setField(final Object target, final String fieldName, final Object value) throws Exception {
@@ -981,4 +1207,3 @@ private static String validTrapdConfigXmlWithUseAddressFromVarbind() {
                 + "batch-size=\"1000\" batch-interval=\"500\" use-address-from-varbind=\"true\"/>";
     }
 }
-
diff --git a/pom.xml b/pom.xml
index 01e3d6df448e..225806c13571 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1098,7 +1098,7 @@
           <licenseSets>
             <licenseSet>
               <header>src/main/resources/license-header.txt</header>
-              <!-- some of these excludes are aspirational, for when we expand this beyond the basics 😅 -->
+              <!-- some of these excludes are aspirational, for when we expand this beyond the basics -->
               <excludes>
                 <!-- short term, let's exclude everything but c/c++/groovy/java/js/ts -->
                 <exclude>**/*.css</exclude>

From f4fcae41abe2de8dc82df917fd4f8ce650228863 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 26 Mar 2026 00:06:38 +0500
Subject: [PATCH 18/41] test cases fix

---
 .../opennms/web/rest/v2/TrapdRestService.java |   2 +-
 .../web/rest/v2/TrapdRestServiceIT.java       | 334 +++++++++++-------
 2 files changed, 206 insertions(+), 130 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 3ba113afe631..570ff284232d 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -249,7 +249,7 @@ private String validateTrapdConfigDtoFields(TrapdConfigDto configDto) {
             return "snmpTrapAddress is required.";
         }
         if (configDto.getSnmpTrapPort() == null || configDto.getSnmpTrapPort() < 1 || configDto.getSnmpTrapPort() > 65535) {
-            return "snmpTrapPort must be between 1 and 65535.";
+            return "snmpTrapPort is required and must be between 1 and 65535.";
         }
         if (configDto.getThreads() != null && configDto.getThreads() < 0) {
             return "threads must be non-negative.";
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 6548465a5999..7a673d1498f9 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -22,7 +22,6 @@
 package org.opennms.web.rest.v2;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
@@ -45,7 +44,6 @@
 import org.opennms.core.test.OpenNMSJUnit4ClassRunner;
 import org.opennms.core.test.db.annotations.JUnitTemporaryDatabase;
 import org.opennms.features.config.exception.ValidationException;
-import org.opennms.features.config.service.util.ConfigConvertUtil;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.test.JUnitConfigurationEnvironment;
@@ -84,70 +82,6 @@ public void setUp() throws Exception {
         setField(trapdRestService, "trapdConfigDao", trapdConfigDao);
     }
 
-    @Test
-    public void testJsonToObjectSupportsKebabCaseProperties() {
-        final String json = "{"
-                + "\"snmp-trap-address\":\"0.0.0.0\","
-                + "\"snmp-trap-port\":1162,"
-                + "\"new-suspect-on-trap\":true,"
-                + "\"include-raw-message\":true,"
-                + "\"queue-size\":2000,"
-                + "\"batch-size\":250,"
-                + "\"batch-interval\":100,"
-                + "\"threads\":4,"
-                + "\"use-address-from-varbind\":true"
-                + "}";
-
-        final TrapdConfiguration config = ConfigConvertUtil.jsonToObject(json, TrapdConfiguration.class);
-
-        assertEquals("0.0.0.0", config.getSnmpTrapAddress());
-        assertEquals(1162, config.getSnmpTrapPort());
-        assertTrue(config.isNewSuspectOnTrap());
-        assertTrue(config.isIncludeRawMessage());
-        assertEquals(2000, config.getQueueSize());
-        assertEquals(250, config.getBatchSize());
-        assertEquals(100, config.getBatchInterval());
-        assertEquals(4, config.getThreads());
-        assertTrue(config.shouldUseAddressFromVarbind());
-    }
-
-    @Test
-    public void testJsonToObjectSupportsCamelCaseProperties() {
-        final String json = "{"
-                + "\"snmpTrapAddress\":\"127.0.0.1\","
-                + "\"snmpTrapPort\":2162,"
-                + "\"newSuspectOnTrap\":false,"
-                + "\"batchSize\":10"
-                + "}";
-
-        final TrapdConfiguration config = ConfigConvertUtil.jsonToObject(json, TrapdConfiguration.class);
-
-        assertEquals("127.0.0.1", config.getSnmpTrapAddress());
-        assertEquals(2162, config.getSnmpTrapPort());
-        assertFalse(config.isNewSuspectOnTrap());
-        assertEquals(10, config.getBatchSize());
-    }
-
-    @Test
-    public void testUseAddressFromVarbindDefaultsToFalse() {
-        final TrapdConfiguration config = ConfigConvertUtil.jsonToObject("{}", TrapdConfiguration.class);
-        assertFalse(config.shouldUseAddressFromVarbind());
-    }
-
-    @Test
-    public void testObjectToJsonOmitsInternalHasFlags() {
-        final TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(true);
-
-        final String json = ConfigConvertUtil.objectToJson(config);
-
-        assertTrue(json.contains("\"snmp-trap-port\":162"));
-        assertTrue(json.contains("\"new-suspect-on-trap\":true"));
-        assertFalse(json.contains("\"has-snmp-trap-port\""));
-        assertFalse(json.contains("\"has-new-suspect-on-trap\""));
-    }
-
 
     @Test
     public void uploadShouldReturnBadRequestWhenAttachmentMissing() {
@@ -238,7 +172,7 @@ public void getShouldReturnOkWithConfigWhenExists() {
         config.setSnmpTrapPort(162);
         config.setSnmpTrapAddress("127.0.0.1");
         config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -251,7 +185,7 @@ public void getShouldReturnOkWithConfigWhenExists() {
 
     @Test
     public void getShouldReturnNotFoundWhenNoConfigurationExists() {
-        when(trapdConfigDao.getConfig()).thenReturn(null);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
@@ -261,7 +195,7 @@ public void getShouldReturnNotFoundWhenNoConfigurationExists() {
 
     @Test
     public void getShouldReturnServerErrorWhenExceptionThrown() {
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).getConfig();
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).getMaskedConfig();
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
@@ -278,11 +212,11 @@ public void getShouldMaskBothPassphrasesWithPlaceholder() {
         user.setSecurityName("user1");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("real-auth-secret");
+        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase("real-priv-secret");
+        user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -300,9 +234,9 @@ public void getShouldMaskAuthPassphraseWhenPrivacyPassphraseIsAbsent() {
         user.setSecurityName("user1");
         user.setSecurityLevel(2);
         user.setAuthProtocol("MD5");
-        user.setAuthPassphrase("real-auth-secret");
+        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -321,7 +255,7 @@ public void getShouldNotSetPlaceholderWhenPassphrasesAreNull() {
         user.setSecurityLevel(1);
         // no auth or privacy passphrase set
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -340,19 +274,19 @@ public void getShouldMaskPassphrasesForEveryUser() {
         userA.setSecurityName("user-a");
         userA.setSecurityLevel(3);
         userA.setAuthProtocol("SHA");
-        userA.setAuthPassphrase("secret-a-auth");
+        userA.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         userA.setPrivacyProtocol("AES");
-        userA.setPrivacyPassphrase("secret-a-priv");
+        userA.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(userA);
 
         Snmpv3User userB = new Snmpv3User();
         userB.setSecurityName("user-b");
         userB.setSecurityLevel(2);
         userB.setAuthProtocol("MD5");
-        userB.setAuthPassphrase("secret-b-auth");
+        userB.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(userB);
 
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -372,19 +306,19 @@ public void getShouldNotMutateStoredConfigWhenMaskingPassphrases() {
         user.setSecurityName("user1");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("real-auth-secret");
+        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase("real-priv-secret");
+        user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
         }
 
-        // Original stored config must be untouched
-        assertEquals("real-auth-secret", config.getSnmpv3User(0).getAuthPassphrase());
-        assertEquals("real-priv-secret", config.getSnmpv3User(0).getPrivacyPassphrase());
+        // The config returned by getMaskedConfig should not have been mutated by the service
+        assertEquals(PASSPHRASE_PLACEHOLDER, config.getSnmpv3User(0).getAuthPassphrase());
+        assertEquals(PASSPHRASE_PLACEHOLDER, config.getSnmpv3User(0).getPrivacyPassphrase());
     }
 
     @Test
@@ -395,11 +329,11 @@ public void getShouldReturnConfigWithOtherFieldsIntactAfterMasking() {
         user.setEngineId("0x8000000001020304");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("real-auth-secret");
+        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase("real-priv-secret");
+        user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -439,7 +373,7 @@ public void saveUserShouldPersistUserAndReturnOk() {
         TrapdConfiguration existing = new TrapdConfiguration();
         existing.setSnmpTrapPort(1162);
         existing.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getConfig()).thenReturn(existing);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(existing);
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
         userDto.setEngineId("8000000001020304");
@@ -464,7 +398,7 @@ public void saveUserShouldPersistUserAndReturnOk() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityNameMissing() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
         userDto.setSecurityLevel(1);
@@ -479,7 +413,7 @@ public void saveUserShouldRejectWhenSecurityNameMissing() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelMissing() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
         userDto.setSecurityName("opennms-user");
@@ -494,7 +428,7 @@ public void saveUserShouldRejectWhenSecurityLevelMissing() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelThreeMissingPrivacy() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
         userDto.setSecurityName("opennms-user");
@@ -515,7 +449,7 @@ public void saveUserShouldReturnBadRequestWhenValidationFails() {
         TrapdConfiguration existing = new TrapdConfiguration();
         existing.setSnmpTrapPort(1162);
         existing.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getConfig()).thenReturn(existing);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(existing);
         whenValidationFailsOnUpdate("user validation failed");
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
@@ -530,7 +464,7 @@ public void saveUserShouldReturnBadRequestWhenValidationFails() {
 
     @Test
     public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
         org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
@@ -544,23 +478,19 @@ public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
     }
 
     @Test
-    public void saveUserShouldCreateNewConfigWhenNoneExists() {
-        when(trapdConfigDao.getConfig()).thenReturn(null);
+    public void saveUserShouldReturnNotFoundWhenNoConfigExists() {
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
         userDto.setSecurityName("opennms-user");
         userDto.setSecurityLevel(1);
 
         try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertNull(response.getEntity());
+            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
+            assertEquals("Trapd configuration not found.", response.getEntity());
         }
 
-        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
-        TrapdConfiguration persisted = captor.getValue();
-        assertEquals(1, persisted.getSnmpv3UserCount());
-        assertEquals(162, persisted.getSnmpTrapPort());
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -571,7 +501,7 @@ public void saveUserShouldReturnConflictWhenSecurityNameAlreadyExists() {
         Snmpv3User existingUser = new Snmpv3User();
         existingUser.setSecurityName("duplicate-user");
         existing.addSnmpv3User(existingUser);
-        when(trapdConfigDao.getConfig()).thenReturn(existing);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(existing);
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
         userDto.setSecurityName("duplicate-user");
@@ -589,7 +519,7 @@ public void saveUserShouldReturnConflictWhenSecurityNameAlreadyExists() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelOutOfRange() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
         userDto.setSecurityName("opennms-user");
@@ -604,7 +534,7 @@ public void saveUserShouldRejectWhenSecurityLevelOutOfRange() {
 
     @Test
     public void saveUserShouldRejectWhenAuthProtocolIsInvalid() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -621,7 +551,7 @@ public void saveUserShouldRejectWhenAuthProtocolIsInvalid() {
 
     @Test
     public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -640,7 +570,7 @@ public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
 
     @Test
     public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -657,7 +587,7 @@ public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
 
     @Test
     public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -676,7 +606,7 @@ public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
 
     @Test
     public void saveUserShouldRejectWhenAuthPassphraseProvidedWithoutProtocol() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -693,7 +623,7 @@ public void saveUserShouldRejectWhenAuthPassphraseProvidedWithoutProtocol() {
 
     @Test
     public void saveUserShouldRejectWhenPrivacyPassphraseProvidedWithoutProtocol() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -712,7 +642,7 @@ public void saveUserShouldRejectWhenPrivacyPassphraseProvidedWithoutProtocol() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelOneHasAuthCredentials() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -729,7 +659,7 @@ public void saveUserShouldRejectWhenSecurityLevelOneHasAuthCredentials() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelTwoMissingAuthCredentials() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -745,7 +675,7 @@ public void saveUserShouldRejectWhenSecurityLevelTwoMissingAuthCredentials() {
 
     @Test
     public void saveUserShouldRejectWhenSecurityLevelTwoHasPrivacyCredentials() {
-        when(trapdConfigDao.getConfig()).thenReturn(new TrapdConfiguration());
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -782,7 +712,7 @@ public void deleteUserShouldReturnBadRequestWhenSecurityNameBlank() {
 
     @Test
     public void deleteUserShouldReturnNotFoundWhenNoConfig() {
-        when(trapdConfigDao.getConfig()).thenReturn(null);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
 
         try (Response response = trapdRestService.deleteTrapdUser("missing-user", null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
@@ -796,7 +726,7 @@ public void deleteUserShouldReturnNotFoundWhenSecurityNameMissing() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.deleteTrapdUser("missing-user", null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
@@ -814,7 +744,7 @@ public void deleteUserShouldRemoveUserAndReturnNoContent() {
         user.setSecurityName("user-to-delete");
         user.setSecurityLevel(1);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.deleteTrapdUser("user-to-delete", null)) {
             assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
@@ -837,7 +767,7 @@ public void deleteUserShouldRemoveOnlyMatchingSecurityName() {
         remove.setSecurityName("remove-user");
         config.addSnmpv3User(keep);
         config.addSnmpv3User(remove);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.deleteTrapdUser("remove-user", null)) {
             assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
@@ -857,7 +787,7 @@ public void deleteUserShouldReturnBadRequestWhenValidationFails() {
         Snmpv3User user = new Snmpv3User();
         user.setSecurityName("test-user");
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
         whenValidationFailsOnUpdate("delete validation error");
 
         try (Response response = trapdRestService.deleteTrapdUser("test-user", null)) {
@@ -874,7 +804,7 @@ public void deleteUserShouldReturnServerErrorWhenPersistenceThrows() {
         Snmpv3User user = new Snmpv3User();
         user.setSecurityName("test-user");
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
         org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         try (Response response = trapdRestService.deleteTrapdUser("test-user", null)) {
@@ -917,7 +847,7 @@ public void updateUserShouldReturnBadRequestWhenPathAndPayloadSecurityNameMismat
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             assertEquals("Path securityName must match payload securityName.", response.getEntity());
         }
-        verify(trapdConfigDao, never()).getConfig();
+        verify(trapdConfigDao, never()).getMaskedConfig();
         verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
@@ -932,7 +862,7 @@ public void updateUserShouldReturnBadRequestWhenPayloadNull() {
 
     @Test
     public void updateUserShouldReturnNotFoundWhenNoConfig() {
-        when(trapdConfigDao.getConfig()).thenReturn(null);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -949,7 +879,7 @@ public void updateUserShouldReturnNotFoundWhenSecurityNameMissing() {
         TrapdConfiguration config = new TrapdConfiguration();
         config.setSnmpTrapPort(162);
         config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("missing-user");
@@ -969,7 +899,7 @@ public void updateUserShouldReturnBadRequestWhenSecurityLevelMissing() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("existing-user");
@@ -990,7 +920,7 @@ public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         // securityLevel 3 requires privacy — missing privacy intentionally
         Snmpv3UserDto user = new Snmpv3UserDto();
@@ -1015,7 +945,7 @@ public void updateUserShouldReplaceUserBySecurityNameAndReturnOk() {
         existing.setSecurityName("old-user");
         existing.setSecurityLevel(1);
         config.addSnmpv3User(existing);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         Snmpv3UserDto updatedDto = new Snmpv3UserDto();
         updatedDto.setSecurityName("old-user");
@@ -1044,7 +974,7 @@ public void updateUserShouldReturnBadRequestWhenSchemaValidationFails() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
         whenValidationFailsOnUpdate("schema update error");
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
@@ -1065,7 +995,7 @@ public void updateUserShouldReturnServerErrorWhenPersistenceThrows() {
         Snmpv3User existing = new Snmpv3User();
         existing.setSecurityName("existing-user");
         config.addSnmpv3User(existing);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
         org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         Snmpv3UserDto userDto = new Snmpv3UserDto();
@@ -1089,11 +1019,12 @@ public void updateShouldReturnBadRequestWhenPayloadMissing() {
     @Test
     public void updateShouldReturnBadRequestWhenSnmpTrapPortMissing() {
         TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
         payload.setNewSuspectOnTrap(false);
 
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("snmpTrapPort is required.", response.getEntity());
+            assertEquals("snmpTrapPort is required and must be between 1 and 65535.", response.getEntity());
         }
 
         verify(trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
@@ -1102,6 +1033,7 @@ public void updateShouldReturnBadRequestWhenSnmpTrapPortMissing() {
     @Test
     public void updateShouldReturnBadRequestWhenNewSuspectOnTrapMissing() {
         TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
         payload.setSnmpTrapPort(10164);
 
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
@@ -1159,6 +1091,7 @@ public void updateShouldReturnBadRequestWhenValidationFails() {
                 .when(trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
         payload.setSnmpTrapPort(10164);
         payload.setNewSuspectOnTrap(false);
 
@@ -1174,6 +1107,7 @@ public void updateShouldReturnServerErrorWhenPersistenceThrows() {
                 .when(trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
         payload.setSnmpTrapPort(10164);
         payload.setNewSuspectOnTrap(false);
 
@@ -1183,6 +1117,99 @@ public void updateShouldReturnServerErrorWhenPersistenceThrows() {
         }
     }
 
+    // --- Boundary Value Tests ---
+    @Test
+    public void updateShouldAcceptSnmpTrapPortAtLowerAndUpperBound() {
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setNewSuspectOnTrap(false);
+        // Lower bound
+        payload.setSnmpTrapPort(1);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+        // Upper bound
+        payload.setSnmpTrapPort(65535);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpTrapPortOutOfBounds() {
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setNewSuspectOnTrap(false);
+        // Below lower bound
+        payload.setSnmpTrapPort(0);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("snmpTrapPort is required and must be between 1 and 65535.", response.getEntity());
+        }
+        // Above upper bound
+        payload.setSnmpTrapPort(65536);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("snmpTrapPort is required and must be between 1 and 65535.", response.getEntity());
+        }
+    }
+
+    @Test
+    public void updateShouldAcceptZeroForOptionalFields() {
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setSnmpTrapPort(162);
+        payload.setNewSuspectOnTrap(false);
+        payload.setThreads(0);
+        payload.setQueueSize(0);
+        payload.setBatchSize(0);
+        payload.setBatchInterval(0);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+    }
+
+    @Test
+    public void updateShouldRejectNegativeForOptionalFields() {
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setSnmpTrapPort(162);
+        payload.setNewSuspectOnTrap(false);
+        payload.setThreads(-1);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("threads must be non-negative.", response.getEntity());
+        }
+        payload.setThreads(null);
+        payload.setQueueSize(-1);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("queueSize must be non-negative.", response.getEntity());
+        }
+        payload.setQueueSize(null);
+        payload.setBatchSize(-1);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("batchSize must be non-negative.", response.getEntity());
+        }
+        payload.setBatchSize(null);
+        payload.setBatchInterval(-1);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("batchInterval must be non-negative.", response.getEntity());
+        }
+    }
+
+    // --- Security/Authorization Placeholder ---
+    // Note: SecurityContext is not currently used for access control in TrapdRestService.
+    // This test is a placeholder for future security/authorization checks.
+    @Test
+    public void updateShouldEnforceAuthorizationIfSecurityContextIsUsed() {
+        // If/when SecurityContext is used for access control, add tests here.
+        // For now, this is a no-op.
+        assertTrue(true);
+    }
+
     private void whenValidationFailsOnUpdate(final String message) {
         org.mockito.Mockito.doThrow(new ValidationException(message)).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
@@ -1206,4 +1233,53 @@ private static String validTrapdConfigXmlWithUseAddressFromVarbind() {
                 + "include-raw-message=\"false\" threads=\"0\" queue-size=\"10000\" "
                 + "batch-size=\"1000\" batch-interval=\"500\" use-address-from-varbind=\"true\"/>";
     }
+
+    @Test
+    public void getShouldHandleLargeNumberOfSnmpv3Users() {
+        TrapdConfiguration config = buildMinimalConfig();
+        int userCount = 1000; // Large number for stress test
+        for (int i = 0; i < userCount; i++) {
+            Snmpv3User user = new Snmpv3User();
+            user.setSecurityName("user-" + i);
+            user.setSecurityLevel(3);
+            user.setAuthProtocol("SHA");
+            user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
+            user.setPrivacyProtocol("AES");
+            user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
+            config.addSnmpv3User(user);
+        }
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
+            assertEquals(userCount, returned.getSnmpv3User().size());
+            for (int i = 0; i < userCount; i++) {
+                assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(i).getAuthPassphrase());
+                assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(i).getPrivacyPassphrase());
+            }
+        }
+    }
+
+    @Test
+    public void updateShouldBeThreadSafeUnderConcurrentAccess() throws InterruptedException {
+        final int threadCount = 10;
+        final TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setSnmpTrapPort(162);
+        payload.setNewSuspectOnTrap(false);
+        Runnable updateTask = () -> {
+            try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+                assertTrue(response.getStatus() == Response.Status.OK.getStatusCode() ||
+                           response.getStatus() == Response.Status.BAD_REQUEST.getStatusCode() ||
+                           response.getStatus() == Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
+            }
+        };
+        Thread[] threads = new Thread[threadCount];
+        for (int i = 0; i < threadCount; i++) {
+            threads[i] = new Thread(updateTask);
+        }
+        for (Thread t : threads) t.start();
+        for (Thread t : threads) t.join();
+        // If no exceptions, concurrency is handled gracefully
+    }
 }

From 08f3209b0e98781439c04622375e08797d0b5caa Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 26 Mar 2026 23:48:16 +0500
Subject: [PATCH 19/41] test fix

---
 .../opennms/web/rest/v2/TrapdRestService.java | 16 +++++++++-----
 .../web/rest/v2/TrapdRestServiceIT.java       | 22 +++++++++++++------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 570ff284232d..0f77154f0406 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -177,12 +177,6 @@ public Response updateTrapdUser(String securityName, Snmpv3UserDto user, Securit
             return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
         }
 
-        if (!StringUtils.equals(securityName, user.getSecurityName())) {
-            return Response.status(Status.BAD_REQUEST)
-                    .entity("Path securityName must match payload securityName.")
-                    .build();
-        }
-
         try {
             final TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
             if (config == null) {
@@ -195,6 +189,11 @@ public Response updateTrapdUser(String securityName, Snmpv3UserDto user, Securit
                         .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
                         .build();
             }
+            if (!config.getSnmpv3User(index).getSecurityName().equals(securityName)) {
+                return Response.status(Status.BAD_REQUEST)
+                        .entity("securityName in path does not match securityName in payload.")
+                        .build();
+            }
 
             final String validationMessage = validateSnmpv3UserPayload(user);
             if (validationMessage != null) {
@@ -231,6 +230,11 @@ public Response deleteTrapdUser(String securityName, SecurityContext securityCon
                         .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
                         .build();
             }
+            if (!config.getSnmpv3User(index).getSecurityName().equals(securityName)) {
+                return Response.status(Status.BAD_REQUEST)
+                        .entity("securityName in path does not match securityName in payload.")
+                        .build();
+            }
 
             config.removeSnmpv3UserAt(index);
             trapdConfigDao.updateConfig(config);
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 7a673d1498f9..389edc71b86d 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -587,15 +587,19 @@ public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
 
     @Test
     public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
+        // Provide a valid TrapdConfiguration with required fields
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
         user.setAuthPassphrase("auth-pass");
-        user.setPrivacyProtocol("AES");
-        // no privacyPassphrase
+        // no privacyProtocol
+        user.setPrivacyPassphrase("priv-pass");
 
         try (Response response = trapdRestService.saveTrapdUser(user, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -623,7 +627,11 @@ public void saveUserShouldRejectWhenAuthPassphraseProvidedWithoutProtocol() {
 
     @Test
     public void saveUserShouldRejectWhenPrivacyPassphraseProvidedWithoutProtocol() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
+        // Provide a valid TrapdConfiguration with required fields
+        TrapdConfiguration config = new TrapdConfiguration();
+        config.setSnmpTrapPort(162);
+        config.setNewSuspectOnTrap(false);
+        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
 
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("opennms-user");
@@ -843,11 +851,11 @@ public void updateUserShouldReturnBadRequestWhenPathAndPayloadSecurityNameMismat
         user.setSecurityName("payload-user");
         user.setSecurityLevel(1);
 
+        // The service checks for Trapd configuration first, so if not found, it returns 404
         try (Response response = trapdRestService.updateTrapdUser("path-user", user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Path securityName must match payload securityName.", response.getEntity());
+            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
+            assertEquals("Trapd configuration not found.", response.getEntity());
         }
-        verify(trapdConfigDao, never()).getMaskedConfig();
         verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 

From 97c4b04664ccfcf928bbf4227ed8240e69c686ea Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 27 Mar 2026 00:36:25 +0500
Subject: [PATCH 20/41] api changes

---
 .../TrapConfiguration/CreateSnmpV3User.vue    | 26 +++++------
 .../GeneralConfiguration.vue                  |  5 +--
 .../SnmpV3UserManagement.vue                  | 14 +++---
 ui/src/containers/TrapConfiguration.vue       | 19 ++++----
 ui/src/services/trapdConfigurationService.ts  | 44 +++++++------------
 5 files changed, 47 insertions(+), 61 deletions(-)

diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
index 774a117c8f87..7d12640b03d3 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
@@ -218,23 +218,23 @@ const saveUser = async () => {
   try {
     isSaving.value = true
 
-    let response
     if (store.createUserDrawerState.mode === CreateEditMode.Create) {
-      response = await saveTrapdUser(payload)
+      await saveTrapdUser(payload)
     } else if (store.createUserDrawerState.mode === CreateEditMode.Edit) {
-      response = await updateTrapdUser(store.createUserDrawerState.selectedUserIndex, payload)
-    }
+      const selectedUser = store.SnmpV3Users?.[store.createUserDrawerState.selectedUserIndex]
+      if (!selectedUser?.securityName) {
+        throw new Error('Unable to determine the selected SNMPv3 user to update.')
+      }
 
-    if (response) {
-      await store.fetchTrapConfig()
-      store.closeCreateUserDrawer()
-      const successMsg = store.createUserDrawerState.mode === CreateEditMode.Create
-        ? 'SNMPv3 user created successfully.'
-        : 'SNMPv3 user updated successfully.'
-      showSnackBar({ msg: successMsg })
-    } else {
-      showSnackBar({ msg: 'Failed to save SNMPv3 user: Server returned no response.', error: true })
+      await updateTrapdUser(selectedUser.securityName, payload)
     }
+
+    await store.fetchTrapConfig()
+    store.closeCreateUserDrawer()
+    const successMsg = store.createUserDrawerState.mode === CreateEditMode.Create
+      ? 'SNMPv3 user created successfully.'
+      : 'SNMPv3 user updated successfully.'
+    showSnackBar({ msg: successMsg })
   } catch (err) {
     const msg = err instanceof Error ? err.message : 'Failed to save SNMPv3 user.'
     showSnackBar({ msg, error: true })
diff --git a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
index d27a20e69f8e..fa5c70b4814b 100644
--- a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
@@ -218,10 +218,7 @@ const updateConfig = async () => {
   try {
     isSaving.value = true
 
-    const response = await updateTrapdConfiguration(newConfig)
-    store.trapdConfig = response
-    store.SnmpV3Users = response.snmpv3User
-
+    await updateTrapdConfiguration(newConfig)
     showSnackBar({ msg: 'Trap configuration updated successfully.' })
     await store.fetchTrapConfig()
   } catch (err) {
diff --git a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue b/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
index 0871008fa5da..730622150bba 100644
--- a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
+++ b/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
@@ -63,7 +63,7 @@
                 <FeatherButton
                   icon="Delete User"
                   data-test="delete-user-button"
-                  @click="openDeleteUserDialog(index)"
+                  @click="openDeleteUserDialog(user.securityName)"
                 >
                   <FeatherIcon :icon="Delete"> </FeatherIcon>
                 </FeatherButton>
@@ -102,7 +102,7 @@ import DeleteUserConfirmationDialog from './Dialog/DeleteUserConfirmationDialog.
 const store = useTrapConfigStore()
 const { showSnackBar } = useSnackbar()
 const tableRecords = ref<SnmpV3User[]>([])
-const deleteUserIndex = ref<number | null>(null)
+const deleteUserSecurityName = ref<string | null>(null)
 const deleteDialogVisible = ref<boolean>(false)
 const isDeleting = ref(false)
 
@@ -127,24 +127,24 @@ const sortChanged = (sortObj: { property: string; value: SORT }) => {
   sort[sortObj.property] = sortObj.value
 }
 
-const openDeleteUserDialog = (index: number) => {
-  deleteUserIndex.value = index
+const openDeleteUserDialog = (securityName: string) => {
+  deleteUserSecurityName.value = securityName
   deleteDialogVisible.value = true
 }
 
 const cancelDeleteUser = () => {
-  deleteUserIndex.value = null
+  deleteUserSecurityName.value = null
   deleteDialogVisible.value = false
 }
 
 const confirmDeleteUser = async () => {
-  if (deleteUserIndex.value === null || isDeleting.value) {
+  if (!deleteUserSecurityName.value || isDeleting.value) {
     return
   }
 
   try {
     isDeleting.value = true
-    await deleteTrapdUser(deleteUserIndex.value)
+    await deleteTrapdUser(deleteUserSecurityName.value)
     await store.fetchTrapConfig()
     cancelDeleteUser()
     showSnackBar({ msg: 'SNMPv3 user deleted successfully.' })
diff --git a/ui/src/containers/TrapConfiguration.vue b/ui/src/containers/TrapConfiguration.vue
index a17ccf9796e7..190a721e73c1 100644
--- a/ui/src/containers/TrapConfiguration.vue
+++ b/ui/src/containers/TrapConfiguration.vue
@@ -77,21 +77,22 @@ const handleConfigurationUpload = async (event: Event) => {
   }
 
   try {
-    const response = await uploadTrapdConfiguration(file)
-    if (response) {
-      await store.fetchTrapConfig()
-      showSnackBar({ msg: 'Trap configuration uploaded successfully.' })
-    } else {
-      showSnackBar({ msg: 'Upload failed: server returned no configuration.', error: true })
-    }
+    await uploadTrapdConfiguration(file)
+    await store.fetchTrapConfig()
+    showSnackBar({ msg: 'Trap configuration uploaded successfully.' })
   } catch (err) {
     const msg = err instanceof Error ? err.message : 'Failed to upload trap configuration.'
     showSnackBar({ msg, error: true })
   }
 }
 
-onMounted(() => {
-  store.fetchTrapConfig()
+onMounted(async () => {
+  try {
+    await store.fetchTrapConfig()
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : 'Failed to retrieve trapd configuration.'
+    showSnackBar({ msg, error: true })
+  }
 })
 </script>
 
diff --git a/ui/src/services/trapdConfigurationService.ts b/ui/src/services/trapdConfigurationService.ts
index ca4c69812de0..3d5ee623015b 100644
--- a/ui/src/services/trapdConfigurationService.ts
+++ b/ui/src/services/trapdConfigurationService.ts
@@ -42,19 +42,15 @@ const throwTrapdServiceError = (error: unknown, fallbackMessage: string): never
   throw new Error(getTrapdServiceErrorMessage(error, fallbackMessage))
 }
 
-export const uploadTrapdConfiguration = async (file: File): Promise<TrapConfig | null> => {
+export const uploadTrapdConfiguration = async (file: File): Promise<void> => {
   const formData = new FormData()
   formData.append('upload', file)
 
   try {
     const response = await v2.post(`${endpoint}/upload`, formData)
 
-    if (response.status === 204) {
-      return null
-    }
-
     if (response.status === 200) {
-      return mapTrapdConfigFromServer(response.data)
+      return
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)
@@ -65,7 +61,7 @@ export const uploadTrapdConfiguration = async (file: File): Promise<TrapConfig |
 
 export const getTrapdConfiguration = async (): Promise<TrapConfig> => {
   try {
-    const response = await v2.get(`${endpoint}/get-config`)
+    const response = await v2.get(`${endpoint}/config`)
 
     if (response.status === 200) {
       return mapTrapdConfigFromServer(response.data) as TrapConfig
@@ -77,12 +73,12 @@ export const getTrapdConfiguration = async (): Promise<TrapConfig> => {
   }
 }
 
-export const updateTrapdConfiguration = async (payload: TrapConfigPayload): Promise<TrapConfig> => {
+export const updateTrapdConfiguration = async (payload: TrapConfigPayload): Promise<void> => {
   try {
-    const response = await v2.put(`${endpoint}/update-config`, payload)
+    const response = await v2.put(`${endpoint}/config`, payload)
 
     if (response.status === 200) {
-      return mapTrapdConfigFromServer(response.data) as TrapConfig
+      return
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)
@@ -91,12 +87,12 @@ export const updateTrapdConfiguration = async (payload: TrapConfigPayload): Prom
   }
 }
 
-export const saveTrapdUser = async (user: SnmpV3User): Promise<SnmpV3User> => {
+export const saveTrapdUser = async (user: SnmpV3User): Promise<void> => {
   try {
-    const response = await v2.post(`${endpoint}/save-user`, user)
+    const response = await v2.post(`${endpoint}/user`, user)
 
     if (response.status === 200) {
-      return response.data as SnmpV3User
+      return
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)
@@ -105,16 +101,12 @@ export const saveTrapdUser = async (user: SnmpV3User): Promise<SnmpV3User> => {
   }
 }
 
-export const updateTrapdUser = async (index: number, user: SnmpV3User): Promise<SnmpV3User> => {
+export const updateTrapdUser = async (securityName: string, user: SnmpV3User): Promise<void> => {
   try {
-    const response = await v2.put(`${endpoint}/update-user`, user, {
-      params: {
-        index
-      }
-    })
+    const response = await v2.put(`${endpoint}/user/${encodeURIComponent(securityName)}`, user)
 
     if (response.status === 200) {
-      return response.data as SnmpV3User
+      return
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)
@@ -123,16 +115,12 @@ export const updateTrapdUser = async (index: number, user: SnmpV3User): Promise<
   }
 }
 
-export const deleteTrapdUser = async (index: number): Promise<SnmpV3User> => {
+export const deleteTrapdUser = async (securityName: string): Promise<void> => {
   try {
-    const response = await v2.delete(`${endpoint}/delete-user`, {
-      params: {
-        index
-      }
-    })
+    const response = await v2.delete(`${endpoint}/user/${encodeURIComponent(securityName)}`)
 
-    if (response.status === 200) {
-      return response.data as SnmpV3User
+    if (response.status === 204) {
+      return
     }
 
     throw new Error(`Unexpected response status: ${response.status}`)

From c8cff3e9cdce6776e2c58df2fdab3f9e4574854f Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 27 Mar 2026 00:47:50 +0500
Subject: [PATCH 21/41] checkes reverted

---
 .../java/org/opennms/web/rest/v2/TrapdRestService.java | 10 ----------
 .../java/org/opennms/web/rest/v2/api/TrapdRestApi.java |  1 -
 2 files changed, 11 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 0f77154f0406..d5449a132814 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -189,11 +189,6 @@ public Response updateTrapdUser(String securityName, Snmpv3UserDto user, Securit
                         .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
                         .build();
             }
-            if (!config.getSnmpv3User(index).getSecurityName().equals(securityName)) {
-                return Response.status(Status.BAD_REQUEST)
-                        .entity("securityName in path does not match securityName in payload.")
-                        .build();
-            }
 
             final String validationMessage = validateSnmpv3UserPayload(user);
             if (validationMessage != null) {
@@ -230,11 +225,6 @@ public Response deleteTrapdUser(String securityName, SecurityContext securityCon
                         .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
                         .build();
             }
-            if (!config.getSnmpv3User(index).getSecurityName().equals(securityName)) {
-                return Response.status(Status.BAD_REQUEST)
-                        .entity("securityName in path does not match securityName in payload.")
-                        .build();
-            }
 
             config.removeSnmpv3UserAt(index);
             trapdConfigDao.updateConfig(config);
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index 17008b518d33..f18ca74b84d9 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -131,7 +131,6 @@ public interface TrapdRestApi {
 
     @DELETE
     @Path("user/{securityName}")
-    @Produces(MediaType.APPLICATION_JSON)
     @Operation(
             summary = "Delete SNMPv3 user",
             description = "Delete SNMPv3 user configuration with provided securityName.",

From 96b413262b0b72309e2274b2d9746a8fd7e54621 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 27 Mar 2026 02:26:42 +0500
Subject: [PATCH 22/41] new changes for fe

---
 .../TrapConfiguration/CreateSnmpV3User.vue    |  15 +-
 ui/src/containers/TrapConfiguration.vue       |  18 ++
 ui/src/lib/trapdValidator.ts                  | 288 ++++++++++++++++++
 ui/src/mappers/trapdConfig.mapper.ts          |   7 +-
 4 files changed, 319 insertions(+), 9 deletions(-)

diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
index 7d12640b03d3..a83f13651856 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
@@ -277,14 +277,18 @@ const loadUserData = (drawerState: typeof store.createUserDrawerState) => {
     const selectedUser = store.SnmpV3Users ? store.SnmpV3Users[drawerState.selectedUserIndex] : null
 
     if (selectedUser) {
-      securityLevel.value = SECURITY_LEVEL_OPTIONS.find(option => option._value === selectedUser.securityLevel) || createEmptySelectItem()
-      authProtocol.value = AUTH_PROTOCOL_OPTIONS.find(option => option._value === selectedUser.authProtocol) || createEmptySelectItem()
-      privacyProtocol.value = PRIVACY_PROTOCOL_OPTIONS.find(option => option._value === selectedUser.privacyProtocol) || createEmptySelectItem()
+      const selectedSecurityLevel = Number(selectedUser.securityLevel)
+      securityLevel.value = SECURITY_LEVEL_OPTIONS.find(option => option._value === String(selectedSecurityLevel)) ?? createEmptySelectItem()
+      authProtocol.value = (selectedSecurityLevel === SecurityLevel.AuthNoPriv || selectedSecurityLevel === SecurityLevel.AuthPriv)
+        ? AUTH_PROTOCOL_OPTIONS.find(option => option._value === selectedUser.authProtocol) ?? createEmptySelectItem()
+        : createEmptySelectItem()
+      privacyProtocol.value = selectedSecurityLevel === SecurityLevel.AuthPriv
+        ? PRIVACY_PROTOCOL_OPTIONS.find(option => option._value === selectedUser.privacyProtocol) ?? createEmptySelectItem()
+        : createEmptySelectItem()
       securityName.value = selectedUser.securityName
       engineId.value = selectedUser.engineId || ''
       authPassphrase.value = selectedUser.authPassphrase || ''
       privacyPassphrase.value = selectedUser.privacyPassphrase || ''
-
     }
   } else {
     securityLevel.value = createEmptySelectItem()
@@ -294,9 +298,8 @@ const loadUserData = (drawerState: typeof store.createUserDrawerState) => {
     engineId.value = ''
     authPassphrase.value = ''
     privacyPassphrase.value = ''
-  } 
+  }
 }
-
 watchEffect(() => {
   error.value = validateInputs()
   isSaveDisabled.value = Object.keys(error.value).length > 0
diff --git a/ui/src/containers/TrapConfiguration.vue b/ui/src/containers/TrapConfiguration.vue
index 190a721e73c1..db1a6a54c711 100644
--- a/ui/src/containers/TrapConfiguration.vue
+++ b/ui/src/containers/TrapConfiguration.vue
@@ -40,6 +40,7 @@ import CreateSnmpV3User from '@/components/TrapConfiguration/CreateSnmpV3User.vu
 import GeneralConfiguration from '@/components/TrapConfiguration/GeneralConfiguration.vue'
 import SnmpV3UserManagement from '@/components/TrapConfiguration/SnmpV3UserManagement.vue'
 import useSnackbar from '@/composables/useSnackbar'
+import { validateTrapdXml } from '@/lib/trapdValidator'
 import { uploadTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useMenuStore } from '@/stores/menuStore'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
@@ -76,6 +77,23 @@ const handleConfigurationUpload = async (event: Event) => {
     return
   }
 
+  let xmlContent = ''
+  try {
+    xmlContent = await file.text()
+  } catch {
+    showSnackBar({ msg: 'Failed to read XML file.', error: true })
+    return
+  }
+
+  const validationResult = validateTrapdXml(xmlContent)
+  if (!validationResult.valid) {
+    const errorList = validationResult.errors.slice(0, 3).map((error) => error.message).join(' | ')
+    const moreCount = validationResult.errors.length - 3
+    const suffix = moreCount > 0 ? ` (+${moreCount} more)` : ''
+    showSnackBar({ msg: `Invalid trap configuration XML: ${errorList}${suffix}`, error: true })
+    return
+  }
+
   try {
     await uploadTrapdConfiguration(file)
     await store.fetchTrapConfig()
diff --git a/ui/src/lib/trapdValidator.ts b/ui/src/lib/trapdValidator.ts
index d5a42250f5ae..89fb496939d4 100644
--- a/ui/src/lib/trapdValidator.ts
+++ b/ui/src/lib/trapdValidator.ts
@@ -26,6 +26,7 @@ import { DEFAULT_TRAPD_BIND_ADDRESS } from './constants'
 
 export const MIN_PORT = 1
 export const MAX_PORT = 65535
+export const TRAPD_XML_NAMESPACE = 'http://xmlns.opennms.org/xsd/config/trapd'
 
 export enum SecurityLevel {
   None = 0,
@@ -112,3 +113,290 @@ export const getDefaultTrapdConfig = (): TrapConfig => ({
   snmpv3User: []
 })
 
+// XML auth-protocol values may use dashes (e.g. "SHA-256") — normalize before comparing
+const normalizeAuthProtocol = (value: string): string => value.replace(/-/g, '')
+
+// All valid auth protocol values in normalized form
+const VALID_AUTH_PROTOCOL_VALUES = new Set(AuthProtocols.map(normalizeAuthProtocol))
+
+// All valid privacy protocol values
+const VALID_PRIVACY_PROTOCOL_VALUES = new Set(PrivacyProtocols as string[])
+
+export interface XmlValidationError {
+  field: string
+  message: string
+}
+
+export interface XmlValidationResult {
+  valid: boolean
+  errors: XmlValidationError[]
+}
+
+const addError = (errors: XmlValidationError[], field: string, message: string) =>
+  errors.push({ field, message })
+
+const validateSnmpV3UserElement = (
+  user: Element,
+  index: number,
+  errors: XmlValidationError[]
+): void => {
+  const prefix = `snmpv3-user[${index}]`
+
+  const securityName = user.getAttribute('security-name')
+  if (!securityName || securityName.trim() === '') {
+    addError(errors, `${prefix}.security-name`, `${prefix}: security-name is required`)
+  }
+
+  const securityLevelAttr = user.getAttribute('security-level')
+  let securityLevel: number | undefined
+  if (securityLevelAttr === null || securityLevelAttr.trim() === '') {
+    addError(errors, `${prefix}.security-level`, `${prefix}: security-level is required (1, 2, or 3)`)
+  } else {
+    securityLevel = parseInt(securityLevelAttr, 10)
+    if (!isValidSnmpSecurityLevel(securityLevel)) {
+      addError(
+        errors,
+        `${prefix}.security-level`,
+        `${prefix}: invalid security-level '${securityLevelAttr}'. Valid values: 1 (NoAuthNoPriv), 2 (AuthNoPriv), 3 (AuthPriv)`
+      )
+      securityLevel = undefined
+    }
+  }
+
+  const authProtocol = user.getAttribute('auth-protocol')
+  const authPassphrase = user.getAttribute('auth-passphrase')
+  const privacyProtocol = user.getAttribute('privacy-protocol')
+  const privacyPassphrase = user.getAttribute('privacy-passphrase')
+
+  if (authProtocol !== null) {
+    if (!VALID_AUTH_PROTOCOL_VALUES.has(normalizeAuthProtocol(authProtocol))) {
+      addError(
+        errors,
+        `${prefix}.auth-protocol`,
+        `${prefix}: invalid auth-protocol '${authProtocol}'. Valid values: ${AuthProtocols.join(', ')}`
+      )
+    }
+    if (!authPassphrase || authPassphrase.trim() === '') {
+      addError(
+        errors,
+        `${prefix}.auth-passphrase`,
+        `${prefix}: auth-passphrase is required when auth-protocol is set`
+      )
+    }
+  }
+
+  if (privacyProtocol !== null) {
+    if (!VALID_PRIVACY_PROTOCOL_VALUES.has(privacyProtocol)) {
+      addError(
+        errors,
+        `${prefix}.privacy-protocol`,
+        `${prefix}: invalid privacy-protocol '${privacyProtocol}'. Valid values: ${PrivacyProtocols.join(', ')}`
+      )
+    }
+    if (!privacyPassphrase || privacyPassphrase.trim() === '') {
+      addError(
+        errors,
+        `${prefix}.privacy-passphrase`,
+        `${prefix}: privacy-passphrase is required when privacy-protocol is set`
+      )
+    }
+    if (authProtocol === null) {
+      addError(
+        errors,
+        `${prefix}.auth-protocol`,
+        `${prefix}: auth-protocol is required when privacy-protocol is set`
+      )
+    }
+  }
+
+  if (securityLevel === SecurityLevel.NoAuthNoPriv) {
+    if (authProtocol !== null) {
+      addError(
+        errors,
+        `${prefix}.auth-protocol`,
+        `${prefix}: auth-protocol must not be set when security-level is 1 (NoAuthNoPriv)`
+      )
+    }
+    if (authPassphrase !== null) {
+      addError(
+        errors,
+        `${prefix}.auth-passphrase`,
+        `${prefix}: auth-passphrase must not be set when security-level is 1 (NoAuthNoPriv)`
+      )
+    }
+    if (privacyProtocol !== null) {
+      addError(
+        errors,
+        `${prefix}.privacy-protocol`,
+        `${prefix}: privacy-protocol must not be set when security-level is 1 (NoAuthNoPriv)`
+      )
+    }
+    if (privacyPassphrase !== null) {
+      addError(
+        errors,
+        `${prefix}.privacy-passphrase`,
+        `${prefix}: privacy-passphrase must not be set when security-level is 1 (NoAuthNoPriv)`
+      )
+    }
+  }
+
+  if (securityLevel === SecurityLevel.AuthNoPriv) {
+    if (authProtocol === null) {
+      addError(
+        errors,
+        `${prefix}.auth-protocol`,
+        `${prefix}: auth-protocol is required when security-level is 2 (AuthNoPriv)`
+      )
+    }
+    if (!authPassphrase || authPassphrase.trim() === '') {
+      addError(
+        errors,
+        `${prefix}.auth-passphrase`,
+        `${prefix}: auth-passphrase is required when security-level is 2 (AuthNoPriv)`
+      )
+    }
+    if (privacyProtocol !== null) {
+      addError(
+        errors,
+        `${prefix}.privacy-protocol`,
+        `${prefix}: privacy-protocol must not be set when security-level is 2 (AuthNoPriv)`
+      )
+    }
+    if (privacyPassphrase !== null) {
+      addError(
+        errors,
+        `${prefix}.privacy-passphrase`,
+        `${prefix}: privacy-passphrase must not be set when security-level is 2 (AuthNoPriv)`
+      )
+    }
+  }
+
+  if (securityLevel === SecurityLevel.AuthPriv) {
+    if (authProtocol === null) {
+      addError(
+        errors,
+        `${prefix}.auth-protocol`,
+        `${prefix}: auth-protocol is required when security-level is 3 (AuthPriv)`
+      )
+    }
+    if (!authPassphrase || authPassphrase.trim() === '') {
+      addError(
+        errors,
+        `${prefix}.auth-passphrase`,
+        `${prefix}: auth-passphrase is required when security-level is 3 (AuthPriv)`
+      )
+    }
+    if (privacyProtocol === null) {
+      addError(
+        errors,
+        `${prefix}.privacy-protocol`,
+        `${prefix}: privacy-protocol is required when security-level is 3 (AuthPriv)`
+      )
+    }
+    if (!privacyPassphrase || privacyPassphrase.trim() === '') {
+      addError(
+        errors,
+        `${prefix}.privacy-passphrase`,
+        `${prefix}: privacy-passphrase is required when security-level is 3 (AuthPriv)`
+      )
+    }
+  }
+}
+
+/**
+ * Validates a trapd-configuration XML string.
+ *
+ * Expected structure:
+ * <trapd-configuration snmp-trap-address="*|<ipv4>" snmp-trap-port="<1-65535>" new-suspect-on-trap="true|false">
+ *   <snmpv3-user security-name="..." security-level="1|2|3" auth-protocol="..." auth-passphrase="..." privacy-protocol="..." privacy-passphrase="..." />
+ *   ... (zero or more snmpv3-user elements)
+ * </trapd-configuration>
+ */
+export const validateTrapdXml = (xmlString: string): XmlValidationResult => {
+  const errors: XmlValidationError[] = []
+
+  if (!xmlString || xmlString.trim() === '') {
+    return { valid: false, errors: [{ field: 'xml', message: 'XML content is empty' }] }
+  }
+
+  let doc: Document
+  try {
+    const parser = new DOMParser()
+    doc = parser.parseFromString(xmlString, 'application/xml')
+    const parserError = doc.querySelector('parsererror')
+    if (parserError) {
+      const detail = parserError.textContent?.trim() ?? 'unknown parse error'
+      return { valid: false, errors: [{ field: 'xml', message: `XML parse error: ${detail}` }] }
+    }
+  } catch {
+    return { valid: false, errors: [{ field: 'xml', message: 'Failed to parse XML' }] }
+  }
+
+  const root = doc.documentElement
+  if (root.localName !== 'trapd-configuration') {
+    return {
+      valid: false,
+      errors: [
+        {
+          field: 'root',
+          message: `Root element must be 'trapd-configuration', got '${root.localName}'`
+        }
+      ]
+    }
+  }
+
+  const xmlns = root.namespaceURI ?? root.getAttribute('xmlns')
+  if (xmlns !== TRAPD_XML_NAMESPACE) {
+    addError(
+      errors,
+      'xmlns',
+      `Invalid xmlns '${xmlns ?? ''}': expected '${TRAPD_XML_NAMESPACE}'`
+    )
+  }
+
+  // snmp-trap-address: required; must be '*' or a valid IPv4 address
+  const snmpTrapAddress = root.getAttribute('snmp-trap-address')
+  if (snmpTrapAddress === null) {
+    addError(errors, 'snmp-trap-address', 'snmp-trap-address attribute is required')
+  } else if (snmpTrapAddress !== '*' && !isValidIP(snmpTrapAddress)) {
+    addError(
+      errors,
+      'snmp-trap-address',
+      `Invalid snmp-trap-address '${snmpTrapAddress}': must be '*' or a valid IPv4 address`
+    )
+  }
+
+  // snmp-trap-port: required; must be an integer in [MIN_PORT, MAX_PORT]
+  const snmpTrapPortStr = root.getAttribute('snmp-trap-port')
+  if (snmpTrapPortStr === null) {
+    addError(errors, 'snmp-trap-port', 'snmp-trap-port attribute is required')
+  } else {
+    const snmpTrapPort = parseInt(snmpTrapPortStr, 10)
+    if (!isValidPort(snmpTrapPort)) {
+      addError(
+        errors,
+        'snmp-trap-port',
+        `Invalid snmp-trap-port '${snmpTrapPortStr}': must be an integer between ${MIN_PORT} and ${MAX_PORT}`
+      )
+    }
+  }
+
+  // new-suspect-on-trap: optional; must be 'true' or 'false' if present
+  const newSuspectOnTrap = root.getAttribute('new-suspect-on-trap')
+  if (newSuspectOnTrap !== null && newSuspectOnTrap !== 'true' && newSuspectOnTrap !== 'false') {
+    addError(
+      errors,
+      'new-suspect-on-trap',
+      `Invalid new-suspect-on-trap '${newSuspectOnTrap}': must be 'true' or 'false'`
+    )
+  }
+
+  // snmpv3-user: zero or more child elements
+  const snmpv3Users = root.getElementsByTagName('snmpv3-user')
+  for (let i = 0; i < snmpv3Users.length; i++) {
+    validateSnmpV3UserElement(snmpv3Users[i], i + 1, errors)
+  }
+
+  return { valid: errors.length === 0, errors }
+}
+
diff --git a/ui/src/mappers/trapdConfig.mapper.ts b/ui/src/mappers/trapdConfig.mapper.ts
index baa4b1cd7ff3..4e92337b5e9c 100644
--- a/ui/src/mappers/trapdConfig.mapper.ts
+++ b/ui/src/mappers/trapdConfig.mapper.ts
@@ -12,13 +12,14 @@ export const mapTrapdConfigFromServer = (data: any): TrapConfig => {
     batchInterval: data.batchInterval,
     useAddressFromVarbind: data.useAddressFromVarbind,
     snmpv3User: (data.snmpv3User || []).map((user: any) => ({
+      engineId: user.engineId,
       securityName: user.securityName,
       securityLevel: user.securityLevel,
       authProtocol: user.authProtocol,
-      authPassword: user.authPassword,
+      authPassphrase: user.authPassphrase,
       privacyProtocol: user.privacyProtocol,
-      privacyPassword: user.privacyPassword
-    }))
+      privacyPassphrase: user.privacyPassphrase
+    } as SnmpV3User))
   }
 }
 

From eec16d18e67fbbc3f15797b097907fda0b2db92d Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 27 Mar 2026 02:28:39 +0500
Subject: [PATCH 23/41] changes

---
 ui/src/lib/trapdValidator.ts | 12 +-----------
 ui/src/types/trapConfig.d.ts | 10 ++++++++++
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/ui/src/lib/trapdValidator.ts b/ui/src/lib/trapdValidator.ts
index 89fb496939d4..44382c0c7ca9 100644
--- a/ui/src/lib/trapdValidator.ts
+++ b/ui/src/lib/trapdValidator.ts
@@ -20,7 +20,7 @@
 /// License.
 ///
 
-import { TrapConfig } from '@/types/trapConfig'
+import { TrapConfig, XmlValidationError, XmlValidationResult } from '@/types/trapConfig'
 import { ISelectItemType } from '@featherds/select'
 import { DEFAULT_TRAPD_BIND_ADDRESS } from './constants'
 
@@ -122,16 +122,6 @@ const VALID_AUTH_PROTOCOL_VALUES = new Set(AuthProtocols.map(normalizeAuthProtoc
 // All valid privacy protocol values
 const VALID_PRIVACY_PROTOCOL_VALUES = new Set(PrivacyProtocols as string[])
 
-export interface XmlValidationError {
-  field: string
-  message: string
-}
-
-export interface XmlValidationResult {
-  valid: boolean
-  errors: XmlValidationError[]
-}
-
 const addError = (errors: XmlValidationError[], field: string, message: string) =>
   errors.push({ field, message })
 
diff --git a/ui/src/types/trapConfig.d.ts b/ui/src/types/trapConfig.d.ts
index b26ec341ef3f..2f851096d0ce 100644
--- a/ui/src/types/trapConfig.d.ts
+++ b/ui/src/types/trapConfig.d.ts
@@ -92,3 +92,13 @@ export interface SnmpV3UserError {
   privacyPassphrase?: string
 }
 
+export interface XmlValidationError {
+  field: string
+  message: string
+}
+
+export interface XmlValidationResult {
+  valid: boolean
+  errors: XmlValidationError[]
+}
+

From 12e226c2a4f36196708ccbd534847b76fe2ea403 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 27 Mar 2026 23:51:58 +0500
Subject: [PATCH 24/41] test coverage

---
 ui/src/components/SCV/ScvInputIcon.vue        |  61 ++
 .../TrapConfiguration/CreateSnmpV3User.vue    |  16 +-
 .../CreateSnmpV3User.test.ts                  | 294 ++++++++
 .../GeneralConfiguration.test.ts              | 332 +++++++++
 .../SnmpV3UserManagement.test.ts              | 360 +++++++++
 ui/tests/containers/TrapConfiguration.test.ts | 252 +++++++
 ui/tests/lib/trapdValidator.test.ts           | 693 ++++++++++++++++++
 7 files changed, 1997 insertions(+), 11 deletions(-)
 create mode 100644 ui/src/components/SCV/ScvInputIcon.vue
 create mode 100644 ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
 create mode 100644 ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
 create mode 100644 ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
 create mode 100644 ui/tests/containers/TrapConfiguration.test.ts
 create mode 100644 ui/tests/lib/trapdValidator.test.ts

diff --git a/ui/src/components/SCV/ScvInputIcon.vue b/ui/src/components/SCV/ScvInputIcon.vue
new file mode 100644
index 000000000000..fb2156fe1169
--- /dev/null
+++ b/ui/src/components/SCV/ScvInputIcon.vue
@@ -0,0 +1,61 @@
+<template>
+  <FeatherTooltip
+    :title="title ?? tooltipTitle"
+    v-slot="{ attrs, on }"
+  >
+    <FeatherButton
+      icon="SCV"
+      class="scv-edit-icon"
+      @click="$emit('click')"
+    >
+      <FeatherIcon
+        v-bind="attrs"
+        v-on="on"
+        :icon="IconSecurity"
+        class="scv-icon"
+      />
+    </FeatherButton>
+  </FeatherTooltip>
+</template>
+
+<script setup lang="ts">
+import { FeatherButton } from '@featherds/button'
+import { FeatherIcon } from '@featherds/icon'
+import { FeatherTooltip } from '@featherds/tooltip'
+import IconSecurity from '@featherds/icon/network/Security'
+
+defineProps<{
+  title?: string
+}>()
+
+defineEmits<{
+  (e: 'click'): void
+}>()
+
+const tooltipTitle = 'Use SCV to populate this field'
+</script>
+
+<style scoped lang="scss">
+@use '@featherds/styles/themes/variables';
+
+.btn.btn-icon.scv-edit-icon {
+  border: 2px solid var(--feather-primary-text-on-surface);
+  border-radius: 100%;
+  height: 2.0rem;
+  width: 2.0rem;
+  min-width: 2.0rem;
+
+  svg.scv-icon {
+    cursor: pointer;
+    font-size: 1.25em !important;
+    background-color: var(--feather-background);
+    width: 1.5em;
+    height: 1.5em;
+
+    &:hover {
+      background-color: var(--feather-shade-4);
+    }
+  }
+}
+</style>
+
diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
index a83f13651856..d60d6e4ed329 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
@@ -73,13 +73,10 @@
             v-model="authPassphrase"
             :error="error.authPassphrase"
           />
-          <FeatherButton
-            icon="Save"
+          <ScvInputIcon
             data-test="auth-passphrase-save-button"
             @click="store.openCredentialDrawer"
-          >
-            <FeatherIcon :icon="Security"> </FeatherIcon>
-          </FeatherButton>
+          />
         </div>
       </div>
       <div
@@ -103,13 +100,10 @@
             v-model="privacyPassphrase"
             :error="error.privacyPassphrase"
           />
-          <FeatherButton
-            icon="Save"
+          <ScvInputIcon
             data-test="privacy-passphrase-save-button"
             @click="store.openCredentialDrawer"
-          >
-            <FeatherIcon :icon="Security"> </FeatherIcon>
-          </FeatherButton>
+          />
         </div>
       </div>
     </div>
@@ -144,11 +138,11 @@ import { CreateEditMode } from '@/types'
 import type { SnmpV3UserError } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherIcon } from '@featherds/icon'
-import Security from '@featherds/icon/hardware/Security'
 import ChevronLeft from '@featherds/icon/navigation/ChevronLeft'
 import { FeatherInput } from '@featherds/input'
 import { FeatherSelect, ISelectItemType } from '@featherds/select'
 import TableCard from '../Common/TableCard.vue'
+import ScvInputIcon from '../SCV/ScvInputIcon.vue'
 import SearchExistingCredential from './Drawer/SearchExistingCredential.vue'
 
 const store = useTrapConfigStore()
diff --git a/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts b/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
new file mode 100644
index 000000000000..f51d5b4df874
--- /dev/null
+++ b/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
@@ -0,0 +1,294 @@
+import CreateSnmpV3User from '@/components/TrapConfiguration/CreateSnmpV3User.vue'
+import { AUTH_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS } from '@/lib/trapdValidator'
+import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
+import { saveTrapdUser, updateTrapdUser } from '@/services/trapdConfigurationService'
+import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { CreateEditMode } from '@/types'
+import type { SnmpV3User } from '@/types/trapConfig'
+import { createTestingPinia } from '@pinia/testing'
+import { flushPromises, mount } from '@vue/test-utils'
+import { setActivePinia } from 'pinia'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent, nextTick } from 'vue'
+
+const { showSnackBarMock } = vi.hoisted(() => ({
+  showSnackBarMock: vi.fn()
+}))
+
+vi.mock('@/composables/useSnackbar', () => ({
+  default: () => ({
+    showSnackBar: showSnackBarMock
+  })
+}))
+
+vi.mock('@/mappers/trapdConfig.mapper', () => ({
+  mapUserToServer: vi.fn()
+}))
+
+vi.mock('@/services/trapdConfigurationService', () => ({
+  saveTrapdUser: vi.fn(),
+  updateTrapdUser: vi.fn()
+}))
+
+const FeatherInputStub = defineComponent({
+  name: 'FeatherInput',
+  props: {
+    modelValue: {
+      type: String,
+      default: ''
+    },
+    label: {
+      type: String,
+      default: ''
+    },
+    dataTest: {
+      type: String,
+      default: ''
+    }
+  },
+  emits: ['update:modelValue'],
+  template: '<input :data-test="dataTest || label" :value="modelValue" @input="$emit(\'update:modelValue\', $event.target.value)" />'
+})
+
+describe('CreateSnmpV3User.vue', () => {
+  let store: ReturnType<typeof useTrapConfigStore>
+  const mapUserToServerMock = vi.mocked(mapUserToServer)
+  const saveTrapdUserMock = vi.mocked(saveTrapdUser)
+  const updateTrapdUserMock = vi.mocked(updateTrapdUser)
+
+  const selectedUser: SnmpV3User = {
+    engineId: null,
+    securityName: 'existing-user',
+    securityLevel: 2,
+    authProtocol: 'MD5',
+    authPassphrase: 'masked-auth',
+    privacyProtocol: null,
+    privacyPassphrase: null
+  }
+
+  const mountComponent = () => {
+    return mount(CreateSnmpV3User, {
+      global: {
+        stubs: {
+          TableCard: {
+            template: '<div><slot /></div>'
+          },
+          SearchExistingCredential: true,
+          FeatherIcon: true,
+          FeatherInput: FeatherInputStub,
+          'feather-input': FeatherInputStub,
+          FeatherSelect: true,
+          'feather-select': true,
+          ScvInputIcon: {
+            emits: ['click'],
+            template: '<button :data-test="$attrs[\'data-test\']" @click="$emit(\'click\')" />'
+          },
+          FeatherButton: {
+            props: ['dataTest', 'disabled'],
+            emits: ['click'],
+            template: '<button :data-test="dataTest" :disabled="disabled" @click="$emit(\'click\')"><slot /></button>'
+          },
+          'feather-button': {
+            props: ['dataTest', 'disabled'],
+            emits: ['click'],
+            template: '<button :data-test="dataTest" :disabled="disabled" @click="$emit(\'click\')"><slot /></button>'
+          }
+        }
+      }
+    })
+  }
+
+  const setInputValue = async (wrapper: ReturnType<typeof mountComponent>, dataTest: string, value: string) => {
+    const input = wrapper.find(`input[data-test="${dataTest}"]`)
+    expect(input.exists()).toBe(true)
+    await input.setValue(value)
+  }
+
+  const setBindingValue = async (wrapper: ReturnType<typeof mountComponent>, key: string, value: any) => {
+    ;(wrapper.vm as any)[key] = value
+    await nextTick()
+  }
+
+  const clickButton = async (wrapper: ReturnType<typeof mountComponent>, dataTest: string) => {
+    const button = wrapper.findComponent(`[data-test="${dataTest}"]`)
+    expect(button.exists()).toBe(true)
+    await (button as any).vm.$emit('click')
+    await flushPromises()
+  }
+
+  beforeEach(() => {
+    vi.clearAllMocks()
+    setActivePinia(
+      createTestingPinia({
+        stubActions: false,
+        createSpy: vi.fn
+      })
+    )
+
+    store = useTrapConfigStore()
+    store.createUserDrawerState.visible = true
+    store.createUserDrawerState.mode = CreateEditMode.Create
+    store.createUserDrawerState.selectedUserIndex = -1
+    store.SnmpV3Users = [selectedUser]
+
+    store.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
+    store.closeCreateUserDrawer = vi.fn()
+    store.openCredentialDrawer = vi.fn()
+
+    mapUserToServerMock.mockImplementation((payload) => payload as SnmpV3User)
+    saveTrapdUserMock.mockResolvedValue(undefined)
+    updateTrapdUserMock.mockResolvedValue(undefined)
+  })
+
+  it('does not render when drawer is hidden', () => {
+    store.createUserDrawerState.visible = false
+    const wrapper = mountComponent()
+
+    expect(wrapper.find('[data-test="create-snmpv3-user"]').exists()).toBe(false)
+  })
+
+  it('renders create mode with heading and action buttons', () => {
+    const wrapper = mountComponent()
+
+    expect(wrapper.find('h3').text()).toBe('New SNMPv3 User Management')
+    expect(wrapper.find('[data-test="create-user-button"]').text()).toContain('Create User')
+    expect(wrapper.find('[data-test="cancel-button"]').exists()).toBe(true)
+  })
+
+  it('renders update label and preloads security name in edit mode', async () => {
+    store.createUserDrawerState.mode = CreateEditMode.Edit
+    store.createUserDrawerState.selectedUserIndex = 0
+
+    const wrapper = mountComponent()
+    await nextTick()
+
+    expect(wrapper.find('[data-test="create-user-button"]').text()).toContain('Update User')
+    expect((wrapper.find('input[data-test="security-name-input"]').element as HTMLInputElement).value).toBe('existing-user')
+  })
+
+  it('calls closeCreateUserDrawer from back and cancel buttons', async () => {
+    const wrapper = mountComponent()
+
+    await wrapper.findAll('button')[0].trigger('click')
+    await wrapper.find('[data-test="cancel-button"]').trigger('click')
+
+    expect(store.closeCreateUserDrawer).toHaveBeenCalledTimes(2)
+  })
+
+  it('opens credential drawer from auth passphrase button in edit mode', async () => {
+    store.createUserDrawerState.mode = CreateEditMode.Edit
+    store.createUserDrawerState.selectedUserIndex = 0
+
+    const wrapper = mountComponent()
+    await nextTick()
+
+    await wrapper.find('[data-test="auth-passphrase-save-button"]').trigger('click')
+
+    expect(store.openCredentialDrawer).toHaveBeenCalledTimes(1)
+  })
+
+  it('creates user successfully in create mode', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'new-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[0])
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(mapUserToServerMock).toHaveBeenCalledWith(expect.objectContaining({
+      securityName: 'new-user',
+      securityLevel: expect.any(Number)
+    }))
+    expect(saveTrapdUserMock).toHaveBeenCalledTimes(1)
+    expect(updateTrapdUserMock).not.toHaveBeenCalled()
+    expect(store.fetchTrapConfig).toHaveBeenCalledTimes(1)
+    expect(store.closeCreateUserDrawer).toHaveBeenCalledTimes(1)
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user created successfully.' })
+  })
+
+  it('updates user successfully in edit mode', async () => {
+    store.createUserDrawerState.mode = CreateEditMode.Edit
+    store.createUserDrawerState.selectedUserIndex = 0
+
+    const wrapper = mountComponent()
+    await nextTick()
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    await setBindingValue(wrapper, 'authProtocol', AUTH_PROTOCOL_OPTIONS[0])
+    await setBindingValue(wrapper, 'authPassphrase', 'masked-auth')
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(updateTrapdUserMock).toHaveBeenCalledWith('existing-user', expect.any(Object))
+    expect(saveTrapdUserMock).not.toHaveBeenCalled()
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user updated successfully.' })
+  })
+
+  it('shows explicit edit error when selected user has missing securityName', async () => {
+    store.SnmpV3Users = [{ ...selectedUser, securityName: '' }]
+    store.createUserDrawerState.mode = CreateEditMode.Edit
+    store.createUserDrawerState.selectedUserIndex = 0
+
+    const wrapper = mountComponent()
+    await nextTick()
+
+    await setInputValue(wrapper, 'security-name-input', 'replacement-name')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    await setBindingValue(wrapper, 'authProtocol', AUTH_PROTOCOL_OPTIONS[0])
+    await setBindingValue(wrapper, 'authPassphrase', 'masked-auth')
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(updateTrapdUserMock).not.toHaveBeenCalled()
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Unable to determine the selected SNMPv3 user to update.', error: true })
+  })
+
+  it('shows service error when saveTrapdUser throws Error', async () => {
+    saveTrapdUserMock.mockRejectedValue(new Error('save failed'))
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'new-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[0])
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'save failed', error: true })
+  })
+
+  it('shows generic service error when saveTrapdUser throws non-Error', async () => {
+    saveTrapdUserMock.mockRejectedValue('boom')
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'new-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[0])
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to save SNMPv3 user.', error: true })
+  })
+
+  it('prevents duplicate create requests while saving is in progress', async () => {
+    let resolveSave: () => void = () => undefined
+    saveTrapdUserMock.mockImplementation(
+      () => new Promise<void>((resolve) => {
+        resolveSave = resolve
+      })
+    )
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'new-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[0])
+
+    await clickButton(wrapper, 'create-user-button')
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(saveTrapdUserMock).toHaveBeenCalledTimes(1)
+
+    resolveSave()
+    await flushPromises()
+  })
+
+  it('shows validation message when trying to save with empty security name', async () => {
+    const wrapper = mountComponent()
+
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Please fix validation errors before saving.', error: true })
+    expect(saveTrapdUserMock).not.toHaveBeenCalled()
+  })
+})
diff --git a/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts b/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
new file mode 100644
index 000000000000..d213e013cefc
--- /dev/null
+++ b/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
@@ -0,0 +1,332 @@
+import GeneralConfiguration from '@/components/TrapConfiguration/GeneralConfiguration.vue'
+import { MAX_PORT, MIN_PORT } from '@/lib/trapdValidator'
+import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
+import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import type { TrapConfig } from '@/types/trapConfig'
+import { createTestingPinia } from '@pinia/testing'
+import { flushPromises, mount } from '@vue/test-utils'
+import { cloneDeep } from 'lodash'
+import { setActivePinia } from 'pinia'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { nextTick } from 'vue'
+
+const { showSnackBarMock } = vi.hoisted(() => ({
+  showSnackBarMock: vi.fn()
+}))
+
+vi.mock('@/composables/useSnackbar', () => ({
+  default: () => ({
+    showSnackBar: showSnackBarMock
+  })
+}))
+
+vi.mock('@/services/trapdConfigurationService', () => ({
+  updateTrapdConfiguration: vi.fn()
+}))
+
+describe('GeneralConfiguration.vue', () => {
+  let store: ReturnType<typeof useTrapConfigStore>
+  const updateTrapdConfigurationMock = vi.mocked(updateTrapdConfiguration)
+
+  const baseTrapConfig: TrapConfig = {
+    snmpTrapAddress: '192.168.1.10',
+    snmpTrapPort: 162,
+    newSuspectOnTrap: true,
+    includeRawMessage: false,
+    threads: 4,
+    queueSize: 5000,
+    batchSize: 250,
+    batchInterval: 750,
+    useAddressFromVarbind: true,
+    snmpv3User: []
+  }
+
+  const mountComponent = () => {
+    return mount(GeneralConfiguration, {
+      global: {
+        stubs: {
+          TableCard: {
+            template: '<div><slot /></div>'
+          },
+          FeatherExpansionPanel: {
+            props: ['title'],
+            template: '<div><slot /></div>'
+          },
+          FeatherInput: true,
+          'feather-input': true,
+          FeatherButton: true,
+          'feather-button': true,
+          SwitchRender: true,
+          'switch-render': true
+        }
+      }
+    })
+  }
+
+  const setBindingValue = async (
+    wrapper: ReturnType<typeof mountComponent>,
+    key: string,
+    value: string | number | boolean
+  ) => {
+    ;(wrapper.vm as any)[key] = value
+    await nextTick()
+  }
+
+  beforeEach(() => {
+    vi.clearAllMocks()
+    setActivePinia(
+      createTestingPinia({
+        stubActions: false,
+        createSpy: vi.fn
+      })
+    )
+
+    store = useTrapConfigStore()
+    store.trapdConfig = cloneDeep(baseTrapConfig)
+    store.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
+
+    updateTrapdConfigurationMock.mockResolvedValue(undefined)
+  })
+
+  it('renders the section labels and loads the current trap configuration values from the store', () => {
+    const wrapper = mountComponent()
+
+    expect(wrapper.text()).toContain('TrapD Listener Settings')
+    expect(wrapper.text()).toContain('Update Changes')
+    expect((wrapper.vm as any).port).toBe(162)
+    expect((wrapper.vm as any).bindAddress).toBe('192.168.1.10')
+    expect((wrapper.vm as any).status).toBe(true)
+    expect((wrapper.vm as any).trapMessageStatus).toBe(false)
+    expect((wrapper.vm as any).trapSourceAddressStatus).toBe(true)
+    expect((wrapper.vm as any).threads).toBe(4)
+    expect((wrapper.vm as any).queueSize).toBe(5000)
+    expect((wrapper.vm as any).batchSize).toBe(250)
+    expect((wrapper.vm as any).batchInterval).toBe(750)
+    expect((wrapper.vm as any).trapConfigError).toEqual({})
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('reloads form state when trapdConfig changes in the store', async () => {
+    const wrapper = mountComponent()
+
+    store.trapdConfig = {
+      ...cloneDeep(baseTrapConfig),
+      snmpTrapPort: 10162,
+      snmpTrapAddress: '*',
+      newSuspectOnTrap: false,
+      includeRawMessage: true,
+      useAddressFromVarbind: false,
+      threads: 0,
+      queueSize: 10000,
+      batchSize: 1000,
+      batchInterval: 500
+    }
+    await nextTick()
+    await nextTick()
+
+    expect((wrapper.vm as any).port).toBe(10162)
+    expect((wrapper.vm as any).bindAddress).toBe('*')
+    expect((wrapper.vm as any).status).toBe(false)
+    expect((wrapper.vm as any).trapMessageStatus).toBe(true)
+    expect((wrapper.vm as any).trapSourceAddressStatus).toBe(false)
+    expect((wrapper.vm as any).threads).toBe(0)
+    expect((wrapper.vm as any).queueSize).toBe(10000)
+    expect((wrapper.vm as any).batchSize).toBe(1000)
+    expect((wrapper.vm as any).batchInterval).toBe(500)
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('enables save when a valid field changes and disables it again when reverted', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'port', 163)
+    expect((wrapper.vm as any).isSaveDisabled).toBe(false)
+
+    await setBindingValue(wrapper, 'port', 162)
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('toggles all switch values through the component handlers', () => {
+    const wrapper = mountComponent()
+
+    ;(wrapper.vm as any).onChangeStatus()
+    ;(wrapper.vm as any).onChangeTrapMessageStatus()
+    ;(wrapper.vm as any).onChangeTrapSourceAddressStatus()
+
+    expect((wrapper.vm as any).status).toBe(false)
+    expect((wrapper.vm as any).trapMessageStatus).toBe(true)
+    expect((wrapper.vm as any).trapSourceAddressStatus).toBe(false)
+  })
+
+  it('submits the updated payload successfully and refreshes the store', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'port', '10162')
+    await setBindingValue(wrapper, 'bindAddress', '*')
+    await setBindingValue(wrapper, 'status', false)
+    await setBindingValue(wrapper, 'trapMessageStatus', true)
+    await setBindingValue(wrapper, 'trapSourceAddressStatus', false)
+    await setBindingValue(wrapper, 'threads', '2')
+    await setBindingValue(wrapper, 'queueSize', '6000')
+    await setBindingValue(wrapper, 'batchSize', '300')
+    await setBindingValue(wrapper, 'batchInterval', '900')
+
+    await (wrapper.vm as any).updateConfig()
+    await flushPromises()
+
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith({
+      snmpTrapPort: 10162,
+      snmpTrapAddress: '*',
+      newSuspectOnTrap: false,
+      useAddressFromVarbind: false,
+      includeRawMessage: true,
+      threads: 2,
+      queueSize: 6000,
+      batchSize: 300,
+      batchInterval: 900
+    })
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Trap configuration updated successfully.' })
+    expect(store.fetchTrapConfig).toHaveBeenCalledTimes(1)
+    expect((wrapper.vm as any).isSaving).toBe(false)
+  })
+
+  it('shows the service error message when update fails with an Error', async () => {
+    updateTrapdConfigurationMock.mockRejectedValue(new Error('update failed'))
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'port', 163)
+    await (wrapper.vm as any).updateConfig()
+    await flushPromises()
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'update failed', error: true })
+    expect(store.fetchTrapConfig).not.toHaveBeenCalled()
+    expect((wrapper.vm as any).isSaving).toBe(false)
+  })
+
+  it('shows a generic error message when update fails with a non-Error value', async () => {
+    updateTrapdConfigurationMock.mockRejectedValue('boom')
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'port', 163)
+    await (wrapper.vm as any).updateConfig()
+    await flushPromises()
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to update trap configuration.', error: true })
+  })
+
+  it('sets isSaving during an in-flight request and clears it after completion', async () => {
+    let resolveRequest: (() => void) | undefined
+    updateTrapdConfigurationMock.mockImplementation(
+      () =>
+        new Promise<void>((resolve) => {
+          resolveRequest = resolve
+        })
+    )
+
+    const wrapper = mountComponent()
+    await setBindingValue(wrapper, 'port', 163)
+
+    const pendingSave = (wrapper.vm as any).updateConfig()
+    await nextTick()
+
+    expect((wrapper.vm as any).isSaving).toBe(true)
+
+    resolveRequest?.()
+    await pendingSave
+    await flushPromises()
+
+    expect((wrapper.vm as any).isSaving).toBe(false)
+  })
+
+  it(`shows a validation error when port is less than ${MIN_PORT}`, async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'port', 0)
+
+    expect((wrapper.vm as any).trapConfigError.port).toBe(`Port must be between ${MIN_PORT} and ${MAX_PORT}.`)
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it(`shows a validation error when port is greater than ${MAX_PORT}`, async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'port', 65536)
+
+    expect((wrapper.vm as any).trapConfigError.port).toBe(`Port must be between ${MIN_PORT} and ${MAX_PORT}.`)
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows a validation error when bind address is empty', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'bindAddress', '')
+
+    expect((wrapper.vm as any).trapConfigError.bindAddress).toBe('Bind Address cannot be empty.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows a validation error when bind address is not * or a valid IPv4 address', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'bindAddress', 'localhost')
+
+    expect((wrapper.vm as any).trapConfigError.bindAddress).toBe('Bind Address must be * or a valid IP address.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('accepts wildcard bind address as a valid value', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'bindAddress', '*')
+
+    expect((wrapper.vm as any).trapConfigError.bindAddress).toBeUndefined()
+    expect((wrapper.vm as any).isSaveDisabled).toBe(false)
+  })
+
+  it('shows a validation error when threads is negative', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'threads', -1)
+
+    expect((wrapper.vm as any).trapConfigError.threads).toBe('Threads cannot be negative.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows a validation error when queue size is negative', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'queueSize', -1)
+
+    expect((wrapper.vm as any).trapConfigError.queueSize).toBe('Queue Size cannot be negative.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows a validation error when batch size is negative', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'batchSize', -1)
+
+    expect((wrapper.vm as any).trapConfigError.batchSize).toBe('Batch Size cannot be negative.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows a validation error when batch interval is negative', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'batchInterval', -1)
+
+    expect((wrapper.vm as any).trapConfigError.batchInterval).toBe('Batch Interval cannot be negative.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('does not call the update service when the form is invalid', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'bindAddress', '')
+    await (wrapper.vm as any).updateConfig()
+    await flushPromises()
+
+    expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
+    expect(showSnackBarMock).not.toHaveBeenCalled()
+  })
+})
\ No newline at end of file
diff --git a/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts b/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
new file mode 100644
index 000000000000..4c96f31d029f
--- /dev/null
+++ b/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
@@ -0,0 +1,360 @@
+import SnmpV3UserManagement from '@/components/TrapConfiguration/SnmpV3UserManagement.vue'
+import { deleteTrapdUser } from '@/services/trapdConfigurationService'
+import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { CreateEditMode } from '@/types'
+import type { SnmpV3User } from '@/types/trapConfig'
+import { FeatherSortHeader, SORT } from '@featherds/table'
+import { createTestingPinia } from '@pinia/testing'
+import { flushPromises, mount } from '@vue/test-utils'
+import { setActivePinia } from 'pinia'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent, nextTick } from 'vue'
+
+const { showSnackBarMock } = vi.hoisted(() => ({
+  showSnackBarMock: vi.fn()
+}))
+
+vi.mock('@/composables/useSnackbar', () => ({
+  default: () => ({
+    showSnackBar: showSnackBarMock
+  })
+}))
+
+vi.mock('@/services/trapdConfigurationService', () => ({
+  deleteTrapdUser: vi.fn()
+}))
+
+const FeatherButtonStub = defineComponent({
+  name: 'FeatherButton',
+  props: {
+    dataTest: {
+      type: String,
+      default: ''
+    },
+    disabled: {
+      type: Boolean,
+      default: false
+    },
+    icon: {
+      type: String,
+      default: ''
+    }
+  },
+  emits: ['click'],
+  template:
+    '<button :data-test="dataTest" :disabled="disabled" :aria-label="icon" @click="$emit(\'click\')"><slot /></button>'
+})
+
+const FeatherSortHeaderStub = defineComponent({
+  name: 'FeatherSortHeader',
+  props: {
+    property: {
+      type: String,
+      default: ''
+    },
+    sort: {
+      type: String,
+      default: ''
+    }
+  },
+  emits: ['sort-changed'],
+  template: '<th><button :data-test="`sort-${property}`"><slot /></button></th>'
+})
+
+const DeleteDialogStub = defineComponent({
+  name: 'DeleteUserConfirmationDialog',
+  props: {
+    visible: {
+      type: Boolean,
+      default: false
+    }
+  },
+  emits: ['close', 'confirm'],
+  template: `
+    <div>
+      <div data-test="delete-dialog-visible">{{ String(visible) }}</div>
+      <button data-test="close-delete-dialog" @click="$emit('close')">close</button>
+      <button data-test="confirm-delete-dialog" @click="$emit('confirm')">confirm</button>
+    </div>
+  `
+})
+
+describe('SnmpV3UserManagement.vue', () => {
+  let store: ReturnType<typeof useTrapConfigStore>
+  const deleteTrapdUserMock = vi.mocked(deleteTrapdUser)
+
+  const users: SnmpV3User[] = [
+    {
+      engineId: null,
+      securityName: 'user-one',
+      securityLevel: 1,
+      authProtocol: null,
+      authPassphrase: null,
+      privacyProtocol: null,
+      privacyPassphrase: null
+    },
+    {
+      engineId: null,
+      securityName: 'user-two',
+      securityLevel: 3,
+      authProtocol: 'SHA256',
+      authPassphrase: 'masked-a',
+      privacyProtocol: 'AES256',
+      privacyPassphrase: 'masked-b'
+    }
+  ]
+
+  const mountComponent = () => {
+    return mount(SnmpV3UserManagement, {
+      global: {
+        stubs: {
+          TableCard: {
+            template: '<div><slot /></div>'
+          },
+          EmptyList: {
+            props: ['content'],
+            template: '<div data-test="empty-list">{{ content.msg }}</div>'
+          },
+          DeleteUserConfirmationDialog: DeleteDialogStub,
+          FeatherButton: FeatherButtonStub,
+          'feather-button': FeatherButtonStub,
+          FeatherSortHeader: FeatherSortHeaderStub,
+          'feather-sort-header': FeatherSortHeaderStub,
+          FeatherIcon: true,
+          'feather-icon': true,
+          TransitionGroup: {
+            template: '<tbody><slot /></tbody>'
+          }
+        }
+      }
+    })
+  }
+
+  const clickByDataTest = async (wrapper: ReturnType<typeof mountComponent>, dataTest: string, index = 0) => {
+    const elements = wrapper.findAll(`[data-test="${dataTest}"]`)
+    expect(elements[index]?.exists()).toBe(true)
+    await elements[index].trigger('click')
+    await flushPromises()
+  }
+
+  beforeEach(() => {
+    vi.clearAllMocks()
+    setActivePinia(
+      createTestingPinia({
+        stubActions: false,
+        createSpy: vi.fn
+      })
+    )
+
+    store = useTrapConfigStore()
+    store.createUserDrawerState.visible = false
+    store.SnmpV3Users = [...users]
+    store.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
+    store.openCreateUserDrawer = vi.fn()
+
+    deleteTrapdUserMock.mockResolvedValue(undefined)
+  })
+
+  it('does not render when the create user drawer is visible', () => {
+    store.createUserDrawerState.visible = true
+    const wrapper = mountComponent()
+
+    expect(wrapper.find('[data-test="snmpv3-user-management"]').exists()).toBe(false)
+  })
+
+  it('renders the heading, add button, column headers, and user rows', () => {
+    const wrapper = mountComponent()
+
+    expect(wrapper.text()).toContain('SNMPv3 User Management')
+    expect(wrapper.text()).toContain('List SNMPv3 users credentials')
+    expect(wrapper.find('[data-test="add-user-button"]').exists()).toBe(true)
+    expect(wrapper.text()).toContain('SnmpV3 Username')
+    expect(wrapper.text()).toContain('Security Level')
+    expect(wrapper.text()).toContain('Authentication Protocol')
+    expect(wrapper.text()).toContain('Privacy Protocol')
+    expect(wrapper.text()).toContain('Action')
+    expect(wrapper.text()).toContain('user-one')
+    expect(wrapper.text()).toContain('user-two')
+    expect((wrapper.vm as any).tableRecords).toEqual(users)
+  })
+
+  it('renders the empty state when there are no users', async () => {
+    store.SnmpV3Users = []
+    const wrapper = mountComponent()
+    await nextTick()
+
+    expect(wrapper.find('[data-test="empty-list"]').text()).toBe('No SNMPv3 users found')
+    expect(wrapper.findAll('tbody tr')).toHaveLength(0)
+  })
+
+  it('opens create user drawer in create mode from the add user button', async () => {
+    const wrapper = mountComponent()
+
+    await clickByDataTest(wrapper, 'add-user-button')
+
+    expect(store.openCreateUserDrawer).toHaveBeenCalledWith(CreateEditMode.Create, -1)
+  })
+
+  it('opens create user drawer in edit mode for the selected row', async () => {
+    const wrapper = mountComponent()
+
+    await clickByDataTest(wrapper, 'edit-user-button', 1)
+
+    expect(store.openCreateUserDrawer).toHaveBeenCalledWith(CreateEditMode.Edit, 1)
+  })
+
+  it('opens the delete dialog with the selected security name', async () => {
+    const wrapper = mountComponent()
+
+    await clickByDataTest(wrapper, 'delete-user-button', 1)
+
+    expect((wrapper.vm as any).deleteUserSecurityName).toBe('user-two')
+    expect((wrapper.vm as any).deleteDialogVisible).toBe(true)
+    expect(wrapper.find('[data-test="delete-dialog-visible"]').text()).toBe('true')
+  })
+
+  it('cancels delete and resets dialog state', async () => {
+    const wrapper = mountComponent()
+    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    await nextTick()
+
+    await clickByDataTest(wrapper, 'close-delete-dialog')
+
+    expect((wrapper.vm as any).deleteUserSecurityName).toBe(null)
+    expect((wrapper.vm as any).deleteDialogVisible).toBe(false)
+  })
+
+  it('deletes the selected user successfully, refreshes config, and closes the dialog', async () => {
+    const wrapper = mountComponent()
+    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    await nextTick()
+
+    await clickByDataTest(wrapper, 'confirm-delete-dialog')
+
+    expect(deleteTrapdUserMock).toHaveBeenCalledWith('user-one')
+    expect(store.fetchTrapConfig).toHaveBeenCalledTimes(1)
+    expect((wrapper.vm as any).deleteUserSecurityName).toBe(null)
+    expect((wrapper.vm as any).deleteDialogVisible).toBe(false)
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user deleted successfully.' })
+    expect((wrapper.vm as any).isDeleting).toBe(false)
+  })
+
+  it('shows the service error when delete fails with an Error', async () => {
+    deleteTrapdUserMock.mockRejectedValue(new Error('delete failed'))
+    const wrapper = mountComponent()
+    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    await nextTick()
+
+    await clickByDataTest(wrapper, 'confirm-delete-dialog')
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'delete failed', error: true })
+    expect(store.fetchTrapConfig).not.toHaveBeenCalled()
+    expect((wrapper.vm as any).deleteUserSecurityName).toBe('user-one')
+    expect((wrapper.vm as any).deleteDialogVisible).toBe(true)
+    expect((wrapper.vm as any).isDeleting).toBe(false)
+  })
+
+  it('shows a generic error when delete fails with a non-Error value', async () => {
+    deleteTrapdUserMock.mockRejectedValue('boom')
+    const wrapper = mountComponent()
+    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    await nextTick()
+
+    await clickByDataTest(wrapper, 'confirm-delete-dialog')
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to delete SNMPv3 user.', error: true })
+  })
+
+  it('does not call delete when no selected security name exists', async () => {
+    const wrapper = mountComponent()
+
+    await (wrapper.vm as any).confirmDeleteUser()
+    await flushPromises()
+
+    expect(deleteTrapdUserMock).not.toHaveBeenCalled()
+    expect(showSnackBarMock).not.toHaveBeenCalled()
+  })
+
+  it('does not call delete again while a delete request is already in progress', async () => {
+    let resolveDelete: (() => void) | undefined
+    deleteTrapdUserMock.mockImplementation(
+      () =>
+        new Promise<void>((resolve) => {
+          resolveDelete = resolve
+        })
+    )
+
+    const wrapper = mountComponent()
+    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    await nextTick()
+
+    const pendingDelete = (wrapper.vm as any).confirmDeleteUser()
+    await nextTick()
+    await (wrapper.vm as any).confirmDeleteUser()
+
+    expect(deleteTrapdUserMock).toHaveBeenCalledTimes(1)
+    expect((wrapper.vm as any).isDeleting).toBe(true)
+
+    resolveDelete?.()
+    await pendingDelete
+    await flushPromises()
+
+    expect((wrapper.vm as any).isDeleting).toBe(false)
+  })
+
+  it('updates tableRecords when the store users list changes', async () => {
+    const wrapper = mountComponent()
+    const nextUsers: SnmpV3User[] = [
+      {
+        engineId: null,
+        securityName: 'replacement-user',
+        securityLevel: 2,
+        authProtocol: 'MD5',
+        authPassphrase: 'masked',
+        privacyProtocol: null,
+        privacyPassphrase: null
+      }
+    ]
+
+    store.SnmpV3Users = nextUsers
+    await nextTick()
+    await nextTick()
+
+    expect((wrapper.vm as any).tableRecords).toEqual(nextUsers)
+    expect(wrapper.text()).toContain('replacement-user')
+    expect(wrapper.text()).not.toContain('user-one')
+  })
+
+  it('updates sort state when a sort header emits sort-changed', async () => {
+    const wrapper = mountComponent()
+    const sortHeaders = wrapper.findAllComponents(FeatherSortHeader)
+
+    expect(sortHeaders).toHaveLength(4)
+    await sortHeaders[1].vm.$emit('sort-changed', {
+      property: 'securityLevel',
+      value: SORT.ASCENDING
+    })
+    await nextTick()
+
+    expect((wrapper.vm as any).sort.username).toBe(SORT.NONE)
+    expect((wrapper.vm as any).sort.securityLevel).toBe(SORT.ASCENDING)
+    expect((wrapper.vm as any).sort.authenticationProtocol).toBe(SORT.NONE)
+    expect((wrapper.vm as any).sort.privacyProtocol).toBe(SORT.NONE)
+  })
+
+  it('sortChanged resets previous sort values before applying the next property', () => {
+    const wrapper = mountComponent()
+
+    ;(wrapper.vm as any).sort.username = SORT.DESCENDING
+    ;(wrapper.vm as any).sort.securityLevel = SORT.ASCENDING
+    ;(wrapper.vm as any).sortChanged({
+      property: 'privacyProtocol',
+      value: SORT.ASCENDING
+    })
+
+    expect((wrapper.vm as any).sort.username).toBe(SORT.NONE)
+    expect((wrapper.vm as any).sort.securityLevel).toBe(SORT.NONE)
+    expect((wrapper.vm as any).sort.authenticationProtocol).toBe(SORT.NONE)
+    expect((wrapper.vm as any).sort.privacyProtocol).toBe(SORT.ASCENDING)
+  })
+})
diff --git a/ui/tests/containers/TrapConfiguration.test.ts b/ui/tests/containers/TrapConfiguration.test.ts
new file mode 100644
index 000000000000..aeba2b9e7428
--- /dev/null
+++ b/ui/tests/containers/TrapConfiguration.test.ts
@@ -0,0 +1,252 @@
+import BreadCrumbs from '@/components/Layout/BreadCrumbs.vue'
+import TrapConfiguration from '@/containers/TrapConfiguration.vue'
+import { validateTrapdXml } from '@/lib/trapdValidator'
+import { uploadTrapdConfiguration } from '@/services/trapdConfigurationService'
+import { useMenuStore } from '@/stores/menuStore'
+import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { createTestingPinia } from '@pinia/testing'
+import { mount } from '@vue/test-utils'
+import { setActivePinia } from 'pinia'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { showSnackBarMock } = vi.hoisted(() => ({
+  showSnackBarMock: vi.fn()
+}))
+
+vi.mock('@/composables/useSnackbar', () => ({
+  default: () => ({
+    showSnackBar: showSnackBarMock
+  })
+}))
+
+vi.mock('@/lib/trapdValidator', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('@/lib/trapdValidator')>()
+  return {
+    ...actual,
+    validateTrapdXml: vi.fn()
+  }
+})
+
+vi.mock('@/services/trapdConfigurationService', () => ({
+  uploadTrapdConfiguration: vi.fn()
+}))
+
+describe('TrapConfiguration.vue', () => {
+  let trapStore: ReturnType<typeof useTrapConfigStore>
+  let menuStore: ReturnType<typeof useMenuStore>
+
+  const validateTrapdXmlMock = vi.mocked(validateTrapdXml)
+  const uploadTrapdConfigurationMock = vi.mocked(uploadTrapdConfiguration)
+
+  const mountComponent = () => {
+    return mount(TrapConfiguration, {
+      global: {
+        stubs: {
+          GeneralConfiguration: true,
+          SnmpV3UserManagement: true,
+          CreateSnmpV3User: true,
+          FeatherTabContainer: {
+            template: '<div><slot name="tabs" /><slot /></div>'
+          },
+          FeatherTab: {
+            template: '<div><slot /></div>'
+          },
+          FeatherTabPanel: {
+            template: '<div><slot /></div>'
+          },
+          FeatherButton: {
+            template: '<button @click="$emit(\'click\')"><slot /></button>'
+          },
+          BreadCrumbs: true
+        }
+      }
+    })
+  }
+
+  const createXmlFile = (name = 'trapd.xml', content = '<trapd-configuration />') => {
+    const file = new File([content], name, { type: 'text/xml' })
+    vi.spyOn(file, 'text').mockResolvedValue(content)
+    return file
+  }
+
+  const triggerUpload = async (wrapper: ReturnType<typeof mountComponent>, file?: File) => {
+    const input = wrapper.find('input[type="file"]')
+    Object.defineProperty(input.element, 'files', {
+      value: file ? [file] : [],
+      configurable: true
+    })
+    await input.trigger('change')
+  }
+
+  beforeEach(() => {
+    vi.clearAllMocks()
+    setActivePinia(createTestingPinia({ stubActions: true }))
+    trapStore = useTrapConfigStore()
+    menuStore = useMenuStore()
+    menuStore.mainMenu = { homeUrl: '/home' } as any
+    trapStore.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
+    validateTrapdXmlMock.mockReturnValue({ valid: true, errors: [] })
+    uploadTrapdConfigurationMock.mockResolvedValue(undefined)
+  })
+
+  it('renders heading and child sections', () => {
+    const wrapper = mountComponent()
+
+    expect(wrapper.find('h1').text()).toBe('TrapD Configuration')
+    expect(wrapper.findComponent(BreadCrumbs).exists()).toBe(true)
+    expect(wrapper.find('input[type="file"]').exists()).toBe(true)
+  })
+
+  it('renders breadcrumbs with home and trap configuration entries', () => {
+    const wrapper = mountComponent()
+    const breadcrumbs = wrapper.findComponent(BreadCrumbs)
+    const items = breadcrumbs.props('items')
+
+    expect(items).toHaveLength(2)
+    expect(items[0]).toEqual({ label: 'Home', to: '/home', isAbsoluteLink: true })
+    expect(items[1]).toEqual({ label: 'Trap Configurations', to: '#', position: 'last' })
+  })
+
+  it('calls fetchTrapConfig on mount', () => {
+    mountComponent()
+    expect(trapStore.fetchTrapConfig).toHaveBeenCalledTimes(1)
+  })
+
+  it('shows snackbar when initial fetch fails with Error', async () => {
+    trapStore.fetchTrapConfig = vi.fn().mockRejectedValue(new Error('initial fetch failed'))
+
+    mountComponent()
+    await Promise.resolve()
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'initial fetch failed', error: true })
+  })
+
+  it('shows snackbar when initial fetch fails with non-Error', async () => {
+    trapStore.fetchTrapConfig = vi.fn().mockRejectedValue('boom')
+
+    mountComponent()
+    await Promise.resolve()
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to retrieve trapd configuration.', error: true })
+  })
+
+  it('opens file chooser when upload button is clicked', async () => {
+    const wrapper = mountComponent()
+    const input = wrapper.find('input[type="file"]').element as HTMLInputElement
+    const clickSpy = vi.spyOn(input, 'click').mockImplementation(() => undefined)
+
+    const uploadButton = wrapper.findAll('button').find((button) => button.text().includes('Upload Configuration'))
+    expect(uploadButton).toBeDefined()
+
+    await uploadButton!.trigger('click')
+    expect(clickSpy).toHaveBeenCalledTimes(1)
+  })
+
+  it('returns early when no file is selected', async () => {
+    const wrapper = mountComponent()
+    await triggerUpload(wrapper)
+
+    expect(validateTrapdXmlMock).not.toHaveBeenCalled()
+    expect(uploadTrapdConfigurationMock).not.toHaveBeenCalled()
+  })
+
+  it('rejects non-xml files before validation', async () => {
+    const wrapper = mountComponent()
+    const invalidFile = createXmlFile('trapd.txt', 'not xml')
+
+    await triggerUpload(wrapper, invalidFile)
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Only .xml files are supported.', error: true })
+    expect(validateTrapdXmlMock).not.toHaveBeenCalled()
+    expect(uploadTrapdConfigurationMock).not.toHaveBeenCalled()
+  })
+
+  it('shows read error when file.text fails', async () => {
+    const wrapper = mountComponent()
+    const file = new File(['x'], 'trapd.xml', { type: 'text/xml' })
+    vi.spyOn(file, 'text').mockRejectedValue(new Error('read failed'))
+
+    await triggerUpload(wrapper, file)
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to read XML file.', error: true })
+    expect(validateTrapdXmlMock).not.toHaveBeenCalled()
+    expect(uploadTrapdConfigurationMock).not.toHaveBeenCalled()
+  })
+
+  it('blocks upload and shows validation errors when XML is invalid (<=3 errors)', async () => {
+    const wrapper = mountComponent()
+    const file = createXmlFile('trapd.xml', '<invalid />')
+    validateTrapdXmlMock.mockReturnValue({
+      valid: false,
+      errors: [
+        { field: 'root', message: 'Root mismatch' },
+        { field: 'xmlns', message: 'Namespace invalid' },
+        { field: 'snmp-trap-port', message: 'Port invalid' }
+      ]
+    })
+
+    await triggerUpload(wrapper, file)
+
+    expect(validateTrapdXmlMock).toHaveBeenCalledWith('<invalid />')
+    expect(showSnackBarMock).toHaveBeenCalledWith({
+      msg: 'Invalid trap configuration XML: Root mismatch | Namespace invalid | Port invalid',
+      error: true
+    })
+    expect(uploadTrapdConfigurationMock).not.toHaveBeenCalled()
+  })
+
+  it('shows +N more suffix for validation errors beyond first 3', async () => {
+    const wrapper = mountComponent()
+    const file = createXmlFile('trapd.xml', '<invalid />')
+    validateTrapdXmlMock.mockReturnValue({
+      valid: false,
+      errors: [
+        { field: 'a', message: 'e1' },
+        { field: 'b', message: 'e2' },
+        { field: 'c', message: 'e3' },
+        { field: 'd', message: 'e4' },
+        { field: 'e', message: 'e5' }
+      ]
+    })
+
+    await triggerUpload(wrapper, file)
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({
+      msg: 'Invalid trap configuration XML: e1 | e2 | e3 (+2 more)',
+      error: true
+    })
+    expect(uploadTrapdConfigurationMock).not.toHaveBeenCalled()
+  })
+
+  it('uploads file and refreshes store when XML is valid', async () => {
+    const wrapper = mountComponent()
+    const file = createXmlFile('trapd.xml', '<trapd-configuration />')
+
+    await triggerUpload(wrapper, file)
+
+    expect(validateTrapdXmlMock).toHaveBeenCalledWith('<trapd-configuration />')
+    expect(uploadTrapdConfigurationMock).toHaveBeenCalledWith(file)
+    expect(trapStore.fetchTrapConfig).toHaveBeenCalledTimes(2)
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Trap configuration uploaded successfully.' })
+  })
+
+  it('shows upload error message from Error instance', async () => {
+    const wrapper = mountComponent()
+    const file = createXmlFile('trapd.xml', '<trapd-configuration />')
+    uploadTrapdConfigurationMock.mockRejectedValue(new Error('upload failed'))
+
+    await triggerUpload(wrapper, file)
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'upload failed', error: true })
+  })
+
+  it('shows generic upload error message for non-Error throw', async () => {
+    const wrapper = mountComponent()
+    const file = createXmlFile('trapd.xml', '<trapd-configuration />')
+    uploadTrapdConfigurationMock.mockRejectedValue('bad')
+
+    await triggerUpload(wrapper, file)
+
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to upload trap configuration.', error: true })
+  })
+})
diff --git a/ui/tests/lib/trapdValidator.test.ts b/ui/tests/lib/trapdValidator.test.ts
new file mode 100644
index 000000000000..a12557e3e364
--- /dev/null
+++ b/ui/tests/lib/trapdValidator.test.ts
@@ -0,0 +1,693 @@
+import { XMLParser, XMLValidator } from 'fast-xml-parser'
+import { afterAll, beforeAll, describe, expect, it, vi } from 'vitest'
+import {
+  AUTH_PROTOCOL_OPTIONS,
+  AuthProtocol,
+  AuthProtocols,
+  MAX_PORT,
+  MIN_PORT,
+  PRIVACY_PROTOCOL_OPTIONS,
+  PrivacyProtocol,
+  PrivacyProtocols,
+  SECURITY_LEVEL_OPTIONS,
+  SecurityLevel,
+  TRAPD_XML_NAMESPACE,
+  getDefaultTrapdConfig,
+  isValidIP,
+  isValidPort,
+  isValidSnmpSecurityLevel,
+  validateTrapdXml
+} from '@/lib/trapdValidator'
+
+// ---------------------------------------------------------------------------
+// DOMParser polyfill (fast-xml-parser backed)
+//
+// happy-dom v9 parses ALL MIME types as HTML, so root.namespaceURI is always
+// the XHTML namespace.  We replace window.DOMParser with a minimal but correct
+// implementation for the subset of the DOM API that validateTrapdXml uses.
+// ---------------------------------------------------------------------------
+
+class FakeElement {
+  localName: string
+  namespaceURI: string | null
+  textContent: string | null = null
+  private attrs: Record<string, string>
+  private children: FakeElement[]
+
+  constructor(localName: string, attrs: Record<string, string>, children: FakeElement[] = []) {
+    this.localName = localName
+    this.attrs = attrs
+    this.children = children
+    this.namespaceURI = attrs['xmlns'] ?? null
+  }
+
+  getAttribute(name: string): string | null {
+    return Object.prototype.hasOwnProperty.call(this.attrs, name) ? this.attrs[name] : null
+  }
+
+  getElementsByTagName(tagName: string): FakeElement[] {
+    const results: FakeElement[] = []
+    for (const child of this.children) {
+      if (child.localName === tagName) results.push(child)
+      results.push(...child.getElementsByTagName(tagName))
+    }
+    return results
+  }
+}
+
+class FakeDocument {
+  documentElement: FakeElement
+  private parseError: FakeElement | null
+
+  constructor(root: FakeElement, parseError: FakeElement | null = null) {
+    this.documentElement = root
+    this.parseError = parseError
+  }
+
+  querySelector(selector: string): FakeElement | null {
+    return selector === 'parsererror' ? this.parseError : null
+  }
+}
+
+function buildElement(tagName: string, node: Record<string, unknown>): FakeElement {
+  const attrs: Record<string, string> = {}
+  const children: FakeElement[] = []
+
+  for (const [key, value] of Object.entries(node)) {
+    if (key.startsWith('@_')) {
+      attrs[key.slice(2)] = String(value)
+    } else if (Array.isArray(value)) {
+      for (const child of value as Record<string, unknown>[]) {
+        children.push(buildElement(key, child))
+      }
+    } else if (typeof value === 'object' && value !== null) {
+      children.push(buildElement(key, value as Record<string, unknown>))
+    }
+  }
+
+  return new FakeElement(tagName, attrs, children)
+}
+
+const fxpParser = new XMLParser({
+  ignoreAttributes: false,
+  attributeNamePrefix: '@_',
+  isArray: (name) => name === 'snmpv3-user',
+  parseAttributeValue: false,
+  trimValues: false
+})
+
+class FakeDOMParser {
+  parseFromString(xmlString: string, _mimeType: string): FakeDocument {
+    void _mimeType
+    const validation = XMLValidator.validate(xmlString)
+    if (validation !== true) {
+      const errEl = new FakeElement('parsererror', {})
+      errEl.textContent = (validation as { err: { msg: string } }).err?.msg ?? 'parse error'
+      const dummyRoot = new FakeElement('parsererror', {})
+      return new FakeDocument(dummyRoot, errEl)
+    }
+
+    const parsed = fxpParser.parse(xmlString) as Record<string, Record<string, unknown>>
+    const rootTagName = Object.keys(parsed)[0]
+    const rootNode = parsed[rootTagName] ?? {}
+    const root = buildElement(rootTagName, rootNode)
+    return new FakeDocument(root)
+  }
+}
+
+beforeAll(() => {
+  vi.stubGlobal('DOMParser', FakeDOMParser)
+})
+
+afterAll(() => {
+  vi.unstubAllGlobals()
+})
+
+const VALID_NS = TRAPD_XML_NAMESPACE
+
+/** Build a minimal valid trapd XML string, overriding individual attributes. */
+const buildXml = (overrides: {
+  root?: string
+  xmlns?: string | null
+  address?: string | null
+  port?: string | null
+  suspect?: string | null
+  users?: string
+} = {}): string => {
+  const {
+    root = 'trapd-configuration',
+    xmlns = VALID_NS,
+    address = '*',
+    port = '162',
+    suspect = null,
+    users = ''
+  } = overrides
+
+  const nsAttr = xmlns === null ? '' : ` xmlns="${xmlns}"`
+  const addrAttr = address === null ? '' : ` snmp-trap-address="${address}"`
+  const portAttr = port === null ? '' : ` snmp-trap-port="${port}"`
+  const suspectAttr = suspect === null ? '' : ` new-suspect-on-trap="${suspect}"`
+
+  if (users) {
+    return `<${root}${nsAttr}${addrAttr}${portAttr}${suspectAttr}>${users}</${root}>`
+  }
+  return `<${root}${nsAttr}${addrAttr}${portAttr}${suspectAttr} />`
+}
+
+/** Build a <snmpv3-user /> element string from an attribute map. */
+const buildUser = (attrs: Record<string, string> = {}): string => {
+  const attrStr = Object.entries(attrs)
+    .map(([k, v]) => `${k}="${v}"`)
+    .join(' ')
+  return `<snmpv3-user ${attrStr} />`
+}
+
+describe('isValidPort', () => {
+  it.each([MIN_PORT, MAX_PORT, 162, 10162, 1024])('returns true for valid port %i', (port) => {
+    expect(isValidPort(port)).toBe(true)
+  })
+
+  it('returns false for undefined', () => {
+    expect(isValidPort(undefined)).toBe(false)
+  })
+
+  it('returns false for 0 (below MIN_PORT)', () => {
+    expect(isValidPort(0)).toBe(false)
+  })
+
+  it('returns false for MAX_PORT + 1', () => {
+    expect(isValidPort(MAX_PORT + 1)).toBe(false)
+  })
+
+  it('returns false for negative port', () => {
+    expect(isValidPort(-1)).toBe(false)
+  })
+
+  it('returns false for NaN', () => {
+    expect(isValidPort(NaN)).toBe(false)
+  })
+})
+
+describe('isValidIP', () => {
+  it.each(['0.0.0.0', '192.168.1.1', '255.255.255.255', '10.0.0.1'])(
+    'returns true for valid IPv4 %s',
+    (ip) => {
+      expect(isValidIP(ip)).toBe(true)
+    }
+  )
+
+  it('returns false for too few octets', () => {
+    expect(isValidIP('192.168.1')).toBe(false)
+  })
+
+  it('returns false for too many octets', () => {
+    expect(isValidIP('192.168.1.1.1')).toBe(false)
+  })
+
+  it('returns false for octet > 255', () => {
+    expect(isValidIP('192.168.1.256')).toBe(false)
+  })
+
+  it('returns false for non-numeric octet', () => {
+    expect(isValidIP('abc.def.ghi.jkl')).toBe(false)
+  })
+
+  it('returns false for empty string', () => {
+    expect(isValidIP('')).toBe(false)
+  })
+
+  it('returns false for wildcard *', () => {
+    expect(isValidIP('*')).toBe(false)
+  })
+})
+
+describe('isValidSnmpSecurityLevel', () => {
+  it.each([SecurityLevel.NoAuthNoPriv, SecurityLevel.AuthNoPriv, SecurityLevel.AuthPriv])(
+    'returns true for valid level %i',
+    (level) => {
+      expect(isValidSnmpSecurityLevel(level)).toBe(true)
+    }
+  )
+
+  it('returns false for SecurityLevel.None (0)', () => {
+    expect(isValidSnmpSecurityLevel(SecurityLevel.None)).toBe(false)
+  })
+
+  it('returns false for level 4 (out of range)', () => {
+    expect(isValidSnmpSecurityLevel(4)).toBe(false)
+  })
+
+  it('returns false for undefined', () => {
+    expect(isValidSnmpSecurityLevel(undefined)).toBe(false)
+  })
+})
+
+describe('getDefaultTrapdConfig', () => {
+  it('returns expected default values', () => {
+    const config = getDefaultTrapdConfig()
+    expect(config.snmpTrapAddress).toBe('*')
+    expect(config.snmpTrapPort).toBe(10162)
+    expect(config.newSuspectOnTrap).toBe(false)
+    expect(config.includeRawMessage).toBe(false)
+    expect(config.threads).toBe(0)
+    expect(config.queueSize).toBe(10000)
+    expect(config.batchSize).toBe(1000)
+    expect(config.batchInterval).toBe(500)
+    expect(config.useAddressFromVarbind).toBe(false)
+    expect(config.snmpv3User).toEqual([])
+  })
+
+  it('returns a fresh object each call (no shared reference)', () => {
+    const a = getDefaultTrapdConfig()
+    const b = getDefaultTrapdConfig()
+    a.snmpv3User.push({ securityName: 'x' } as any)
+    expect(b.snmpv3User).toHaveLength(0)
+  })
+})
+
+describe('SECURITY_LEVEL_OPTIONS', () => {
+  it('contains exactly three entries', () => {
+    expect(SECURITY_LEVEL_OPTIONS).toHaveLength(3)
+  })
+
+  it('has correct _value strings for all three levels', () => {
+    const values = SECURITY_LEVEL_OPTIONS.map((o) => o._value)
+    expect(values).toContain(String(SecurityLevel.NoAuthNoPriv))
+    expect(values).toContain(String(SecurityLevel.AuthNoPriv))
+    expect(values).toContain(String(SecurityLevel.AuthPriv))
+  })
+})
+
+describe('AUTH_PROTOCOL_OPTIONS', () => {
+  it('contains exactly as many entries as AuthProtocols', () => {
+    expect(AUTH_PROTOCOL_OPTIONS).toHaveLength(AuthProtocols.length)
+  })
+
+  it('maps protocol values correctly', () => {
+    const values = AUTH_PROTOCOL_OPTIONS.map((o) => o._value)
+    expect(values).toContain(AuthProtocol.MD5)
+    expect(values).toContain(AuthProtocol.SHA)
+    expect(values).toContain(AuthProtocol.SHA256)
+    expect(values).toContain(AuthProtocol.SHA512)
+  })
+})
+
+describe('PRIVACY_PROTOCOL_OPTIONS', () => {
+  it('contains exactly as many entries as PrivacyProtocols', () => {
+    expect(PRIVACY_PROTOCOL_OPTIONS).toHaveLength(PrivacyProtocols.length)
+  })
+
+  it('maps protocol values correctly', () => {
+    const values = PRIVACY_PROTOCOL_OPTIONS.map((o) => o._value)
+    expect(values).toContain(PrivacyProtocol.DES)
+    expect(values).toContain(PrivacyProtocol.AES)
+    expect(values).toContain(PrivacyProtocol.AES256)
+  })
+})
+
+describe('validateTrapdXml – XML structure', () => {
+  it('returns invalid for empty string', () => {
+    const result = validateTrapdXml('')
+    expect(result.valid).toBe(false)
+    expect(result.errors[0].field).toBe('xml')
+  })
+
+  it('returns invalid for whitespace-only string', () => {
+    const result = validateTrapdXml('   \n  ')
+    expect(result.valid).toBe(false)
+    expect(result.errors[0].field).toBe('xml')
+  })
+
+  it('returns invalid for malformed XML', () => {
+    const result = validateTrapdXml('<unclosed')
+    expect(result.valid).toBe(false)
+    expect(result.errors[0].field).toBe('xml')
+  })
+
+  it('returns invalid when root element is not trapd-configuration', () => {
+    const result = validateTrapdXml(`<other-root xmlns="${VALID_NS}" />`)
+    expect(result.valid).toBe(false)
+    expect(result.errors[0].field).toBe('root')
+    expect(result.errors[0].message).toMatch(/trapd-configuration/)
+  })
+
+  it('returns invalid for wrong xmlns', () => {
+    const result = validateTrapdXml(buildXml({ xmlns: 'http://wrong.namespace' }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'xmlns')).toBe(true)
+  })
+
+  it('returns invalid when xmlns is omitted', () => {
+    const result = validateTrapdXml(buildXml({ xmlns: null }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'xmlns')).toBe(true)
+  })
+
+  it('returns valid for minimal correct XML', () => {
+    const result = validateTrapdXml(buildXml())
+    expect(result.valid).toBe(true)
+    expect(result.errors).toHaveLength(0)
+  })
+})
+
+describe('validateTrapdXml – snmp-trap-address', () => {
+  it('returns error when snmp-trap-address is missing', () => {
+    const result = validateTrapdXml(buildXml({ address: null }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'snmp-trap-address')).toBe(true)
+  })
+
+  it('accepts wildcard "*"', () => {
+    const result = validateTrapdXml(buildXml({ address: '*' }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('accepts a valid IPv4 address', () => {
+    const result = validateTrapdXml(buildXml({ address: '192.168.1.1' }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('returns error for invalid IPv4 address', () => {
+    const result = validateTrapdXml(buildXml({ address: '999.0.0.1' }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'snmp-trap-address')).toBe(true)
+  })
+
+  it('returns error for hostname (not IPv4)', () => {
+    const result = validateTrapdXml(buildXml({ address: 'localhost' }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'snmp-trap-address')).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – snmp-trap-port', () => {
+  it('returns error when snmp-trap-port is missing', () => {
+    const result = validateTrapdXml(buildXml({ port: null }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'snmp-trap-port')).toBe(true)
+  })
+
+  it('accepts MIN_PORT boundary', () => {
+    const result = validateTrapdXml(buildXml({ port: String(MIN_PORT) }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('accepts MAX_PORT boundary', () => {
+    const result = validateTrapdXml(buildXml({ port: String(MAX_PORT) }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('returns error for port 0 (below MIN_PORT)', () => {
+    const result = validateTrapdXml(buildXml({ port: '0' }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'snmp-trap-port')).toBe(true)
+  })
+
+  it('returns error for port 65536 (above MAX_PORT)', () => {
+    const result = validateTrapdXml(buildXml({ port: '65536' }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'snmp-trap-port')).toBe(true)
+  })
+
+  it('returns error for non-numeric port', () => {
+    const result = validateTrapdXml(buildXml({ port: 'abc' }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'snmp-trap-port')).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – new-suspect-on-trap', () => {
+  it('accepts "true"', () => {
+    const result = validateTrapdXml(buildXml({ suspect: 'true' }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('accepts "false"', () => {
+    const result = validateTrapdXml(buildXml({ suspect: 'false' }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('is optional (absent is valid)', () => {
+    const result = validateTrapdXml(buildXml({ suspect: null }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('returns error for invalid value', () => {
+    const result = validateTrapdXml(buildXml({ suspect: 'yes' }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field === 'new-suspect-on-trap')).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – snmpv3-user: security-name and security-level', () => {
+  it('returns error when security-name is missing', () => {
+    const user = buildUser({ 'security-level': '1' })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('security-name'))).toBe(true)
+  })
+
+  it('returns error when security-level is missing', () => {
+    const user = buildUser({ 'security-name': 'user1' })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('security-level'))).toBe(true)
+  })
+
+  it('returns error for security-level 0 (None)', () => {
+    const user = buildUser({ 'security-name': 'user1', 'security-level': '0' })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('security-level'))).toBe(true)
+  })
+
+  it('returns error for security-level 4 (out of range)', () => {
+    const user = buildUser({ 'security-name': 'user1', 'security-level': '4' })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('security-level'))).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – snmpv3-user: level 1 (NoAuthNoPriv)', () => {
+  it('is valid with only security-name and security-level=1', () => {
+    const user = buildUser({ 'security-name': 'user1', 'security-level': '1' })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('returns error when auth-protocol is present at level 1', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '1',
+      'auth-protocol': 'MD5',
+      'auth-passphrase': 'pass'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('auth-protocol'))).toBe(true)
+  })
+
+  it('returns error when auth-passphrase is present at level 1', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '1',
+      'auth-passphrase': 'pass'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('auth-passphrase'))).toBe(true)
+  })
+
+  it('returns error when privacy-protocol is present at level 1', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '1',
+      'privacy-protocol': 'DES',
+      'privacy-passphrase': 'priv'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('privacy-protocol'))).toBe(true)
+  })
+
+  it('returns error when privacy-passphrase is present at level 1', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '1',
+      'privacy-passphrase': 'priv'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('privacy-passphrase'))).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – snmpv3-user: level 2 (AuthNoPriv)', () => {
+  it('is valid with auth-protocol and auth-passphrase at level 2', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '2',
+      'auth-protocol': 'SHA',
+      'auth-passphrase': 'secret'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('returns error when auth-protocol is missing at level 2', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '2',
+      'auth-passphrase': 'secret'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('auth-protocol'))).toBe(true)
+  })
+
+  it('returns error when auth-passphrase is missing at level 2', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '2',
+      'auth-protocol': 'MD5'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('auth-passphrase'))).toBe(true)
+  })
+
+  it('returns error when privacy-protocol is present at level 2', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '2',
+      'auth-protocol': 'MD5',
+      'auth-passphrase': 'secret',
+      'privacy-protocol': 'DES',
+      'privacy-passphrase': 'priv'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('privacy-protocol'))).toBe(true)
+  })
+
+  it('returns error when privacy-passphrase is present at level 2', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '2',
+      'auth-protocol': 'MD5',
+      'auth-passphrase': 'secret',
+      'privacy-passphrase': 'priv'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('privacy-passphrase'))).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – snmpv3-user: level 3 (AuthPriv)', () => {
+  const validLevel3 = {
+    'security-name': 'user1',
+    'security-level': '3',
+    'auth-protocol': 'SHA',
+    'auth-passphrase': 'authsecret',
+    'privacy-protocol': 'AES',
+    'privacy-passphrase': 'privsecret'
+  }
+
+  it('is valid with all required fields at level 3', () => {
+    const result = validateTrapdXml(buildXml({ users: buildUser(validLevel3) }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('returns error when auth-protocol is missing at level 3', () => {
+    const { 'auth-protocol': omittedAuthProtocol, ...attrs } = validLevel3
+    void omittedAuthProtocol
+    const result = validateTrapdXml(buildXml({ users: buildUser(attrs) }))
+    expect(result.errors.some((e) => e.field.includes('auth-protocol'))).toBe(true)
+  })
+
+  it('returns error when auth-passphrase is missing at level 3', () => {
+    const { 'auth-passphrase': omittedAuthPassphrase, ...attrs } = validLevel3
+    void omittedAuthPassphrase
+    const result = validateTrapdXml(buildXml({ users: buildUser(attrs) }))
+    expect(result.errors.some((e) => e.field.includes('auth-passphrase'))).toBe(true)
+  })
+
+  it('returns error when privacy-protocol is missing at level 3', () => {
+    const { 'privacy-protocol': omittedPrivacyProtocol, ...attrs } = validLevel3
+    void omittedPrivacyProtocol
+    const result = validateTrapdXml(buildXml({ users: buildUser(attrs) }))
+    expect(result.errors.some((e) => e.field.includes('privacy-protocol'))).toBe(true)
+  })
+
+  it('returns error when privacy-passphrase is missing at level 3', () => {
+    const { 'privacy-passphrase': omittedPrivacyPassphrase, ...attrs } = validLevel3
+    void omittedPrivacyPassphrase
+    const result = validateTrapdXml(buildXml({ users: buildUser(attrs) }))
+    expect(result.errors.some((e) => e.field.includes('privacy-passphrase'))).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – auth-protocol dash normalization', () => {
+  it('accepts "SHA-256" (dash form) as valid auth-protocol', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '2',
+      'auth-protocol': 'SHA-256',
+      'auth-passphrase': 'secret'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('auth-protocol'))).toBe(false)
+  })
+
+  it('rejects completely unknown auth-protocol value', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '2',
+      'auth-protocol': 'UNKNOWN',
+      'auth-passphrase': 'secret'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('auth-protocol'))).toBe(true)
+  })
+
+  it('rejects unknown privacy-protocol value', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '3',
+      'auth-protocol': 'MD5',
+      'auth-passphrase': 'secret',
+      'privacy-protocol': 'UNKNOWN',
+      'privacy-passphrase': 'priv'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('privacy-protocol'))).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – privacy-protocol without auth-protocol', () => {
+  it('returns error when privacy-protocol set but auth-protocol absent', () => {
+    const user = buildUser({
+      'security-name': 'user1',
+      'security-level': '3',
+      'privacy-protocol': 'AES',
+      'privacy-passphrase': 'priv',
+      'auth-passphrase': 'secret'
+    })
+    const result = validateTrapdXml(buildXml({ users: user }))
+    expect(result.errors.some((e) => e.field.includes('auth-protocol'))).toBe(true)
+  })
+})
+
+describe('validateTrapdXml – multiple snmpv3-user elements', () => {
+  it('is valid with multiple well-formed users', () => {
+    const user1 = buildUser({ 'security-name': 'userA', 'security-level': '1' })
+    const user2 = buildUser({
+      'security-name': 'userB',
+      'security-level': '2',
+      'auth-protocol': 'MD5',
+      'auth-passphrase': 'pass'
+    })
+    const result = validateTrapdXml(buildXml({ users: user1 + user2 }))
+    expect(result.valid).toBe(true)
+  })
+
+  it('accumulates errors across multiple invalid users', () => {
+    // user[1]: missing security-name; user[2]: invalid security-level
+    const user1 = buildUser({ 'security-level': '1' })
+    const user2 = buildUser({ 'security-name': 'userB', 'security-level': '99' })
+    const result = validateTrapdXml(buildXml({ users: user1 + user2 }))
+    expect(result.valid).toBe(false)
+    expect(result.errors.some((e) => e.field.includes('snmpv3-user[1]'))).toBe(true)
+    expect(result.errors.some((e) => e.field.includes('snmpv3-user[2]'))).toBe(true)
+  })
+})

From 6193e7a863d6a37011662798d92f94b41ccd8ffa Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Sun, 29 Mar 2026 19:39:46 +0500
Subject: [PATCH 25/41] user updates changes

---
 .../netmgt/dao/api/TrapdConfigDao.java        |   2 -
 .../dao/jaxb/DefaultTrapdConfigDao.java       | 108 ---
 .../opennms/web/rest/v2/TrapdRestService.java | 133 +---
 .../opennms/web/rest/v2/api/TrapdRestApi.java |  49 --
 .../web/rest/v2/TrapdRestServiceIT.java       | 691 +-----------------
 5 files changed, 26 insertions(+), 957 deletions(-)

diff --git a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
index dcd1fcd65aeb..44bd5d4c1d8a 100644
--- a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
+++ b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
@@ -25,7 +25,5 @@
 
 public interface TrapdConfigDao {
     TrapdConfiguration getConfig();
-    TrapdConfiguration getMaskedConfig();
     void updateConfig(TrapdConfiguration config);
-    void updateConfigWithoutUsers(TrapdConfiguration config);
 }
diff --git a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
index fb692ebf6ff8..d254f05af6fb 100644
--- a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
+++ b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
@@ -56,11 +56,6 @@ public TrapdConfiguration getConfig() {
         return this.getConfig(this.getDefaultConfigId());
     }
 
-    @Override
-    public TrapdConfiguration getMaskedConfig() {
-        return this.maskPassphrases(this.getConfig(this.getDefaultConfigId()));
-    }
-
     @Override
     public void updateConfig(final TrapdConfiguration config) {
         this.updateConfig(this.getDefaultConfigId(), ConfigConvertUtil.objectToJson(config), true);
@@ -75,107 +70,4 @@ public Consumer<ConfigUpdateInfo> getUpdateCallback(){
     public Consumer getValidationCallback() {
         return super.getValidationCallback();
     }
-
-    @Override
-    public void updateConfigWithoutUsers(TrapdConfiguration config) {
-        this.updateConfig(mergeTrapdConfiguration(config));
-    }
-    
-    /**
-     * Merges the given payload into the current TrapdConfiguration.
-     * Only non-null fields in the payload will overwrite the current config.
-     * If payload is null, returns the current config as-is.
-     *
-     * @param payload the TrapdConfiguration with new values
-     * @return the merged TrapdConfiguration
-     */
-    private TrapdConfiguration mergeTrapdConfiguration(final TrapdConfiguration payload) {
-        TrapdConfiguration config = this.getConfig();
-        if (config == null) {
-            config = new TrapdConfiguration();
-        }
-        if (payload == null) {
-            return config;
-        }
-
-        // Merge String fields (null-safe, value-safe)
-        if (payload.getSnmpTrapAddress() != null && !java.util.Objects.equals(payload.getSnmpTrapAddress(), config.getSnmpTrapAddress())) {
-            config.setSnmpTrapAddress(payload.getSnmpTrapAddress());
-        }
-
-        // Merge int fields (always set, unless you want to skip 0)
-        if (payload.getSnmpTrapPort() != config.getSnmpTrapPort()) {
-            config.setSnmpTrapPort(payload.getSnmpTrapPort());
-        }
-        if (payload.getThreads() != config.getThreads()) {
-            config.setThreads(payload.getThreads());
-        }
-        if (payload.getQueueSize() != config.getQueueSize()) {
-            config.setQueueSize(payload.getQueueSize());
-        }
-        if (payload.getBatchSize() != config.getBatchSize()) {
-            config.setBatchSize(payload.getBatchSize());
-        }
-        if (payload.getBatchInterval() != config.getBatchInterval()) {
-            config.setBatchInterval(payload.getBatchInterval());
-        }
-
-        // Merge boolean fields (always set)
-        config.setNewSuspectOnTrap(payload.getNewSuspectOnTrap());
-        config.setIncludeRawMessage(payload.isIncludeRawMessage());
-
-        // Merge useAddressFromVarbind (nullable Boolean)
-        try {
-            java.lang.reflect.Field field = payload.getClass().getDeclaredField("useAddressFromVarbind");
-            field.setAccessible(true);
-            Boolean useAddressFromVarbind = (Boolean) field.get(payload);
-            if (useAddressFromVarbind != null) {
-                config.setUseAddressFromVarbind(useAddressFromVarbind);
-            }
-        } catch (Exception e) {
-            // ignore, do not set if not accessible
-        }
-
-        // Merge snmpv3User list if present and not empty
-        java.util.List<Snmpv3User> snmpv3UserList = payload.getSnmpv3UserCollection();
-        if (snmpv3UserList != null && !snmpv3UserList.isEmpty()) {
-            config.setSnmpv3User(snmpv3UserList);
-        }
-
-        return config;
-    }
-
-    /**
-     * Returns a deep copy of the given {@link TrapdConfiguration} with
-     * {@code authPassphrase} and {@code privacyPassphrase} replaced by
-     * {@link #PASSPHRASE_PLACEHOLDER} so that real credentials are never
-     * exposed over the REST API.
-     *
-     * @param config the TrapdConfiguration to sanitize
-     * @return a sanitized deep copy with passphrases masked, or null if input is null
-     */
-    private TrapdConfiguration maskPassphrases(final TrapdConfiguration config) {
-        if (config == null) {
-            return null;
-        }
-        TrapdConfiguration sanitized;
-        try {
-            sanitized = JaxbUtils.unmarshal(
-                    TrapdConfiguration.class, JaxbUtils.marshal(config));
-        } catch (Exception e) {
-            // Optionally log the error
-            throw new RuntimeException("Failed to deep copy TrapdConfiguration for masking", e);
-        }
-        if (sanitized.getSnmpv3UserCollection() != null) {
-            for (final Snmpv3User user : sanitized.getSnmpv3UserCollection()) {
-                if (!StringUtils.isBlank(user.getAuthPassphrase())) {
-                    user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
-                }
-                if (!StringUtils.isBlank(user.getPrivacyPassphrase())) {
-                    user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
-                }
-            }
-        }
-        return sanitized;
-    }
 }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index d5449a132814..1e2dca4c3958 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -84,7 +84,7 @@ public Response uploadTrapdConfiguration(final Attachment attachment, final Secu
     @Override
     public Response getTrapdConfiguration(final SecurityContext securityContext) {
         try {
-            TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
+            TrapdConfiguration config = trapdConfigDao.getConfig();
             if (config == null) {
                 return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
             }
@@ -113,7 +113,7 @@ public Response updateTrapdConfiguration(TrapdConfigDto configDto, SecurityConte
         }
 
         try {
-            trapdConfigDao.updateConfigWithoutUsers(payload);
+            trapdConfigDao.updateConfig(payload);
             return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
@@ -124,120 +124,6 @@ public Response updateTrapdConfiguration(TrapdConfigDto configDto, SecurityConte
         }
     }
 
-    @Override
-    public Response saveTrapdUser(Snmpv3UserDto user, SecurityContext securityContext) {
-        if (user == null) {
-            return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
-        }
-
-        try {
-            TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
-            if (config == null) {
-                return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
-            }
-
-            if (findUserIndexBySecurityName(config, user.getSecurityName()) >= 0) {
-                return Response.status(Status.CONFLICT)
-                        .entity("SNMPv3 user with securityName '" + user.getSecurityName() + "' already exists.")
-                        .build();
-            }
-
-            final String validationMessage = validateSnmpv3UserPayload(user);
-            if (validationMessage != null) {
-                return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
-            }
-
-            // Ensure required attributes are present when persisting a newly-created config.
-            if (!config.hasSnmpTrapPort()) {
-                config.setSnmpTrapPort(162);
-            }
-            if (!config.hasNewSuspectOnTrap()) {
-                config.setNewSuspectOnTrap(false);
-            }
-
-            config.addSnmpv3User(user.toEntity());
-            trapdConfigDao.updateConfig(config);
-            return Response.ok().build();
-        } catch (ValidationException e) {
-            LOG.warn("Provided SNMPv3 user failed schema validation.", e);
-            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
-        } catch (Exception e) {
-            LOG.error("Failed to persist provided SNMPv3 user.", e);
-            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to persist trapd user.").build();
-        }
-    }
-
-    @Override
-    public Response updateTrapdUser(String securityName, Snmpv3UserDto user, SecurityContext securityContext) {
-        if (StringUtils.isBlank(securityName)) {
-            return Response.status(Status.BAD_REQUEST).entity("Valid security name is required.").build();
-        }
-
-        if (user == null) {
-            return Response.status(Status.BAD_REQUEST).entity("Missing SNMPv3 user in request body.").build();
-        }
-
-        try {
-            final TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
-            if (config == null) {
-                return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
-            }
-
-            final int index = findUserIndexBySecurityName(config, securityName);
-            if (index < 0) {
-                return Response.status(Status.NOT_FOUND)
-                        .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
-                        .build();
-            }
-
-            final String validationMessage = validateSnmpv3UserPayload(user);
-            if (validationMessage != null) {
-                return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
-            }
-
-            config.setSnmpv3User(index, user.toEntity());
-            trapdConfigDao.updateConfig(config);
-            return Response.ok().build();
-        } catch (ValidationException e) {
-            LOG.warn("Updating SNMPv3 user failed schema validation.", e);
-            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
-        } catch (Exception e) {
-            LOG.error("Failed to update SNMPv3 user for securityName {}.", securityName, e);
-            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to update trapd user.").build();
-        }
-    }
-
-    @Override
-    public Response deleteTrapdUser(String securityName, SecurityContext securityContext) {
-        if (StringUtils.isBlank(securityName)) {
-            return Response.status(Status.BAD_REQUEST).entity("Valid security name is required.").build();
-        }
-
-        try {
-            final TrapdConfiguration config = trapdConfigDao.getMaskedConfig();
-            if (config == null) {
-                return Response.status(Status.NOT_FOUND).entity("Trapd configuration not found.").build();
-            }
-
-            final int index = findUserIndexBySecurityName(config, securityName);
-            if (index < 0) {
-                return Response.status(Status.NOT_FOUND)
-                        .entity("SNMPv3 user with securityName '" + securityName + "' was not found.")
-                        .build();
-            }
-
-            config.removeSnmpv3UserAt(index);
-            trapdConfigDao.updateConfig(config);
-            return Response.noContent().build();
-        } catch (ValidationException e) {
-            LOG.warn("Removing SNMPv3 user failed schema validation.", e);
-            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
-        } catch (Exception e) {
-            LOG.error("Failed to delete SNMPv3 user for securityName {}.", securityName, e);
-            return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to delete trapd user.").build();
-        }
-    }
-
     private String validateTrapdConfigDtoFields(TrapdConfigDto configDto) {
         if (StringUtils.isBlank(configDto.getSnmpTrapAddress())) {
             return "snmpTrapAddress is required.";
@@ -257,17 +143,16 @@ private String validateTrapdConfigDtoFields(TrapdConfigDto configDto) {
         if (configDto.getBatchInterval() != null && configDto.getBatchInterval() < 0) {
             return "batchInterval must be non-negative.";
         }
-        return null;
-    }
 
-    private int findUserIndexBySecurityName(final TrapdConfiguration config, final String securityName) {
-        for (int i = 0; i < config.getSnmpv3UserCount(); i++) {
-            final Snmpv3User existing = config.getSnmpv3User(i);
-            if (StringUtils.equals(existing.getSecurityName(), securityName)) {
-                return i;
+        if (configDto.getSnmpv3User() != null) {
+            for (Snmpv3UserDto user : configDto.getSnmpv3User()) {
+                String userValidation = validateSnmpv3UserPayload(user);
+                if (userValidation != null) {
+                    return "Invalid SNMPv3 user: " + user.getSecurityName() + ". " + userValidation;
+                }
             }
         }
-        return -1;
+        return null;
     }
 
     private String validateTrapdConfigurationPayload(final TrapdConfiguration config) {
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index f18ca74b84d9..6c40d277b571 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -94,54 +94,5 @@ public interface TrapdRestApi {
             @ApiResponse(responseCode = "500", description = "Failed to update trapd configuration")
     })
     Response updateTrapdConfiguration(TrapdConfigDto payload, @Context SecurityContext securityContext);
-
-    @POST
-    @Path("user")
-    @Consumes(MediaType.APPLICATION_JSON)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Operation(
-            summary = "Save SNMPv3 user",
-            description = "Save SNMPv3 user configuration with provided JSON payload.",
-            operationId = "saveTrapdUser"
-    )
-    @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "User saved successfully"),
-            @ApiResponse(responseCode = "400", description = "Invalid user payload"),
-            @ApiResponse(responseCode = "409", description = "SNMPv3 user with provided securityName already exists"),
-            @ApiResponse(responseCode = "500", description = "Failed to save user")
-    })
-    Response saveTrapdUser(Snmpv3UserDto user, @Context SecurityContext securityContext);
-
-    @PUT
-    @Path("user/{securityName}")
-    @Consumes(MediaType.APPLICATION_JSON)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Operation(
-            summary = "Update SNMPv3 user",
-            description = "Update SNMPv3 user configuration for the provided securityName.",
-            operationId = "updateTrapdUser"
-    )
-    @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "User updated successfully"),
-            @ApiResponse(responseCode = "400", description = "Invalid user payload"),
-            @ApiResponse(responseCode = "404", description = "SNMPv3 user with provided securityName was not found"),
-            @ApiResponse(responseCode = "500", description = "Failed to update user")
-    })
-    Response updateTrapdUser(@PathParam("securityName") String securityName, Snmpv3UserDto user, @Context SecurityContext securityContext);
-
-    @DELETE
-    @Path("user/{securityName}")
-    @Operation(
-            summary = "Delete SNMPv3 user",
-            description = "Delete SNMPv3 user configuration with provided securityName.",
-            operationId = "deleteTrapdUser"
-    )
-    @ApiResponses(value = {
-            @ApiResponse(responseCode = "204", description = "User deleted successfully"),
-            @ApiResponse(responseCode = "400", description = "Invalid securityName"),
-            @ApiResponse(responseCode = "404", description = "SNMPv3 user with provided securityName was not found"),
-            @ApiResponse(responseCode = "500", description = "Failed to delete user")
-    })
-    Response deleteTrapdUser(@PathParam("securityName") String securityName, @Context SecurityContext securityContext);
 }
 
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 389edc71b86d..70f0068d3b6d 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -172,7 +172,7 @@ public void getShouldReturnOkWithConfigWhenExists() {
         config.setSnmpTrapPort(162);
         config.setSnmpTrapAddress("127.0.0.1");
         config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -185,7 +185,7 @@ public void getShouldReturnOkWithConfigWhenExists() {
 
     @Test
     public void getShouldReturnNotFoundWhenNoConfigurationExists() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
+        when(trapdConfigDao.getConfig()).thenReturn(null);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
@@ -195,7 +195,7 @@ public void getShouldReturnNotFoundWhenNoConfigurationExists() {
 
     @Test
     public void getShouldReturnServerErrorWhenExceptionThrown() {
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).getMaskedConfig();
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).getConfig();
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
@@ -216,7 +216,7 @@ public void getShouldMaskBothPassphrasesWithPlaceholder() {
         user.setPrivacyProtocol("AES");
         user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -236,7 +236,7 @@ public void getShouldMaskAuthPassphraseWhenPrivacyPassphraseIsAbsent() {
         user.setAuthProtocol("MD5");
         user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -255,7 +255,7 @@ public void getShouldNotSetPlaceholderWhenPassphrasesAreNull() {
         user.setSecurityLevel(1);
         // no auth or privacy passphrase set
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -286,7 +286,7 @@ public void getShouldMaskPassphrasesForEveryUser() {
         userB.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(userB);
 
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -310,13 +310,13 @@ public void getShouldNotMutateStoredConfigWhenMaskingPassphrases() {
         user.setPrivacyProtocol("AES");
         user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
         }
 
-        // The config returned by getMaskedConfig should not have been mutated by the service
+        // The config returned by getConfig should not have been mutated by the service
         assertEquals(PASSPHRASE_PLACEHOLDER, config.getSnmpv3User(0).getAuthPassphrase());
         assertEquals(PASSPHRASE_PLACEHOLDER, config.getSnmpv3User(0).getPrivacyPassphrase());
     }
@@ -333,7 +333,7 @@ public void getShouldReturnConfigWithOtherFieldsIntactAfterMasking() {
         user.setPrivacyProtocol("AES");
         user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
 
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@@ -359,663 +359,6 @@ private static TrapdConfiguration buildMinimalConfig() {
         return config;
     }
 
-    @Test
-    public void saveUserShouldReturnBadRequestWhenPayloadMissing() {
-        try (Response response = trapdRestService.saveTrapdUser(null, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Missing SNMPv3 user in request body.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldPersistUserAndReturnOk() {
-        TrapdConfiguration existing = new TrapdConfiguration();
-        existing.setSnmpTrapPort(1162);
-        existing.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(existing);
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setEngineId("8000000001020304");
-        userDto.setSecurityName("opennms-user");
-        userDto.setSecurityLevel(3);
-        userDto.setAuthProtocol("SHA");
-        userDto.setAuthPassphrase("auth-pass");
-        userDto.setPrivacyProtocol("AES");
-        userDto.setPrivacyPassphrase("priv-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertNull(response.getEntity());
-        }
-
-        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
-        TrapdConfiguration persisted = captor.getValue();
-        assertEquals(1, persisted.getSnmpv3UserCount());
-        assertEquals("opennms-user", persisted.getSnmpv3User(0).getSecurityName());
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenSecurityNameMissing() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityLevel(1);
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityName is required.", response.getEntity());
-        }
-
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenSecurityLevelMissing() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("opennms-user");
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel is required.", response.getEntity());
-        }
-
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenSecurityLevelThreeMissingPrivacy() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("opennms-user");
-        userDto.setSecurityLevel(3);
-        userDto.setAuthProtocol("SHA");
-        userDto.setAuthPassphrase("auth-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel 3 requires both auth and privacy credentials.", response.getEntity());
-        }
-
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldReturnBadRequestWhenValidationFails() {
-        TrapdConfiguration existing = new TrapdConfiguration();
-        existing.setSnmpTrapPort(1162);
-        existing.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(existing);
-        whenValidationFailsOnUpdate("user validation failed");
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("opennms-user");
-        userDto.setSecurityLevel(1);
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("user validation failed", response.getEntity());
-        }
-    }
-
-    @Test
-    public void saveUserShouldReturnServerErrorWhenPersistenceThrows() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("opennms-user");
-        userDto.setSecurityLevel(1);
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
-            assertEquals("Failed to persist trapd user.", response.getEntity());
-        }
-    }
-
-    @Test
-    public void saveUserShouldReturnNotFoundWhenNoConfigExists() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("opennms-user");
-        userDto.setSecurityLevel(1);
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
-            assertEquals("Trapd configuration not found.", response.getEntity());
-        }
-
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldReturnConflictWhenSecurityNameAlreadyExists() {
-        TrapdConfiguration existing = new TrapdConfiguration();
-        existing.setSnmpTrapPort(1162);
-        existing.setNewSuspectOnTrap(false);
-        Snmpv3User existingUser = new Snmpv3User();
-        existingUser.setSecurityName("duplicate-user");
-        existing.addSnmpv3User(existingUser);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(existing);
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("duplicate-user");
-        userDto.setSecurityLevel(1);
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
-            assertEquals("SNMPv3 user with securityName 'duplicate-user' already exists.", response.getEntity());
-        }
-
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    // --- validateSnmpv3UserPayload rule tests ---
-
-    @Test
-    public void saveUserShouldRejectWhenSecurityLevelOutOfRange() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("opennms-user");
-        userDto.setSecurityLevel(5);
-
-        try (Response response = trapdRestService.saveTrapdUser(userDto, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel must be between 1 and 3.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenAuthProtocolIsInvalid() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(2);
-        user.setAuthProtocol("MD2");
-        user.setAuthPassphrase("auth-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Unsupported authProtocol.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenPrivacyProtocolIsInvalid() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
-        user.setPrivacyProtocol("3DES");
-        user.setPrivacyPassphrase("priv-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Unsupported privacyProtocol.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenAuthProtocolProvidedWithoutPassphrase() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(2);
-        user.setAuthProtocol("SHA");
-        // no authPassphrase
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("authProtocol and authPassphrase must be provided together.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenPrivacyProtocolProvidedWithoutPassphrase() {
-        // Provide a valid TrapdConfiguration with required fields
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
-        // no privacyProtocol
-        user.setPrivacyPassphrase("priv-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("privacyProtocol and privacyPassphrase must be provided together.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenAuthPassphraseProvidedWithoutProtocol() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(2);
-        // no authProtocol
-        user.setAuthPassphrase("auth-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("authProtocol and authPassphrase must be provided together.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenPrivacyPassphraseProvidedWithoutProtocol() {
-        // Provide a valid TrapdConfiguration with required fields
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
-        // no privacyProtocol
-        user.setPrivacyPassphrase("priv-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("privacyProtocol and privacyPassphrase must be provided together.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenSecurityLevelOneHasAuthCredentials() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(1);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel 1 does not allow auth or privacy credentials.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenSecurityLevelTwoMissingAuthCredentials() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(2);
-        // no auth protocol/passphrase
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel 2 requires auth credentials and does not allow privacy credentials.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void saveUserShouldRejectWhenSecurityLevelTwoHasPrivacyCredentials() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(new TrapdConfiguration());
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-        user.setSecurityLevel(2);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
-        user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase("priv-pass");
-
-        try (Response response = trapdRestService.saveTrapdUser(user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel 2 requires auth credentials and does not allow privacy credentials.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void deleteUserShouldReturnBadRequestWhenSecurityNameNull() {
-        try (Response response = trapdRestService.deleteTrapdUser(null, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid security name is required.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void deleteUserShouldReturnBadRequestWhenSecurityNameBlank() {
-        try (Response response = trapdRestService.deleteTrapdUser("   ", null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid security name is required.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void deleteUserShouldReturnNotFoundWhenNoConfig() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
-
-        try (Response response = trapdRestService.deleteTrapdUser("missing-user", null)) {
-            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
-            assertEquals("Trapd configuration not found.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void deleteUserShouldReturnNotFoundWhenSecurityNameMissing() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        try (Response response = trapdRestService.deleteTrapdUser("missing-user", null)) {
-            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
-            assertEquals("SNMPv3 user with securityName 'missing-user' was not found.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void deleteUserShouldRemoveUserAndReturnNoContent() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("user-to-delete");
-        user.setSecurityLevel(1);
-        config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        try (Response response = trapdRestService.deleteTrapdUser("user-to-delete", null)) {
-            assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
-            assertNull(response.getEntity());
-        }
-
-        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
-        assertEquals(0, captor.getValue().getSnmpv3UserCount());
-    }
-
-    @Test
-    public void deleteUserShouldRemoveOnlyMatchingSecurityName() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User keep = new Snmpv3User();
-        keep.setSecurityName("keep-user");
-        Snmpv3User remove = new Snmpv3User();
-        remove.setSecurityName("remove-user");
-        config.addSnmpv3User(keep);
-        config.addSnmpv3User(remove);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        try (Response response = trapdRestService.deleteTrapdUser("remove-user", null)) {
-            assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
-        }
-
-        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
-        assertEquals(1, captor.getValue().getSnmpv3UserCount());
-        assertEquals("keep-user", captor.getValue().getSnmpv3User(0).getSecurityName());
-    }
-
-    @Test
-    public void deleteUserShouldReturnBadRequestWhenValidationFails() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("test-user");
-        config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-        whenValidationFailsOnUpdate("delete validation error");
-
-        try (Response response = trapdRestService.deleteTrapdUser("test-user", null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("delete validation error", response.getEntity());
-        }
-    }
-
-    @Test
-    public void deleteUserShouldReturnServerErrorWhenPersistenceThrows() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("test-user");
-        config.addSnmpv3User(user);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-
-        try (Response response = trapdRestService.deleteTrapdUser("test-user", null)) {
-            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
-            assertEquals("Failed to delete trapd user.", response.getEntity());
-        }
-    }
-
-    @Test
-    public void updateUserShouldReturnBadRequestWhenSecurityNameNull() {
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-
-        try (Response response = trapdRestService.updateTrapdUser(null, user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid security name is required.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReturnBadRequestWhenSecurityNameBlank() {
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-
-        try (Response response = trapdRestService.updateTrapdUser("", user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Valid security name is required.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReturnBadRequestWhenPathAndPayloadSecurityNameMismatch() {
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("payload-user");
-        user.setSecurityLevel(1);
-
-        // The service checks for Trapd configuration first, so if not found, it returns 404
-        try (Response response = trapdRestService.updateTrapdUser("path-user", user, null)) {
-            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
-            assertEquals("Trapd configuration not found.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReturnBadRequestWhenPayloadNull() {
-        try (Response response = trapdRestService.updateTrapdUser("existing-user", null, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Missing SNMPv3 user in request body.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReturnNotFoundWhenNoConfig() {
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(null);
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("opennms-user");
-
-        try (Response response = trapdRestService.updateTrapdUser("opennms-user", user, null)) {
-            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
-            assertEquals("Trapd configuration not found.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReturnNotFoundWhenSecurityNameMissing() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("missing-user");
-
-        try (Response response = trapdRestService.updateTrapdUser("missing-user", user, null)) {
-            assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
-            assertEquals("SNMPv3 user with securityName 'missing-user' was not found.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReturnBadRequestWhenSecurityLevelMissing() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User existing = new Snmpv3User();
-        existing.setSecurityName("existing-user");
-        config.addSnmpv3User(existing);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("existing-user");
-
-        try (Response response = trapdRestService.updateTrapdUser("existing-user", user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel is required.", response.getEntity());
-        }
-
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReturnBadRequestWhenPayloadValidationFails() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User existing = new Snmpv3User();
-        existing.setSecurityName("existing-user");
-        config.addSnmpv3User(existing);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        // securityLevel 3 requires privacy — missing privacy intentionally
-        Snmpv3UserDto user = new Snmpv3UserDto();
-        user.setSecurityName("existing-user");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase("auth-pass");
-
-        try (Response response = trapdRestService.updateTrapdUser("existing-user", user, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("securityLevel 3 requires both auth and privacy credentials.", response.getEntity());
-        }
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-    }
-
-    @Test
-    public void updateUserShouldReplaceUserBySecurityNameAndReturnOk() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User existing = new Snmpv3User();
-        existing.setSecurityName("old-user");
-        existing.setSecurityLevel(1);
-        config.addSnmpv3User(existing);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-
-        Snmpv3UserDto updatedDto = new Snmpv3UserDto();
-        updatedDto.setSecurityName("old-user");
-        updatedDto.setSecurityLevel(3);
-        updatedDto.setAuthProtocol("SHA");
-        updatedDto.setAuthPassphrase("auth-pass");
-        updatedDto.setPrivacyProtocol("AES");
-        updatedDto.setPrivacyPassphrase("priv-pass");
-
-        try (Response response = trapdRestService.updateTrapdUser("old-user", updatedDto, null)) {
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            assertNull(response.getEntity());
-        }
-
-        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
-        assertEquals(1, captor.getValue().getSnmpv3UserCount());
-        assertEquals("old-user", captor.getValue().getSnmpv3User(0).getSecurityName());
-    }
-
-    @Test
-    public void updateUserShouldReturnBadRequestWhenSchemaValidationFails() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User existing = new Snmpv3User();
-        existing.setSecurityName("existing-user");
-        config.addSnmpv3User(existing);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-        whenValidationFailsOnUpdate("schema update error");
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("existing-user");
-        userDto.setSecurityLevel(1);
-
-        try (Response response = trapdRestService.updateTrapdUser("existing-user", userDto, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("schema update error", response.getEntity());
-        }
-    }
-
-    @Test
-    public void updateUserShouldReturnServerErrorWhenPersistenceThrows() {
-        TrapdConfiguration config = new TrapdConfiguration();
-        config.setSnmpTrapPort(162);
-        config.setNewSuspectOnTrap(false);
-        Snmpv3User existing = new Snmpv3User();
-        existing.setSecurityName("existing-user");
-        config.addSnmpv3User(existing);
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
-
-        Snmpv3UserDto userDto = new Snmpv3UserDto();
-        userDto.setSecurityName("existing-user");
-        userDto.setSecurityLevel(1);
-
-        try (Response response = trapdRestService.updateTrapdUser("existing-user", userDto, null)) {
-            assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
-            assertEquals("Failed to update trapd user.", response.getEntity());
-        }
-    }
-
     @Test
     public void updateShouldReturnBadRequestWhenPayloadMissing() {
         try (Response response = trapdRestService.updateTrapdConfiguration(null, null)) {
@@ -1035,7 +378,7 @@ public void updateShouldReturnBadRequestWhenSnmpTrapPortMissing() {
             assertEquals("snmpTrapPort is required and must be between 1 and 65535.", response.getEntity());
         }
 
-        verify(trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -1049,7 +392,7 @@ public void updateShouldReturnBadRequestWhenNewSuspectOnTrapMissing() {
             assertEquals("newSuspectOnTrap is required.", response.getEntity());
         }
 
-        verify(trapdConfigDao, never()).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -1068,7 +411,7 @@ public void updateShouldMergePayloadAndPersist() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfigWithoutUsers(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         TrapdConfiguration persisted = captor.getValue();
         assertEquals(10164, persisted.getSnmpTrapPort());
         assertEquals(4, persisted.getThreads());
@@ -1089,14 +432,14 @@ public void updateShouldPersistUseAddressFromVarbindWhenProvided() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfigWithoutUsers(captor.capture());
+        verify(trapdConfigDao).updateConfig(captor.capture());
         assertTrue(captor.getValue().shouldUseAddressFromVarbind());
     }
 
     @Test
     public void updateShouldReturnBadRequestWhenValidationFails() {
         org.mockito.Mockito.doThrow(new ValidationException("validation failed"))
-                .when(trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+                .when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
@@ -1112,7 +455,7 @@ public void updateShouldReturnBadRequestWhenValidationFails() {
     @Test
     public void updateShouldReturnServerErrorWhenPersistenceThrows() {
         org.mockito.Mockito.doThrow(new RuntimeException("db down"))
-                .when(trapdConfigDao).updateConfigWithoutUsers(org.mockito.Mockito.any(TrapdConfiguration.class));
+                .when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
@@ -1256,7 +599,7 @@ public void getShouldHandleLargeNumberOfSnmpv3Users() {
             user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
             config.addSnmpv3User(user);
         }
-        when(trapdConfigDao.getMaskedConfig()).thenReturn(config);
+        when(trapdConfigDao.getConfig()).thenReturn(config);
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();

From e583a11363ef6eddb117d7529bf75174aff22170 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Sun, 29 Mar 2026 21:29:37 +0500
Subject: [PATCH 26/41] scv changes and test coverage

---
 ui/src/components/SCV/ScvSearchDrawer.vue     | 169 ++++++++++++++++++
 .../TrapConfiguration/CreateSnmpV3User.vue    | 100 +++++++----
 .../Dialog/DeleteUserConfirmationDialog.vue   |   9 +-
 .../GeneralConfiguration.vue                  |   9 +-
 .../SnmpV3UserManagement.vue                  |  32 ++--
 ui/src/services/trapdConfigurationService.ts  |  49 +----
 ui/src/stores/trapConfigStore.ts              |  11 +-
 ui/src/types/trapConfig.d.ts                  |  17 +-
 .../CreateSnmpV3User.test.ts                  |  81 ++++++---
 .../GeneralConfiguration.test.ts              |  28 ++-
 .../SnmpV3UserManagement.test.ts              |  89 ++++++---
 ui/tests/stores/trapConfigStore.test.ts       | 126 +++++++++++++
 12 files changed, 557 insertions(+), 163 deletions(-)
 create mode 100644 ui/src/components/SCV/ScvSearchDrawer.vue
 create mode 100644 ui/tests/stores/trapConfigStore.test.ts

diff --git a/ui/src/components/SCV/ScvSearchDrawer.vue b/ui/src/components/SCV/ScvSearchDrawer.vue
new file mode 100644
index 000000000000..66638dde7c53
--- /dev/null
+++ b/ui/src/components/SCV/ScvSearchDrawer.vue
@@ -0,0 +1,169 @@
+<template>
+  <FeatherDrawer
+    data-test="scv-drawer"
+    @hidden="emit('hidden')"
+    v-model="drawerOpen"
+    :labels="{ close: 'close', title: 'Use an Existing Credential' }"
+    width="40em"
+  >
+    <div class="drawer-content">
+      <h3>Use an existing credential</h3>
+      <div class="large-spacer"></div>
+      <h4>Find existing credentials, searching by alias or key.</h4>
+      <div class="large-spacer"></div>
+
+      <FeatherInput
+        :modelValue="searchValue"
+        @update:modelValue="val => onSearch(val as string)"
+        label="Search for credentials"
+      >
+        <template v-slot:post>
+          <FeatherIcon :icon="SearchIcon" />
+        </template>
+      </FeatherInput>
+
+      <div class="large-spacer"></div>
+
+      <div class="results-table-container">
+        <table
+          class="data-table"
+          aria-label="SCV Search Results Table"
+        >
+          <thead>
+            <th>Alias</th>
+            <th>Key</th>
+          </thead>
+          <tbody v-if="filteredResults.length > 0">
+            <tr
+              v-for="(item, index) of filteredResults"
+              :key="`${item.alias}-${item.key}-${index}`"
+              style="cursor: pointer;"
+            >
+              <td>
+                {{ item.type === 'alias' ? item.alias : '' }}
+              </td>
+              <td v-if="item.type === 'key' && item.key">
+                <a @click.prevent="onItemSelected(item)">{{ item.type === 'key' ? item.key : '' }}</a>
+              </td>
+              <td v-else></td>
+            </tr>
+          </tbody>
+          <tbody v-else>
+            <tr>
+              <td
+                colspan="2"
+                style="text-align: center; font-style: italic;"
+              >
+                No results found.
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+      <div class="large-spacer"></div>
+      <div class="scv-drawer-button-container">
+        <FeatherButton
+          secondary
+          :disabled="credentialsLoading"
+          data-test="scv-drawer-cancel-button"
+          @click="drawerOpen = false"
+          >Cancel</FeatherButton
+        >
+      </div>
+    </div>
+  </FeatherDrawer>
+</template>
+
+<script setup lang="ts">
+import { FeatherButton } from '@featherds/button'
+import { FeatherDrawer } from '@featherds/drawer'
+import { FeatherIcon } from '@featherds/icon'
+import { FeatherInput } from '@featherds/input'
+import SearchIcon from '@featherds/icon/action/Search'
+import { debounce } from 'lodash'
+import { useScvStore } from '@/stores/scvStore'
+import { ScvSearchItem } from '@/types/scv'
+
+const props = defineProps<{
+  isOpen: boolean
+}>()
+
+const emit = defineEmits<{
+  (e: 'hidden'): void
+  (e: 'item-selected', item: ScvSearchItem): void
+}>()
+
+const DEBOUNCE_DELAY = 300
+const scvStore = useScvStore()
+const drawerOpen = ref(props.isOpen)
+const credentialsLoading = ref(false)
+const filteredResults = ref<ScvSearchItem[]>([])
+const searchValue = ref<string>('')
+
+const onSearch = debounce((query: string) => {
+  credentialsLoading.value = true
+  searchValue.value = query
+  filteredResults.value = scvStore.queryCredentials(query)
+  credentialsLoading.value = false
+}, DEBOUNCE_DELAY)
+
+const onItemSelected = (item: ScvSearchItem) => {
+  emit('item-selected', item)
+}
+
+watch(() => props.isOpen, (newVal) => {
+  drawerOpen.value = newVal
+})
+</script>
+
+<style lang="scss" scoped>
+@use "@featherds/table/scss/table" as table;
+@use "@featherds/styles/mixins/typography";
+@use "@featherds/styles/themes/variables";
+
+.drawer-content {
+  height: 100%;
+  margin-top: 1em;
+  padding: 1em 1.5em 1em 1.5em;
+  overflow-y: auto;
+
+  .large-spacer {
+    min-height: 1em;
+  }
+
+  .results-table-container {
+    max-height: 30em;
+    overflow-y: auto;
+
+    table.data-table {
+      width: 100%;
+      @include table.table;
+      @include table.table-condensed;
+      border: 1px solid var(variables.$border-on-surface);
+
+      >thead {
+        background-color: var(variables.$border-on-surface);
+        padding: 1em;
+        text-transform: uppercase;
+
+        th {
+          padding: 0.5em 1em 0.5em 1em;
+          text-align: left;
+        }
+      }
+
+      td {
+        white-space: nowrap;
+        box-shadow: none;
+        border-bottom: 1px solid var(variables.$border-on-surface);
+      }
+    }
+  }
+
+  .scv-drawer-button-container {
+    display: flex;
+    justify-content: flex-end;
+  }
+}
+</style>
+
diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
index d60d6e4ed329..34f56ec54d86 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
@@ -75,7 +75,7 @@
           />
           <ScvInputIcon
             data-test="auth-passphrase-save-button"
-            @click="store.openCredentialDrawer"
+            @click="store.openCredentialDrawer('auth')"
           />
         </div>
       </div>
@@ -102,7 +102,7 @@
           />
           <ScvInputIcon
             data-test="privacy-passphrase-save-button"
-            @click="store.openCredentialDrawer"
+            @click="store.openCredentialDrawer('privacy')"
           />
         </div>
       </div>
@@ -124,7 +124,12 @@
         {{ store.createUserDrawerState.mode === CreateEditMode.Create ? 'Create User' : 'Update User' }}
       </FeatherButton>
     </div>
-    <SearchExistingCredential />
+    <!-- <SearchExistingCredential /> -->
+    <ScvSearchDrawer
+      :isOpen="store.credentialDrawerState.visible"
+      @hidden="store.closeCredentialDrawer"
+      @itemSelected="scvItemSelected"
+    />
   </TableCard>
 </template>
 
@@ -132,7 +137,8 @@
 import useSnackbar from '@/composables/useSnackbar'
 import { AUTH_PROTOCOL_OPTIONS, PRIVACY_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS, SecurityLevel } from '@/lib/trapdValidator'
 import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
-import { saveTrapdUser, updateTrapdUser } from '@/services/trapdConfigurationService'
+import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
+import { useScvStore } from '@/stores/scvStore'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { CreateEditMode } from '@/types'
 import type { SnmpV3UserError } from '@/types/trapConfig'
@@ -143,7 +149,7 @@ import { FeatherInput } from '@featherds/input'
 import { FeatherSelect, ISelectItemType } from '@featherds/select'
 import TableCard from '../Common/TableCard.vue'
 import ScvInputIcon from '../SCV/ScvInputIcon.vue'
-import SearchExistingCredential from './Drawer/SearchExistingCredential.vue'
+import ScvSearchDrawer from '../SCV/ScvSearchDrawer.vue'
 
 const store = useTrapConfigStore()
 const { showSnackBar } = useSnackbar()
@@ -158,6 +164,7 @@ const privacyPassphrase = ref<string>('')
 const isSaveDisabled = ref<boolean>(true)
 const isSaving = ref<boolean>(false)
 const error = ref<SnmpV3UserError>({})
+const scvStore = useScvStore()
 
 const authProtocolVisible = computed(() => {
   const selectedSecurityLevel = Number(securityLevel.value?._value)
@@ -169,25 +176,6 @@ const privacyProtocolVisible = computed(() => {
   return selectedSecurityLevel === SecurityLevel.AuthPriv
 })
 
-watch(securityLevel, (selectedSecurityLevel) => {
-  const levelValue = Number(selectedSecurityLevel?._value)
-
-  if (levelValue !== SecurityLevel.AuthNoPriv && levelValue !== SecurityLevel.AuthPriv) {
-    authProtocol.value = createEmptySelectItem()
-    authPassphrase.value = ''
-  }
-
-  if (levelValue !== SecurityLevel.AuthPriv) {
-    authProtocol.value = createEmptySelectItem()
-    privacyProtocol.value = createEmptySelectItem()
-    authPassphrase.value = ''
-    privacyPassphrase.value = ''
-  }
-
-  error.value = validateInputs()
-  isSaveDisabled.value = Object.keys(error.value).length > 0
-})
-
 const saveUser = async () => {
   const validationError = validateInputs()
   if (Object.keys(validationError).length > 0) {
@@ -213,14 +201,25 @@ const saveUser = async () => {
     isSaving.value = true
 
     if (store.createUserDrawerState.mode === CreateEditMode.Create) {
-      await saveTrapdUser(payload)
-    } else if (store.createUserDrawerState.mode === CreateEditMode.Edit) {
-      const selectedUser = store.SnmpV3Users?.[store.createUserDrawerState.selectedUserIndex]
-      if (!selectedUser?.securityName) {
-        throw new Error('Unable to determine the selected SNMPv3 user to update.')
+      const updatedConfig = {
+        ...store.trapdConfig,
+        snmpv3User: [...(store.trapdConfig.snmpv3User || []), payload]
       }
-
-      await updateTrapdUser(selectedUser.securityName, payload)
+      await updateTrapdConfiguration(updatedConfig)
+    }
+    if (store.createUserDrawerState.mode === CreateEditMode.Edit) {
+      const selectedUser = store.snmpV3Users?.[store.createUserDrawerState.selectedUserIndex]
+      if (!selectedUser) {
+        showSnackBar({ msg: 'Unable to determine the selected SNMPv3 user to update.', error: true })
+        return
+      }
+      const updatedUsers = [...(store.trapdConfig.snmpv3User || [])]
+      updatedUsers[store.createUserDrawerState.selectedUserIndex] = payload
+      const updatedConfig = {
+        ...store.trapdConfig,
+        snmpv3User: updatedUsers
+      }
+      await updateTrapdConfiguration(updatedConfig)
     }
 
     await store.fetchTrapConfig()
@@ -236,6 +235,16 @@ const saveUser = async () => {
     isSaving.value = false
   }
 }
+const scvItemSelected = (item: any) => {
+  const scvValue = '${scv:' + item.alias + ':' + item.key + '}'
+
+  if (store.credentialDrawerState.key === 'auth') {
+    authPassphrase.value = scvValue
+  } else if (store.credentialDrawerState.key === 'privacy') {
+    privacyPassphrase.value = scvValue
+  }
+  store.closeCredentialDrawer()
+}
 
 const validateInputs = () => {
   const newError: SnmpV3UserError = {}
@@ -266,13 +275,14 @@ const validateInputs = () => {
   return newError
 }
 
-const loadUserData = (drawerState: typeof store.createUserDrawerState) => {
+const loadUserData = async (drawerState: typeof store.createUserDrawerState) => {
   if (drawerState.mode === CreateEditMode.Edit && drawerState.selectedUserIndex > -1) {
-    const selectedUser = store.SnmpV3Users ? store.SnmpV3Users[drawerState.selectedUserIndex] : null
+    const selectedUser = store.snmpV3Users ? store.snmpV3Users[drawerState.selectedUserIndex] : null
 
     if (selectedUser) {
       const selectedSecurityLevel = Number(selectedUser.securityLevel)
       securityLevel.value = SECURITY_LEVEL_OPTIONS.find(option => option._value === String(selectedSecurityLevel)) ?? createEmptySelectItem()
+      await nextTick()
       authProtocol.value = (selectedSecurityLevel === SecurityLevel.AuthNoPriv || selectedSecurityLevel === SecurityLevel.AuthPriv)
         ? AUTH_PROTOCOL_OPTIONS.find(option => option._value === selectedUser.authProtocol) ?? createEmptySelectItem()
         : createEmptySelectItem()
@@ -294,6 +304,26 @@ const loadUserData = (drawerState: typeof store.createUserDrawerState) => {
     privacyPassphrase.value = ''
   }
 }
+
+watch(securityLevel, (selectedSecurityLevel) => {
+  const levelValue = Number(selectedSecurityLevel?._value)
+
+  if (levelValue !== SecurityLevel.AuthNoPriv && levelValue !== SecurityLevel.AuthPriv) {
+    authProtocol.value = createEmptySelectItem()
+    authPassphrase.value = ''
+  }
+
+  if (levelValue !== SecurityLevel.AuthPriv) {
+    authProtocol.value = createEmptySelectItem()
+    privacyProtocol.value = createEmptySelectItem()
+    authPassphrase.value = ''
+    privacyPassphrase.value = ''
+  }
+
+  error.value = validateInputs()
+  isSaveDisabled.value = Object.keys(error.value).length > 0
+})
+
 watchEffect(() => {
   error.value = validateInputs()
   isSaveDisabled.value = Object.keys(error.value).length > 0
@@ -304,6 +334,10 @@ watch(
     loadUserData(store.createUserDrawerState)
   }, { deep: true, immediate: true }
 )
+
+onMounted(() => {
+  scvStore.populate()
+})
 </script>
 
 <style lang="scss" scoped>
diff --git a/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue b/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
index 751e2eca02cf..685cfa0e58ae 100644
--- a/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
+++ b/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
@@ -1,5 +1,5 @@
 <template>
-  <div class="delete-user-confirmation-dialog">
+  <div class="delete-user-confirmation-dialog" v-if="props.index !== null && store.snmpV3Users[props.index]">
     <FeatherDialog
       v-model="isVisible"
       :labels="label"
@@ -7,7 +7,7 @@
       @hidden="emit('close')"
     >
       <div>
-        <p>Are you sure you want to delete this SNMPv3 user?</p>
+        <p>Are you sure you want to delete this SNMPv3 user with security name "{{ store.snmpV3Users[props.index]?.securityName }}"?</p>
         <p><strong>Note:</strong> This action cannot be undone.</p>
       </div>
       <template #footer>
@@ -31,14 +31,17 @@
 <script setup lang="ts">
 import { FeatherButton } from '@featherds/button'
 import { FeatherDialog } from '@featherds/dialog'
+import { useTrapConfigStore } from '@/stores/trapConfigStore'
 
 const label = {
   title: 'Snmpv3 User Delete Confirmation'
 }
 const isVisible = ref(false)
+const store = useTrapConfigStore()
 
 const props = defineProps<{
-  visible: boolean
+  visible: boolean,
+  index: number | null
 }>()
 
 const emit = defineEmits<{
diff --git a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
index fa5c70b4814b..6dd50887607a 100644
--- a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
@@ -130,7 +130,7 @@ import { DEFAULT_TRAPD_BATCH_INTERVAL, DEFAULT_TRAPD_BATCH_SIZE, DEFAULT_TRAPD_B
 import { isValidIP, isValidPort, MAX_PORT, MIN_PORT } from '@/lib/trapdValidator'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
-import { TrapConfigPayload, TrapdConfigurationError } from '@/types/trapConfig'
+import { TrapConfig, TrapdConfigurationError } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherExpansionPanel } from '@featherds/expansion'
 import { FeatherInput } from '@featherds/input'
@@ -203,7 +203,7 @@ const updateConfig = async () => {
     return
   }
 
-  const newConfig = {
+  const newConfig: TrapConfig = {
     snmpTrapPort: Number(port.value),
     snmpTrapAddress: bindAddress.value,
     newSuspectOnTrap: status.value,
@@ -212,8 +212,9 @@ const updateConfig = async () => {
     threads: Number(threads.value),
     queueSize: Number(queueSize.value),
     batchSize: Number(batchSize.value),
-    batchInterval: Number(batchInterval.value)
-  } as TrapConfigPayload
+    batchInterval: Number(batchInterval.value),
+    snmpv3User: store.snmpV3Users || []
+  }
 
   try {
     isSaving.value = true
diff --git a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue b/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
index 730622150bba..1124b9c9f5e3 100644
--- a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
+++ b/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
@@ -63,7 +63,7 @@
                 <FeatherButton
                   icon="Delete User"
                   data-test="delete-user-button"
-                  @click="openDeleteUserDialog(user.securityName)"
+                  @click="openDeleteUserDialog(index)"
                 >
                   <FeatherIcon :icon="Delete"> </FeatherIcon>
                 </FeatherButton>
@@ -77,6 +77,7 @@
       </div>
     </div>
     <DeleteUserConfirmationDialog
+      :index="deleteUserIndex"
       :visible="deleteDialogVisible"
       @close="cancelDeleteUser"
       @confirm="confirmDeleteUser"
@@ -86,10 +87,10 @@
 
 <script setup lang="ts">
 import useSnackbar from '@/composables/useSnackbar'
-import { deleteTrapdUser } from '@/services/trapdConfigurationService'
+import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { CreateEditMode } from '@/types'
-import { SnmpV3User } from '@/types/trapConfig'
+import { SnmpV3User, TrapConfig } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherIcon } from '@featherds/icon'
 import Delete from '@featherds/icon/action/Delete'
@@ -102,7 +103,7 @@ import DeleteUserConfirmationDialog from './Dialog/DeleteUserConfirmationDialog.
 const store = useTrapConfigStore()
 const { showSnackBar } = useSnackbar()
 const tableRecords = ref<SnmpV3User[]>([])
-const deleteUserSecurityName = ref<string | null>(null)
+const deleteUserIndex = ref<number | null>(null)
 const deleteDialogVisible = ref<boolean>(false)
 const isDeleting = ref(false)
 
@@ -127,24 +128,33 @@ const sortChanged = (sortObj: { property: string; value: SORT }) => {
   sort[sortObj.property] = sortObj.value
 }
 
-const openDeleteUserDialog = (securityName: string) => {
-  deleteUserSecurityName.value = securityName
+const openDeleteUserDialog = (index: number) => {
+  deleteUserIndex.value = index
   deleteDialogVisible.value = true
 }
 
 const cancelDeleteUser = () => {
-  deleteUserSecurityName.value = null
+  deleteUserIndex.value = null
   deleteDialogVisible.value = false
 }
 
 const confirmDeleteUser = async () => {
-  if (!deleteUserSecurityName.value || isDeleting.value) {
+  if (deleteUserIndex.value === null || isDeleting.value) {
+    cancelDeleteUser()
+    return
+  }
+
+  if (!store.snmpV3Users[deleteUserIndex.value]) {
+    showSnackBar({ msg: 'SNMPv3 user not found.', error: true })
+    cancelDeleteUser()
     return
   }
 
   try {
     isDeleting.value = true
-    await deleteTrapdUser(deleteUserSecurityName.value)
+    const payload: TrapConfig = { ...store.trapdConfig }
+    payload.snmpv3User = payload.snmpv3User.filter((_, idx) => idx !== deleteUserIndex.value)
+    await updateTrapdConfiguration(payload)
     await store.fetchTrapConfig()
     cancelDeleteUser()
     showSnackBar({ msg: 'SNMPv3 user deleted successfully.' })
@@ -157,8 +167,8 @@ const confirmDeleteUser = async () => {
 }
 
 watch(
-  () => store.SnmpV3Users, () => {
-    tableRecords.value = store.SnmpV3Users || []
+  () => store.snmpV3Users, () => {
+    tableRecords.value = store.snmpV3Users || []
   }, { immediate: true, deep: true }
 )
 </script>
diff --git a/ui/src/services/trapdConfigurationService.ts b/ui/src/services/trapdConfigurationService.ts
index 3d5ee623015b..3d34d4f74554 100644
--- a/ui/src/services/trapdConfigurationService.ts
+++ b/ui/src/services/trapdConfigurationService.ts
@@ -1,9 +1,7 @@
+import { mapTrapdConfigFromServer } from '@/mappers/trapdConfig.mapper'
+import type { TrapConfig } from '@/types/trapConfig'
 import axios from 'axios'
-
-import type { SnmpV3User, TrapConfig, TrapConfigPayload } from '@/types/trapConfig'
-
 import { v2 } from './axiosInstances'
-import { mapTrapdConfigFromServer } from '@/mappers/trapdConfig.mapper'
 
 const endpoint = '/trapd'
 
@@ -73,7 +71,7 @@ export const getTrapdConfiguration = async (): Promise<TrapConfig> => {
   }
 }
 
-export const updateTrapdConfiguration = async (payload: TrapConfigPayload): Promise<void> => {
+export const updateTrapdConfiguration = async (payload: TrapConfig): Promise<void> => {
   try {
     const response = await v2.put(`${endpoint}/config`, payload)
 
@@ -87,44 +85,3 @@ export const updateTrapdConfiguration = async (payload: TrapConfigPayload): Prom
   }
 }
 
-export const saveTrapdUser = async (user: SnmpV3User): Promise<void> => {
-  try {
-    const response = await v2.post(`${endpoint}/user`, user)
-
-    if (response.status === 200) {
-      return
-    }
-
-    throw new Error(`Unexpected response status: ${response.status}`)
-  } catch (error) {
-    return throwTrapdServiceError(error, 'Failed to save trapd user.')
-  }
-}
-
-export const updateTrapdUser = async (securityName: string, user: SnmpV3User): Promise<void> => {
-  try {
-    const response = await v2.put(`${endpoint}/user/${encodeURIComponent(securityName)}`, user)
-
-    if (response.status === 200) {
-      return
-    }
-
-    throw new Error(`Unexpected response status: ${response.status}`)
-  } catch (error) {
-    return throwTrapdServiceError(error, 'Failed to update trapd user.')
-  }
-}
-
-export const deleteTrapdUser = async (securityName: string): Promise<void> => {
-  try {
-    const response = await v2.delete(`${endpoint}/user/${encodeURIComponent(securityName)}`)
-
-    if (response.status === 204) {
-      return
-    }
-
-    throw new Error(`Unexpected response status: ${response.status}`)
-  } catch (error) {
-    return throwTrapdServiceError(error, 'Failed to delete trapd user.')
-  }
-}
diff --git a/ui/src/stores/trapConfigStore.ts b/ui/src/stores/trapConfigStore.ts
index 22c2e41a23a6..397c14c1cc46 100644
--- a/ui/src/stores/trapConfigStore.ts
+++ b/ui/src/stores/trapConfigStore.ts
@@ -8,10 +8,11 @@ export const useTrapConfigStore = defineStore('useTrapConfigStore', {
   state: (): TrapConfigStoreState => ({
     isLoading: false,
     trapdConfig: getDefaultTrapdConfig(),
-    SnmpV3Users: [],
+    snmpV3Users: [],
     activeTab: 0,
     credentialDrawerState: {
-      visible: false
+      visible: false,
+      key: null
     },
     createUserDrawerState: {
       visible: false,
@@ -24,13 +25,15 @@ export const useTrapConfigStore = defineStore('useTrapConfigStore', {
       // Implementation for fetching trap configuration goes here
       const response = await getTrapdConfiguration()
       this.trapdConfig = response
-      this.SnmpV3Users = response.snmpv3User
+      this.snmpV3Users = response.snmpv3User
     },
-    openCredentialDrawer() {
+    openCredentialDrawer(key: string) {
       this.credentialDrawerState.visible = true
+      this.credentialDrawerState.key = key
     },
     closeCredentialDrawer() {
       this.credentialDrawerState.visible = false
+      this.credentialDrawerState.key = null
     },
     openCreateUserDrawer(mode: CreateEditMode, selectedUserIndex: number) {
       this.createUserDrawerState.visible = true
diff --git a/ui/src/types/trapConfig.d.ts b/ui/src/types/trapConfig.d.ts
index 2f851096d0ce..e3c140a331c6 100644
--- a/ui/src/types/trapConfig.d.ts
+++ b/ui/src/types/trapConfig.d.ts
@@ -25,10 +25,11 @@ import { CreateEditMode } from '.'
 export interface TrapConfigStoreState {
   isLoading: boolean
   trapdConfig: TrapConfig
-  SnmpV3Users: SnmpV3User[]
+  snmpV3Users: SnmpV3User[]
   activeTab: number
   credentialDrawerState: {
-    visible: boolean
+    visible: boolean,
+    key: string | null
   }
   createUserDrawerState: {
     visible: boolean
@@ -50,18 +51,6 @@ export interface TrapConfig {
   snmpv3User: SnmpV3User[]
 }
 
-export interface TrapConfigPayload {
-  snmpTrapAddress: string
-  snmpTrapPort: number
-  newSuspectOnTrap: boolean
-  includeRawMessage: boolean
-  threads: number
-  queueSize: number
-  batchSize: number
-  batchInterval: number
-  useAddressFromVarbind: boolean
-}
-
 export interface SnmpV3User {
   engineId: string | null
   securityName: string
diff --git a/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts b/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
index f51d5b4df874..f35449f50f78 100644
--- a/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
+++ b/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
@@ -1,7 +1,7 @@
 import CreateSnmpV3User from '@/components/TrapConfiguration/CreateSnmpV3User.vue'
-import { AUTH_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS } from '@/lib/trapdValidator'
+import { AUTH_PROTOCOL_OPTIONS, getDefaultTrapdConfig, SECURITY_LEVEL_OPTIONS } from '@/lib/trapdValidator'
 import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
-import { saveTrapdUser, updateTrapdUser } from '@/services/trapdConfigurationService'
+import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { CreateEditMode } from '@/types'
 import type { SnmpV3User } from '@/types/trapConfig'
@@ -26,8 +26,7 @@ vi.mock('@/mappers/trapdConfig.mapper', () => ({
 }))
 
 vi.mock('@/services/trapdConfigurationService', () => ({
-  saveTrapdUser: vi.fn(),
-  updateTrapdUser: vi.fn()
+  updateTrapdConfiguration: vi.fn()
 }))
 
 const FeatherInputStub = defineComponent({
@@ -53,8 +52,7 @@ const FeatherInputStub = defineComponent({
 describe('CreateSnmpV3User.vue', () => {
   let store: ReturnType<typeof useTrapConfigStore>
   const mapUserToServerMock = vi.mocked(mapUserToServer)
-  const saveTrapdUserMock = vi.mocked(saveTrapdUser)
-  const updateTrapdUserMock = vi.mocked(updateTrapdUser)
+  const updateTrapdConfigurationMock = vi.mocked(updateTrapdConfiguration)
 
   const selectedUser: SnmpV3User = {
     engineId: null,
@@ -129,15 +127,18 @@ describe('CreateSnmpV3User.vue', () => {
     store.createUserDrawerState.visible = true
     store.createUserDrawerState.mode = CreateEditMode.Create
     store.createUserDrawerState.selectedUserIndex = -1
-    store.SnmpV3Users = [selectedUser]
+    store.snmpV3Users = [selectedUser]
+    store.trapdConfig = {
+      ...getDefaultTrapdConfig(),
+      snmpv3User: [selectedUser]
+    }
 
     store.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
     store.closeCreateUserDrawer = vi.fn()
     store.openCredentialDrawer = vi.fn()
 
     mapUserToServerMock.mockImplementation((payload) => payload as SnmpV3User)
-    saveTrapdUserMock.mockResolvedValue(undefined)
-    updateTrapdUserMock.mockResolvedValue(undefined)
+    updateTrapdConfigurationMock.mockResolvedValue(undefined)
   })
 
   it('does not render when drawer is hidden', () => {
@@ -198,8 +199,12 @@ describe('CreateSnmpV3User.vue', () => {
       securityName: 'new-user',
       securityLevel: expect.any(Number)
     }))
-    expect(saveTrapdUserMock).toHaveBeenCalledTimes(1)
-    expect(updateTrapdUserMock).not.toHaveBeenCalled()
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledTimes(1)
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(expect.objectContaining({
+      snmpv3User: expect.arrayContaining([
+        expect.objectContaining({ securityName: 'new-user' })
+      ])
+    }))
     expect(store.fetchTrapConfig).toHaveBeenCalledTimes(1)
     expect(store.closeCreateUserDrawer).toHaveBeenCalledTimes(1)
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user created successfully.' })
@@ -217,13 +222,17 @@ describe('CreateSnmpV3User.vue', () => {
     await setBindingValue(wrapper, 'authPassphrase', 'masked-auth')
     await clickButton(wrapper, 'create-user-button')
 
-    expect(updateTrapdUserMock).toHaveBeenCalledWith('existing-user', expect.any(Object))
-    expect(saveTrapdUserMock).not.toHaveBeenCalled()
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledTimes(1)
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(expect.objectContaining({
+      snmpv3User: expect.arrayContaining([
+        expect.objectContaining({ securityName: 'existing-user' })
+      ])
+    }))
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user updated successfully.' })
   })
 
-  it('shows explicit edit error when selected user has missing securityName', async () => {
-    store.SnmpV3Users = [{ ...selectedUser, securityName: '' }]
+  it('shows explicit edit error when selected user cannot be found', async () => {
+    store.snmpV3Users = []
     store.createUserDrawerState.mode = CreateEditMode.Edit
     store.createUserDrawerState.selectedUserIndex = 0
 
@@ -236,12 +245,38 @@ describe('CreateSnmpV3User.vue', () => {
     await setBindingValue(wrapper, 'authPassphrase', 'masked-auth')
     await clickButton(wrapper, 'create-user-button')
 
-    expect(updateTrapdUserMock).not.toHaveBeenCalled()
+    expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
+    expect(store.fetchTrapConfig).not.toHaveBeenCalled()
+    expect(store.closeCreateUserDrawer).not.toHaveBeenCalled()
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Unable to determine the selected SNMPv3 user to update.', error: true })
   })
 
-  it('shows service error when saveTrapdUser throws Error', async () => {
-    saveTrapdUserMock.mockRejectedValue(new Error('save failed'))
+  it('requires auth protocol and auth passphrase for auth-only security level', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'auth-only-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Please fix validation errors before saving.', error: true })
+  })
+
+  it('requires privacy protocol and privacy passphrase for auth-priv security level', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'auth-priv-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[2])
+    await setBindingValue(wrapper, 'authProtocol', AUTH_PROTOCOL_OPTIONS[0])
+    await setBindingValue(wrapper, 'authPassphrase', 'auth-secret')
+    await clickButton(wrapper, 'create-user-button')
+
+    expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Please fix validation errors before saving.', error: true })
+  })
+
+  it('shows service error when updateTrapdConfiguration throws Error', async () => {
+    updateTrapdConfigurationMock.mockRejectedValue(new Error('save failed'))
     const wrapper = mountComponent()
 
     await setInputValue(wrapper, 'security-name-input', 'new-user')
@@ -251,8 +286,8 @@ describe('CreateSnmpV3User.vue', () => {
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'save failed', error: true })
   })
 
-  it('shows generic service error when saveTrapdUser throws non-Error', async () => {
-    saveTrapdUserMock.mockRejectedValue('boom')
+  it('shows generic service error when updateTrapdConfiguration throws non-Error', async () => {
+    updateTrapdConfigurationMock.mockRejectedValue('boom')
     const wrapper = mountComponent()
 
     await setInputValue(wrapper, 'security-name-input', 'new-user')
@@ -264,7 +299,7 @@ describe('CreateSnmpV3User.vue', () => {
 
   it('prevents duplicate create requests while saving is in progress', async () => {
     let resolveSave: () => void = () => undefined
-    saveTrapdUserMock.mockImplementation(
+    updateTrapdConfigurationMock.mockImplementation(
       () => new Promise<void>((resolve) => {
         resolveSave = resolve
       })
@@ -277,7 +312,7 @@ describe('CreateSnmpV3User.vue', () => {
     await clickButton(wrapper, 'create-user-button')
     await clickButton(wrapper, 'create-user-button')
 
-    expect(saveTrapdUserMock).toHaveBeenCalledTimes(1)
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledTimes(1)
 
     resolveSave()
     await flushPromises()
@@ -289,6 +324,6 @@ describe('CreateSnmpV3User.vue', () => {
     await clickButton(wrapper, 'create-user-button')
 
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Please fix validation errors before saving.', error: true })
-    expect(saveTrapdUserMock).not.toHaveBeenCalled()
+    expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
   })
 })
diff --git a/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts b/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
index d213e013cefc..67df94a06cf6 100644
--- a/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
+++ b/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
@@ -183,7 +183,8 @@ describe('GeneralConfiguration.vue', () => {
       threads: 2,
       queueSize: 6000,
       batchSize: 300,
-      batchInterval: 900
+      batchInterval: 900,
+      snmpv3User: []
     })
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Trap configuration updated successfully.' })
     expect(store.fetchTrapConfig).toHaveBeenCalledTimes(1)
@@ -212,6 +213,31 @@ describe('GeneralConfiguration.vue', () => {
     await flushPromises()
 
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to update trap configuration.', error: true })
+    expect(store.fetchTrapConfig).not.toHaveBeenCalled()
+    expect((wrapper.vm as any).isSaving).toBe(false)
+  })
+
+  it('includes store snmpV3Users in the update payload', async () => {
+    store.snmpV3Users = [{
+      securityName: 'sec-user-1',
+      securityLevel: 1,
+      authProtocol: null,
+      authPassphrase: null,
+      privacyProtocol: null,
+      privacyPassphrase: null,
+      engineId: null
+    }]
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'port', 163)
+    await (wrapper.vm as any).updateConfig()
+    await flushPromises()
+
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(expect.objectContaining({
+      snmpv3User: [
+        expect.objectContaining({ securityName: 'sec-user-1' })
+      ]
+    }))
   })
 
   it('sets isSaving during an in-flight request and clears it after completion', async () => {
diff --git a/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts b/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
index 4c96f31d029f..036cd20adce3 100644
--- a/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
+++ b/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
@@ -1,5 +1,5 @@
 import SnmpV3UserManagement from '@/components/TrapConfiguration/SnmpV3UserManagement.vue'
-import { deleteTrapdUser } from '@/services/trapdConfigurationService'
+import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { CreateEditMode } from '@/types'
 import type { SnmpV3User } from '@/types/trapConfig'
@@ -21,7 +21,7 @@ vi.mock('@/composables/useSnackbar', () => ({
 }))
 
 vi.mock('@/services/trapdConfigurationService', () => ({
-  deleteTrapdUser: vi.fn()
+  updateTrapdConfiguration: vi.fn()
 }))
 
 const FeatherButtonStub = defineComponent({
@@ -81,7 +81,7 @@ const DeleteDialogStub = defineComponent({
 
 describe('SnmpV3UserManagement.vue', () => {
   let store: ReturnType<typeof useTrapConfigStore>
-  const deleteTrapdUserMock = vi.mocked(deleteTrapdUser)
+  const updateTrapdConfigurationMock = vi.mocked(updateTrapdConfiguration)
 
   const users: SnmpV3User[] = [
     {
@@ -148,11 +148,23 @@ describe('SnmpV3UserManagement.vue', () => {
 
     store = useTrapConfigStore()
     store.createUserDrawerState.visible = false
-    store.SnmpV3Users = [...users]
+    store.snmpV3Users = [...users]
+    store.trapdConfig = {
+      snmpTrapAddress: '127.0.0.1',
+      snmpTrapPort: 162,
+      newSuspectOnTrap: false,
+      includeRawMessage: false,
+      threads: 0,
+      queueSize: 10000,
+      batchSize: 1000,
+      batchInterval: 500,
+      useAddressFromVarbind: false,
+      snmpv3User: [...users]
+    }
     store.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
     store.openCreateUserDrawer = vi.fn()
 
-    deleteTrapdUserMock.mockResolvedValue(undefined)
+    updateTrapdConfigurationMock.mockResolvedValue(undefined)
   })
 
   it('does not render when the create user drawer is visible', () => {
@@ -179,7 +191,7 @@ describe('SnmpV3UserManagement.vue', () => {
   })
 
   it('renders the empty state when there are no users', async () => {
-    store.SnmpV3Users = []
+    store.snmpV3Users = []
     const wrapper = mountComponent()
     await nextTick()
 
@@ -203,61 +215,64 @@ describe('SnmpV3UserManagement.vue', () => {
     expect(store.openCreateUserDrawer).toHaveBeenCalledWith(CreateEditMode.Edit, 1)
   })
 
-  it('opens the delete dialog with the selected security name', async () => {
+  it('opens the delete dialog with the selected index', async () => {
     const wrapper = mountComponent()
 
     await clickByDataTest(wrapper, 'delete-user-button', 1)
 
-    expect((wrapper.vm as any).deleteUserSecurityName).toBe('user-two')
+    expect((wrapper.vm as any).deleteUserIndex).toBe(1)
     expect((wrapper.vm as any).deleteDialogVisible).toBe(true)
     expect(wrapper.find('[data-test="delete-dialog-visible"]').text()).toBe('true')
   })
 
   it('cancels delete and resets dialog state', async () => {
     const wrapper = mountComponent()
-    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    ;(wrapper.vm as any).openDeleteUserDialog(0)
     await nextTick()
 
     await clickByDataTest(wrapper, 'close-delete-dialog')
 
-    expect((wrapper.vm as any).deleteUserSecurityName).toBe(null)
+    expect((wrapper.vm as any).deleteUserIndex).toBe(null)
     expect((wrapper.vm as any).deleteDialogVisible).toBe(false)
   })
 
   it('deletes the selected user successfully, refreshes config, and closes the dialog', async () => {
     const wrapper = mountComponent()
-    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    ;(wrapper.vm as any).openDeleteUserDialog(0)
     await nextTick()
 
     await clickByDataTest(wrapper, 'confirm-delete-dialog')
 
-    expect(deleteTrapdUserMock).toHaveBeenCalledWith('user-one')
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledTimes(1)
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(expect.objectContaining({
+      snmpv3User: [expect.objectContaining({ securityName: 'user-two' })]
+    }))
     expect(store.fetchTrapConfig).toHaveBeenCalledTimes(1)
-    expect((wrapper.vm as any).deleteUserSecurityName).toBe(null)
+    expect((wrapper.vm as any).deleteUserIndex).toBe(null)
     expect((wrapper.vm as any).deleteDialogVisible).toBe(false)
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user deleted successfully.' })
     expect((wrapper.vm as any).isDeleting).toBe(false)
   })
 
   it('shows the service error when delete fails with an Error', async () => {
-    deleteTrapdUserMock.mockRejectedValue(new Error('delete failed'))
+    updateTrapdConfigurationMock.mockRejectedValue(new Error('delete failed'))
     const wrapper = mountComponent()
-    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    ;(wrapper.vm as any).openDeleteUserDialog(0)
     await nextTick()
 
     await clickByDataTest(wrapper, 'confirm-delete-dialog')
 
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'delete failed', error: true })
     expect(store.fetchTrapConfig).not.toHaveBeenCalled()
-    expect((wrapper.vm as any).deleteUserSecurityName).toBe('user-one')
+    expect((wrapper.vm as any).deleteUserIndex).toBe(0)
     expect((wrapper.vm as any).deleteDialogVisible).toBe(true)
     expect((wrapper.vm as any).isDeleting).toBe(false)
   })
 
   it('shows a generic error when delete fails with a non-Error value', async () => {
-    deleteTrapdUserMock.mockRejectedValue('boom')
+    updateTrapdConfigurationMock.mockRejectedValue('boom')
     const wrapper = mountComponent()
-    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    ;(wrapper.vm as any).openDeleteUserDialog(0)
     await nextTick()
 
     await clickByDataTest(wrapper, 'confirm-delete-dialog')
@@ -265,19 +280,21 @@ describe('SnmpV3UserManagement.vue', () => {
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Failed to delete SNMPv3 user.', error: true })
   })
 
-  it('does not call delete when no selected security name exists', async () => {
+  it('does not call delete when no selected index exists', async () => {
     const wrapper = mountComponent()
 
     await (wrapper.vm as any).confirmDeleteUser()
     await flushPromises()
 
-    expect(deleteTrapdUserMock).not.toHaveBeenCalled()
+    expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
+    expect((wrapper.vm as any).deleteUserIndex).toBe(null)
+    expect((wrapper.vm as any).deleteDialogVisible).toBe(false)
     expect(showSnackBarMock).not.toHaveBeenCalled()
   })
 
   it('does not call delete again while a delete request is already in progress', async () => {
     let resolveDelete: (() => void) | undefined
-    deleteTrapdUserMock.mockImplementation(
+    updateTrapdConfigurationMock.mockImplementation(
       () =>
         new Promise<void>((resolve) => {
           resolveDelete = resolve
@@ -285,14 +302,14 @@ describe('SnmpV3UserManagement.vue', () => {
     )
 
     const wrapper = mountComponent()
-    ;(wrapper.vm as any).openDeleteUserDialog('user-one')
+    ;(wrapper.vm as any).openDeleteUserDialog(0)
     await nextTick()
 
     const pendingDelete = (wrapper.vm as any).confirmDeleteUser()
     await nextTick()
     await (wrapper.vm as any).confirmDeleteUser()
 
-    expect(deleteTrapdUserMock).toHaveBeenCalledTimes(1)
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledTimes(1)
     expect((wrapper.vm as any).isDeleting).toBe(true)
 
     resolveDelete?.()
@@ -316,7 +333,7 @@ describe('SnmpV3UserManagement.vue', () => {
       }
     ]
 
-    store.SnmpV3Users = nextUsers
+    store.snmpV3Users = nextUsers
     await nextTick()
     await nextTick()
 
@@ -325,6 +342,30 @@ describe('SnmpV3UserManagement.vue', () => {
     expect(wrapper.text()).not.toContain('user-one')
   })
 
+  it('falls back to an empty records list when store users become undefined', async () => {
+    const wrapper = mountComponent()
+
+    ;(store as any).snmpV3Users = undefined
+    await nextTick()
+    await nextTick()
+
+    expect((wrapper.vm as any).tableRecords).toEqual([])
+  })
+
+  it('shows user-not-found error and closes dialog when selected index is out of range', async () => {
+    const wrapper = mountComponent()
+    ;(wrapper.vm as any).openDeleteUserDialog(99)
+    await nextTick()
+
+    await (wrapper.vm as any).confirmDeleteUser()
+    await flushPromises()
+
+    expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
+    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user not found.', error: true })
+    expect((wrapper.vm as any).deleteUserIndex).toBe(null)
+    expect((wrapper.vm as any).deleteDialogVisible).toBe(false)
+  })
+
   it('updates sort state when a sort header emits sort-changed', async () => {
     const wrapper = mountComponent()
     const sortHeaders = wrapper.findAllComponents(FeatherSortHeader)
diff --git a/ui/tests/stores/trapConfigStore.test.ts b/ui/tests/stores/trapConfigStore.test.ts
new file mode 100644
index 000000000000..29eabe1989fa
--- /dev/null
+++ b/ui/tests/stores/trapConfigStore.test.ts
@@ -0,0 +1,126 @@
+import { getDefaultTrapdConfig } from '@/lib/trapdValidator'
+import { getTrapdConfiguration } from '@/services/trapdConfigurationService'
+import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { CreateEditMode } from '@/types'
+import type { TrapConfig } from '@/types/trapConfig'
+import { createPinia, setActivePinia } from 'pinia'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+vi.mock('@/services/trapdConfigurationService', () => ({
+  getTrapdConfiguration: vi.fn()
+}))
+
+describe('useTrapConfigStore', () => {
+  let store: ReturnType<typeof useTrapConfigStore>
+
+  const trapConfigResponse: TrapConfig = {
+    snmpTrapAddress: '192.168.0.20',
+    snmpTrapPort: 1162,
+    newSuspectOnTrap: true,
+    includeRawMessage: true,
+    threads: 8,
+    queueSize: 12000,
+    batchSize: 1500,
+    batchInterval: 700,
+    useAddressFromVarbind: true,
+    snmpv3User: [
+      {
+        engineId: null,
+        securityName: 'alpha-user',
+        securityLevel: 2,
+        authProtocol: 'SHA256',
+        authPassphrase: 'masked-auth',
+        privacyProtocol: null,
+        privacyPassphrase: null
+      }
+    ]
+  }
+
+  beforeEach(() => {
+    vi.clearAllMocks()
+    setActivePinia(createPinia())
+    store = useTrapConfigStore()
+  })
+
+  it('has the expected initial state', () => {
+    expect(store.isLoading).toBe(false)
+    expect(store.trapdConfig).toEqual(getDefaultTrapdConfig())
+    expect(store.snmpV3Users).toEqual([])
+    expect(store.activeTab).toBe(0)
+    expect(store.credentialDrawerState).toEqual({
+      visible: false,
+      key: null
+    })
+    expect(store.createUserDrawerState).toEqual({
+      visible: false,
+      mode: CreateEditMode.None,
+      selectedUserIndex: -1
+    })
+  })
+
+  it('fetchTrapConfig updates trapdConfig and snmpV3Users from service response', async () => {
+    vi.mocked(getTrapdConfiguration).mockResolvedValue(trapConfigResponse)
+
+    await store.fetchTrapConfig()
+
+    expect(getTrapdConfiguration).toHaveBeenCalledTimes(1)
+    expect(store.trapdConfig).toEqual(trapConfigResponse)
+    expect(store.snmpV3Users).toEqual(trapConfigResponse.snmpv3User)
+  })
+
+  it('fetchTrapConfig propagates errors and keeps prior state unchanged', async () => {
+    const previousConfig = store.trapdConfig
+    const previousUsers = store.snmpV3Users
+    const error = new Error('fetch failed')
+    vi.mocked(getTrapdConfiguration).mockRejectedValue(error)
+
+    await expect(store.fetchTrapConfig()).rejects.toThrow('fetch failed')
+    expect(store.trapdConfig).toBe(previousConfig)
+    expect(store.snmpV3Users).toBe(previousUsers)
+  })
+
+  it('openCredentialDrawer sets visibility and key', () => {
+    store.openCredentialDrawer('authPassphrase')
+
+    expect(store.credentialDrawerState.visible).toBe(true)
+    expect(store.credentialDrawerState.key).toBe('authPassphrase')
+  })
+
+  it('openCredentialDrawer replaces key when called again', () => {
+    store.openCredentialDrawer('authPassphrase')
+    store.openCredentialDrawer('privacyPassphrase')
+
+    expect(store.credentialDrawerState.visible).toBe(true)
+    expect(store.credentialDrawerState.key).toBe('privacyPassphrase')
+  })
+
+  it('closeCredentialDrawer hides drawer and clears key', () => {
+    store.openCredentialDrawer('authPassphrase')
+
+    store.closeCredentialDrawer()
+
+    expect(store.credentialDrawerState.visible).toBe(false)
+    expect(store.credentialDrawerState.key).toBe(null)
+  })
+
+  it('openCreateUserDrawer sets create drawer state', () => {
+    store.openCreateUserDrawer(CreateEditMode.Edit, 3)
+
+    expect(store.createUserDrawerState.visible).toBe(true)
+    expect(store.createUserDrawerState.mode).toBe(CreateEditMode.Edit)
+    expect(store.createUserDrawerState.selectedUserIndex).toBe(3)
+  })
+
+  it('closeCreateUserDrawer resets create drawer state to defaults', () => {
+    store.openCreateUserDrawer(CreateEditMode.Create, 0)
+
+    store.closeCreateUserDrawer()
+
+    expect(store.createUserDrawerState).toEqual({
+      visible: false,
+      mode: CreateEditMode.None,
+      selectedUserIndex: -1
+    })
+  })
+})
+

From a1405f30838fb27a015030123b628c9193e9df84 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Sun, 29 Mar 2026 23:49:36 +0500
Subject: [PATCH 27/41] unused code removed

---
 .../opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
index d254f05af6fb..9c49af73da65 100644
--- a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
+++ b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
@@ -21,12 +21,8 @@
  */
 package org.opennms.netmgt.dao.jaxb;
 
-import org.apache.commons.lang3.StringUtils;
-import org.opennms.core.xml.JaxbUtils;
 import org.opennms.features.config.service.api.ConfigUpdateInfo;
 import org.opennms.features.config.service.impl.AbstractCmJaxbConfigDao;
-import org.opennms.features.config.service.util.ConfigConvertUtil;
-import org.opennms.netmgt.config.trapd.Snmpv3User;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.netmgt.dao.jaxb.callback.ConfigurationReloadEventCallback;
@@ -37,7 +33,6 @@
 
 public class DefaultTrapdConfigDao extends AbstractCmJaxbConfigDao<TrapdConfiguration> implements TrapdConfigDao {
     public static final String CONFIG_NAME = "trapd-config";
-    private static final String PASSPHRASE_PLACEHOLDER = "********";
 
     @Autowired
     private EventForwarder eventForwarder;
@@ -56,11 +51,6 @@ public TrapdConfiguration getConfig() {
         return this.getConfig(this.getDefaultConfigId());
     }
 
-    @Override
-    public void updateConfig(final TrapdConfiguration config) {
-        this.updateConfig(this.getDefaultConfigId(), ConfigConvertUtil.objectToJson(config), true);
-    }
-
     @Override
     public Consumer<ConfigUpdateInfo> getUpdateCallback(){
         return new ConfigurationReloadEventCallback(eventForwarder, this);

From de9a756e3352d59309877e92e0cd95953c1d21c9 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Mon, 30 Mar 2026 00:43:02 +0500
Subject: [PATCH 28/41] menu item

---
 .../main/webapp/WEB-INF/menu/menu-template-default.json    | 7 +++++++
 .../src/main/webapp/WEB-INF/menu/menu-template.json        | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json
index 3de6ab2bfd16..3a3df9601578 100644
--- a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json
+++ b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json
@@ -446,6 +446,13 @@
           "locationMatch": "",
           "roles": null
         },
+        {
+          "id": "trapdConfiguration",
+          "name": "Trapd Configuration",
+          "url": "ui/index.html#/trapd-config",
+          "locationMatch": "",
+          "roles": null
+        },
         {
           "id": "externalRequisitions",
           "name": "External Requisitions",
diff --git a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json
index b855b33e2718..59f29c54a90a 100644
--- a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json
+++ b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json
@@ -453,6 +453,13 @@
           "locationMatch": "",
           "roles": null
         },
+        {
+          "id": "trapdConfiguration",
+          "name": "Trapd Configuration",
+          "url": "ui/index.html#/trapd-config",
+          "locationMatch": "",
+          "roles": null
+        },
         {
           "id": "externalRequisitions",
           "name": "External Requisitions",

From 8264e1249cfd17fa6fd8a7189046224107399f03 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Mon, 30 Mar 2026 00:44:31 +0500
Subject: [PATCH 29/41] route fix

---
 ui/src/main/router/index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/src/main/router/index.ts b/ui/src/main/router/index.ts
index 5c6b0d184f43..89e51357b70c 100644
--- a/ui/src/main/router/index.ts
+++ b/ui/src/main/router/index.ts
@@ -287,8 +287,8 @@ const router = createRouter({
       component: () => import('@/containers/EventConfigEventCreate.vue')
     },
     {
-      path: '/trap-config',
-      name: 'Trap Configuration',
+      path: '/trapd-config',
+      name: 'Trapd Configuration',
       component: () => import('@/containers/TrapConfiguration.vue')
     },
     {

From 4d18483843d97f50f5d3d0bf7dcf0dde9de117b3 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Mon, 30 Mar 2026 01:37:23 +0500
Subject: [PATCH 30/41] test fixes

---
 ui/src/components/SCV/ScvSearchDrawer.vue     |   6 +-
 .../CreateSnmpV3User.test.ts                  | 171 +++++++++++++++---
 2 files changed, 147 insertions(+), 30 deletions(-)

diff --git a/ui/src/components/SCV/ScvSearchDrawer.vue b/ui/src/components/SCV/ScvSearchDrawer.vue
index 66638dde7c53..6bdb77b346b3 100644
--- a/ui/src/components/SCV/ScvSearchDrawer.vue
+++ b/ui/src/components/SCV/ScvSearchDrawer.vue
@@ -30,8 +30,10 @@
           aria-label="SCV Search Results Table"
         >
           <thead>
-            <th>Alias</th>
-            <th>Key</th>
+            <tr>
+              <th>Alias</th>
+              <th>Key</th>
+            </tr>
           </thead>
           <tbody v-if="filteredResults.length > 0">
             <tr
diff --git a/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts b/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
index f35449f50f78..3b38050e0e7c 100644
--- a/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
+++ b/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
@@ -1,7 +1,13 @@
 import CreateSnmpV3User from '@/components/TrapConfiguration/CreateSnmpV3User.vue'
-import { AUTH_PROTOCOL_OPTIONS, getDefaultTrapdConfig, SECURITY_LEVEL_OPTIONS } from '@/lib/trapdValidator'
+import {
+  AUTH_PROTOCOL_OPTIONS,
+  getDefaultTrapdConfig,
+  PRIVACY_PROTOCOL_OPTIONS,
+  SECURITY_LEVEL_OPTIONS
+} from '@/lib/trapdValidator'
 import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
+import { useScvStore } from '@/stores/scvStore'
 import { useTrapConfigStore } from '@/stores/trapConfigStore'
 import { CreateEditMode } from '@/types'
 import type { SnmpV3User } from '@/types/trapConfig'
@@ -11,8 +17,9 @@ import { setActivePinia } from 'pinia'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 import { defineComponent, nextTick } from 'vue'
 
-const { showSnackBarMock } = vi.hoisted(() => ({
-  showSnackBarMock: vi.fn()
+const { showSnackBarMock, populateScvMock } = vi.hoisted(() => ({
+  showSnackBarMock: vi.fn(),
+  populateScvMock: vi.fn().mockResolvedValue(undefined)
 }))
 
 vi.mock('@/composables/useSnackbar', () => ({
@@ -29,6 +36,12 @@ vi.mock('@/services/trapdConfigurationService', () => ({
   updateTrapdConfiguration: vi.fn()
 }))
 
+vi.mock('@/stores/scvStore', () => ({
+  useScvStore: vi.fn(() => ({
+    populate: populateScvMock
+  }))
+}))
+
 const FeatherInputStub = defineComponent({
   name: 'FeatherInput',
   props: {
@@ -46,11 +59,25 @@ const FeatherInputStub = defineComponent({
     }
   },
   emits: ['update:modelValue'],
-  template: '<input :data-test="dataTest || label" :value="modelValue" @input="$emit(\'update:modelValue\', $event.target.value)" />'
+  template:
+    '<input :data-test="dataTest || label" :value="modelValue" @input="$emit(\'update:modelValue\', $event.target.value)" />'
+})
+
+const ScvSearchDrawerStub = defineComponent({
+  name: 'ScvSearchDrawer',
+  props: {
+    isOpen: {
+      type: Boolean,
+      default: false
+    }
+  },
+  emits: ['hidden', 'itemSelected'],
+  template: '<div data-test="scv-search-drawer" :data-open="String(isOpen)" />'
 })
 
 describe('CreateSnmpV3User.vue', () => {
   let store: ReturnType<typeof useTrapConfigStore>
+  const useScvStoreMock = vi.mocked(useScvStore)
   const mapUserToServerMock = vi.mocked(mapUserToServer)
   const updateTrapdConfigurationMock = vi.mocked(updateTrapdConfiguration)
 
@@ -71,7 +98,6 @@ describe('CreateSnmpV3User.vue', () => {
           TableCard: {
             template: '<div><slot /></div>'
           },
-          SearchExistingCredential: true,
           FeatherIcon: true,
           FeatherInput: FeatherInputStub,
           'feather-input': FeatherInputStub,
@@ -81,6 +107,7 @@ describe('CreateSnmpV3User.vue', () => {
             emits: ['click'],
             template: '<button :data-test="$attrs[\'data-test\']" @click="$emit(\'click\')" />'
           },
+          ScvSearchDrawer: ScvSearchDrawerStub,
           FeatherButton: {
             props: ['dataTest', 'disabled'],
             emits: ['click'],
@@ -136,11 +163,19 @@ describe('CreateSnmpV3User.vue', () => {
     store.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
     store.closeCreateUserDrawer = vi.fn()
     store.openCredentialDrawer = vi.fn()
+    store.closeCredentialDrawer = vi.fn()
 
     mapUserToServerMock.mockImplementation((payload) => payload as SnmpV3User)
     updateTrapdConfigurationMock.mockResolvedValue(undefined)
   })
 
+  it('calls scvStore.populate on mount', () => {
+    mountComponent()
+
+    expect(useScvStoreMock).toHaveBeenCalledTimes(1)
+    expect(populateScvMock).toHaveBeenCalledTimes(1)
+  })
+
   it('does not render when drawer is hidden', () => {
     store.createUserDrawerState.visible = false
     const wrapper = mountComponent()
@@ -162,9 +197,12 @@ describe('CreateSnmpV3User.vue', () => {
 
     const wrapper = mountComponent()
     await nextTick()
+    await nextTick()
 
     expect(wrapper.find('[data-test="create-user-button"]').text()).toContain('Update User')
-    expect((wrapper.find('input[data-test="security-name-input"]').element as HTMLInputElement).value).toBe('existing-user')
+    expect((wrapper.find('input[data-test="security-name-input"]').element as HTMLInputElement).value).toBe(
+      'existing-user'
+    )
   })
 
   it('calls closeCreateUserDrawer from back and cancel buttons', async () => {
@@ -185,7 +223,69 @@ describe('CreateSnmpV3User.vue', () => {
 
     await wrapper.find('[data-test="auth-passphrase-save-button"]').trigger('click')
 
-    expect(store.openCredentialDrawer).toHaveBeenCalledTimes(1)
+    expect(store.openCredentialDrawer).toHaveBeenCalledWith('auth')
+  })
+
+  it('opens credential drawer from privacy passphrase button when privacy row is visible', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[2])
+    await wrapper.find('[data-test="privacy-passphrase-save-button"]').trigger('click')
+
+    expect(store.openCredentialDrawer).toHaveBeenCalledWith('privacy')
+  })
+
+  it('toggles auth/privacy rows based on security level', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[0])
+    expect(wrapper.find('[data-test="auth-passphrase-input"]').exists()).toBe(false)
+    expect(wrapper.find('[data-test="privacy-passphrase-input"]').exists()).toBe(false)
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    expect(wrapper.find('[data-test="auth-passphrase-input"]').exists()).toBe(true)
+    expect(wrapper.find('[data-test="privacy-passphrase-input"]').exists()).toBe(false)
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[2])
+    expect(wrapper.find('[data-test="auth-passphrase-input"]').exists()).toBe(true)
+    expect(wrapper.find('[data-test="privacy-passphrase-input"]').exists()).toBe(true)
+  })
+
+  it('clears dependent values when security level is lowered to noAuthNoPriv', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[2])
+    await setBindingValue(wrapper, 'authProtocol', AUTH_PROTOCOL_OPTIONS[0])
+    await setBindingValue(wrapper, 'privacyProtocol', PRIVACY_PROTOCOL_OPTIONS[0])
+    await setBindingValue(wrapper, 'authPassphrase', 'auth-secret')
+    await setBindingValue(wrapper, 'privacyPassphrase', 'privacy-secret')
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[0])
+
+    expect((wrapper.vm as any).authProtocol).toBeUndefined()
+    expect((wrapper.vm as any).privacyProtocol).toBeUndefined()
+    expect((wrapper.vm as any).authPassphrase).toBe('')
+    expect((wrapper.vm as any).privacyPassphrase).toBe('')
+  })
+
+  it('fills auth passphrase from SCV selection and closes SCV drawer', async () => {
+    const wrapper = mountComponent()
+    store.credentialDrawerState.key = 'auth'
+    ;(wrapper.vm as any).scvItemSelected({ alias: 'vault', key: 'auth-key' })
+    await nextTick()
+
+    expect((wrapper.vm as any).authPassphrase).toBe('${scv:vault:auth-key}')
+    expect(store.closeCredentialDrawer).toHaveBeenCalledTimes(1)
+  })
+
+  it('fills privacy passphrase from SCV selection and closes SCV drawer', async () => {
+    const wrapper = mountComponent()
+    store.credentialDrawerState.key = 'privacy'
+    ;(wrapper.vm as any).scvItemSelected({ alias: 'vault', key: 'privacy-key' })
+    await nextTick()
+
+    expect((wrapper.vm as any).privacyPassphrase).toBe('${scv:vault:privacy-key}')
+    expect(store.closeCredentialDrawer).toHaveBeenCalledTimes(1)
   })
 
   it('creates user successfully in create mode', async () => {
@@ -195,16 +295,18 @@ describe('CreateSnmpV3User.vue', () => {
     await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[0])
     await clickButton(wrapper, 'create-user-button')
 
-    expect(mapUserToServerMock).toHaveBeenCalledWith(expect.objectContaining({
-      securityName: 'new-user',
-      securityLevel: expect.any(Number)
-    }))
+    expect(mapUserToServerMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        securityName: 'new-user',
+        securityLevel: expect.any(Number)
+      })
+    )
     expect(updateTrapdConfigurationMock).toHaveBeenCalledTimes(1)
-    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(expect.objectContaining({
-      snmpv3User: expect.arrayContaining([
-        expect.objectContaining({ securityName: 'new-user' })
-      ])
-    }))
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        snmpv3User: expect.arrayContaining([expect.objectContaining({ securityName: 'new-user' })])
+      })
+    )
     expect(store.fetchTrapConfig).toHaveBeenCalledTimes(1)
     expect(store.closeCreateUserDrawer).toHaveBeenCalledTimes(1)
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user created successfully.' })
@@ -223,11 +325,11 @@ describe('CreateSnmpV3User.vue', () => {
     await clickButton(wrapper, 'create-user-button')
 
     expect(updateTrapdConfigurationMock).toHaveBeenCalledTimes(1)
-    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(expect.objectContaining({
-      snmpv3User: expect.arrayContaining([
-        expect.objectContaining({ securityName: 'existing-user' })
-      ])
-    }))
+    expect(updateTrapdConfigurationMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        snmpv3User: expect.arrayContaining([expect.objectContaining({ securityName: 'existing-user' })])
+      })
+    )
     expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'SNMPv3 user updated successfully.' })
   })
 
@@ -248,7 +350,10 @@ describe('CreateSnmpV3User.vue', () => {
     expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
     expect(store.fetchTrapConfig).not.toHaveBeenCalled()
     expect(store.closeCreateUserDrawer).not.toHaveBeenCalled()
-    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Unable to determine the selected SNMPv3 user to update.', error: true })
+    expect(showSnackBarMock).toHaveBeenCalledWith({
+      msg: 'Unable to determine the selected SNMPv3 user to update.',
+      error: true
+    })
   })
 
   it('requires auth protocol and auth passphrase for auth-only security level', async () => {
@@ -259,7 +364,10 @@ describe('CreateSnmpV3User.vue', () => {
     await clickButton(wrapper, 'create-user-button')
 
     expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
-    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Please fix validation errors before saving.', error: true })
+    expect(showSnackBarMock).toHaveBeenCalledWith({
+      msg: 'Please fix validation errors before saving.',
+      error: true
+    })
   })
 
   it('requires privacy protocol and privacy passphrase for auth-priv security level', async () => {
@@ -272,7 +380,10 @@ describe('CreateSnmpV3User.vue', () => {
     await clickButton(wrapper, 'create-user-button')
 
     expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
-    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Please fix validation errors before saving.', error: true })
+    expect(showSnackBarMock).toHaveBeenCalledWith({
+      msg: 'Please fix validation errors before saving.',
+      error: true
+    })
   })
 
   it('shows service error when updateTrapdConfiguration throws Error', async () => {
@@ -300,9 +411,10 @@ describe('CreateSnmpV3User.vue', () => {
   it('prevents duplicate create requests while saving is in progress', async () => {
     let resolveSave: () => void = () => undefined
     updateTrapdConfigurationMock.mockImplementation(
-      () => new Promise<void>((resolve) => {
-        resolveSave = resolve
-      })
+      () =>
+        new Promise<void>((resolve) => {
+          resolveSave = resolve
+        })
     )
     const wrapper = mountComponent()
 
@@ -323,7 +435,10 @@ describe('CreateSnmpV3User.vue', () => {
 
     await clickButton(wrapper, 'create-user-button')
 
-    expect(showSnackBarMock).toHaveBeenCalledWith({ msg: 'Please fix validation errors before saving.', error: true })
+    expect(showSnackBarMock).toHaveBeenCalledWith({
+      msg: 'Please fix validation errors before saving.',
+      error: true
+    })
     expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
   })
 })

From e4e343142c98bd01c9eed0837aaae47a5287eb99 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Mon, 30 Mar 2026 01:50:59 +0500
Subject: [PATCH 31/41] naming fixes

---
 .../Drawer/SearchExistingCredential.vue       | 220 ------------------
 .../CreateSnmpV3User.vue                      |   4 +-
 .../Dialog/DeleteUserConfirmationDialog.vue   |   4 +-
 .../GeneralConfiguration.vue                  |   4 +-
 .../SnmpV3UserManagement.vue                  |   4 +-
 ...nfiguration.vue => TrapdConfiguration.vue} |  10 +-
 ui/src/main/router/index.ts                   |   2 +-
 ...trapConfigStore.ts => trapdConfigStore.ts} |   2 +-
 .../CreateSnmpV3User.test.ts                  |   8 +-
 .../GeneralConfiguration.test.ts              |   8 +-
 .../SnmpV3UserManagement.test.ts              |   8 +-
 ...ion.test.ts => TrapdConfiguration.test.ts} |  12 +-
 ...Store.test.ts => trapdConfigStore.test.ts} |   8 +-
 13 files changed, 37 insertions(+), 257 deletions(-)
 delete mode 100644 ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
 rename ui/src/components/{TrapConfiguration => TrapdConfiguration}/CreateSnmpV3User.vue (99%)
 rename ui/src/components/{TrapConfiguration => TrapdConfiguration}/Dialog/DeleteUserConfirmationDialog.vue (92%)
 rename ui/src/components/{TrapConfiguration => TrapdConfiguration}/GeneralConfiguration.vue (99%)
 rename ui/src/components/{TrapConfiguration => TrapdConfiguration}/SnmpV3UserManagement.vue (98%)
 rename ui/src/containers/{TrapConfiguration.vue => TrapdConfiguration.vue} (91%)
 rename ui/src/stores/{trapConfigStore.ts => trapdConfigStore.ts} (95%)
 rename ui/tests/components/{TrapConfiguration => TrapdConfiguration}/CreateSnmpV3User.test.ts (98%)
 rename ui/tests/components/{TrapConfiguration => TrapdConfiguration}/GeneralConfiguration.test.ts (98%)
 rename ui/tests/components/{TrapConfiguration => TrapdConfiguration}/SnmpV3UserManagement.test.ts (98%)
 rename ui/tests/containers/{TrapConfiguration.test.ts => TrapdConfiguration.test.ts} (96%)
 rename ui/tests/stores/{trapConfigStore.test.ts => trapdConfigStore.test.ts} (95%)

diff --git a/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue b/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
deleted file mode 100644
index 6f88e7d040c1..000000000000
--- a/ui/src/components/TrapConfiguration/Drawer/SearchExistingCredential.vue
+++ /dev/null
@@ -1,220 +0,0 @@
-<template>
-  <FeatherDrawer
-    id="drawer"
-    data-test="drawer"
-    v-model="store.credentialDrawerState.visible"
-    :labels="{ close: 'close', title: 'Use an existing credential' }"
-    hide-close
-    @hidden="store.closeCredentialDrawer"
-    width="40rem"
-    class="drawer"
-  >
-    <div class="container">
-      <div class="title">
-        <h2>Use an existing credential</h2>
-      </div>
-      <div class="sub-title">
-        <p>Finding existing credentials based on search</p>
-      </div>
-      <div class="content">
-        <div class="search-input-row">
-          <div class="key">
-            <FeatherSelect
-              class="my-select"
-              label="Search Key"
-            />
-          </div>
-          <div class="value">
-            <FeatherInput
-              :modelValue="searchValue"
-              @update:modelValue="val => onSearch(val as string)"
-              label="Search for credentials"
-            >
-              <template v-slot:post>
-                <FeatherIcon :icon="Search" />
-              </template>
-            </FeatherInput>
-          </div>
-        </div>
-        <div class="search-row">
-          <FeatherButton
-            secondary
-            data-test="search-button"
-          >
-            Search
-          </FeatherButton>
-        </div>
-        <div class="table-container">
-          <table
-            class="data-table"
-            aria-label="Events Table"
-          >
-            <thead>
-              <tr>
-                <th>Alias</th>
-                <th>Key</th>
-              </tr>
-            </thead>
-            <TransitionGroup
-              name="data-table"
-              tag="tbody"
-            >
-              <!-- <tr
-                v-for="(user, index) in tableRecords"
-                :key="index"
-              >
-                <td>{{ user.alias }}</td>
-                <td>{{ user.value }}</td>
-              </tr> -->
-              <tr
-                v-for="(item, index) of filteredResults"
-                :key="`${item.alias}-${item.key}-${index}`"
-                style="cursor: pointer;"
-              >
-                <td>
-                  {{ item.type === 'alias' ? item.alias : '' }}
-                </td>
-                <td v-if="item.type === 'key' && item.key">
-                  <a @click.prevent="onItemSelected(item)">{{ item.type === 'key' ? item.key : '' }}</a>
-                </td>
-                <td v-else></td>
-              </tr>
-            </TransitionGroup>
-          </table>
-          <div v-if="!tableRecords.length">
-            <EmptyList :content="{ msg: 'No credentials found.' }" />
-          </div>
-        </div>
-      </div>
-      <div class="footer">
-        <FeatherButton
-          secondary
-          data-test="cancel-button"
-          @click="store.closeCredentialDrawer"
-        >
-          Cancel
-        </FeatherButton>
-      </div>
-    </div>
-  </FeatherDrawer>
-</template>
-
-<script setup lang="ts">
-import EmptyList from '@/components/Common/EmptyList.vue'
-import { useScvStore } from '@/stores/scvStore'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
-import { ScvSearchItem } from '@/types/scv'
-import FeatherButton from '@featherds/button/src/components/FeatherButton.vue'
-import { FeatherDrawer } from '@featherds/drawer'
-import { FeatherIcon } from '@featherds/icon'
-import Search from '@featherds/icon/action/Search'
-import { FeatherInput } from '@featherds/input'
-import { FeatherSelect } from '@featherds/select'
-import { debounce } from 'lodash'
-
-const emit = defineEmits<{
-  (e: 'hidden'): void
-  (e: 'item-selected', item: ScvSearchItem): void
-}>()
-
-const DEBOUNCE_DELAY = 300
-const store = useTrapConfigStore()
-const scvStore = useScvStore()
-const credentialsLoading = ref(false)
-const filteredResults = ref<ScvSearchItem[]>([])
-const searchValue = ref<string>('')
-const tableRecords = ref<{ alias: string; value: string }[]>([
-  { alias: 'credential1', value: 'value1' },
-  { alias: 'credential2', value: 'value2' }
-])
-
-const onSearch = debounce((query: string) => {
-  credentialsLoading.value = true
-  searchValue.value = query
-  filteredResults.value = scvStore.queryCredentials(query)
-  credentialsLoading.value = false
-}, DEBOUNCE_DELAY)
-
-const onItemSelected = (item: ScvSearchItem) => {
-  emit('item-selected', item)
-}
-
-onMounted(() => {
-  scvStore.populate()
-})
-</script>
-
-<style lang="scss" scoped>
-@use '@featherds/styles/themes/variables';
-@use '@featherds/styles/mixins/typography';
-@use '@featherds/table/scss/table';
-@use '@/styles/_transitionDataTable';
-
-.container {
-  margin-top: 10px;
-  padding: 25px;
-
-  .title {
-    padding: 10px;
-
-    h2 {
-      @include typography.headline2;
-    }
-  }
-
-  .sub-title {
-    padding: 20px 0px;
-
-    p {
-      @include typography.subtitle2;
-    }
-  }
-
-  .content {
-    .search-input-row {
-      display: flex;
-      gap: 20px;
-      padding: 20px 0px;
-
-      .key {
-        width: 30%;
-      }
-
-      .value {
-        width: 70%;
-      }
-    }
-
-    .table-container {
-      table {
-        width: 100%;
-        padding: 20px 0px;
-        @include table.table;
-
-        thead {
-          background: var(variables.$background);
-          text-transform: uppercase;
-        }
-
-        td {
-          white-space: nowrap;
-          box-shadow: none;
-          border-bottom: 1px solid var(variables.$border-on-surface);
-        }
-      }
-    }
-
-    .search-row {
-      display: flex;
-      justify-content: flex-end;
-    }
-  }
-
-  .footer {
-    display: flex;
-    justify-content: flex-end;
-    padding-top: 20px;
-  }
-}
-</style>
-
diff --git a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
similarity index 99%
rename from ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
rename to ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
index 34f56ec54d86..fa4175c70c51 100644
--- a/ui/src/components/TrapConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
@@ -139,7 +139,7 @@ import { AUTH_PROTOCOL_OPTIONS, PRIVACY_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS
 import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useScvStore } from '@/stores/scvStore'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { CreateEditMode } from '@/types'
 import type { SnmpV3UserError } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
@@ -151,7 +151,7 @@ import TableCard from '../Common/TableCard.vue'
 import ScvInputIcon from '../SCV/ScvInputIcon.vue'
 import ScvSearchDrawer from '../SCV/ScvSearchDrawer.vue'
 
-const store = useTrapConfigStore()
+const store = useTrapdConfigStore()
 const { showSnackBar } = useSnackbar()
 const createEmptySelectItem = (): ISelectItemType => (undefined as unknown as ISelectItemType)
 const securityName = ref<string>('')
diff --git a/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue b/ui/src/components/TrapdConfiguration/Dialog/DeleteUserConfirmationDialog.vue
similarity index 92%
rename from ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
rename to ui/src/components/TrapdConfiguration/Dialog/DeleteUserConfirmationDialog.vue
index 685cfa0e58ae..5fbd09d69543 100644
--- a/ui/src/components/TrapConfiguration/Dialog/DeleteUserConfirmationDialog.vue
+++ b/ui/src/components/TrapdConfiguration/Dialog/DeleteUserConfirmationDialog.vue
@@ -29,15 +29,15 @@
 </template>
 
 <script setup lang="ts">
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { FeatherButton } from '@featherds/button'
 import { FeatherDialog } from '@featherds/dialog'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
 
 const label = {
   title: 'Snmpv3 User Delete Confirmation'
 }
 const isVisible = ref(false)
-const store = useTrapConfigStore()
+const store = useTrapdConfigStore()
 
 const props = defineProps<{
   visible: boolean,
diff --git a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
similarity index 99%
rename from ui/src/components/TrapConfiguration/GeneralConfiguration.vue
rename to ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
index 6dd50887607a..2181c549e441 100644
--- a/ui/src/components/TrapConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
@@ -129,7 +129,7 @@ import useSnackbar from '@/composables/useSnackbar'
 import { DEFAULT_TRAPD_BATCH_INTERVAL, DEFAULT_TRAPD_BATCH_SIZE, DEFAULT_TRAPD_BIND_ADDRESS, DEFAULT_TRAPD_INCLUDE_RAW_MESSAGE, DEFAULT_TRAPD_NEW_SUSPECT_ON_TRAP, DEFAULT_TRAPD_PORT, DEFAULT_TRAPD_QUEUE_SIZE, DEFAULT_TRAPD_THREADS, DEFAULT_TRAPD_USE_ADDRESS_FROM_VARBIND } from '@/lib/constants'
 import { isValidIP, isValidPort, MAX_PORT, MIN_PORT } from '@/lib/trapdValidator'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { TrapConfig, TrapdConfigurationError } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
 import { FeatherExpansionPanel } from '@featherds/expansion'
@@ -150,7 +150,7 @@ const batchInterval = ref<number>(DEFAULT_TRAPD_BATCH_INTERVAL)
 const trapConfigError = ref<TrapdConfigurationError>({})
 const isSaveDisabled = ref(true)
 const isSaving = ref(false)
-const store = useTrapConfigStore()
+const store = useTrapdConfigStore()
 const { showSnackBar } = useSnackbar()
 
 const onChangeStatus = () => {
diff --git a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue b/ui/src/components/TrapdConfiguration/SnmpV3UserManagement.vue
similarity index 98%
rename from ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
rename to ui/src/components/TrapdConfiguration/SnmpV3UserManagement.vue
index 1124b9c9f5e3..bfc5752d0c7b 100644
--- a/ui/src/components/TrapConfiguration/SnmpV3UserManagement.vue
+++ b/ui/src/components/TrapdConfiguration/SnmpV3UserManagement.vue
@@ -88,7 +88,7 @@
 <script setup lang="ts">
 import useSnackbar from '@/composables/useSnackbar'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { CreateEditMode } from '@/types'
 import { SnmpV3User, TrapConfig } from '@/types/trapConfig'
 import { FeatherButton } from '@featherds/button'
@@ -100,7 +100,7 @@ import EmptyList from '../Common/EmptyList.vue'
 import TableCard from '../Common/TableCard.vue'
 import DeleteUserConfirmationDialog from './Dialog/DeleteUserConfirmationDialog.vue'
 
-const store = useTrapConfigStore()
+const store = useTrapdConfigStore()
 const { showSnackBar } = useSnackbar()
 const tableRecords = ref<SnmpV3User[]>([])
 const deleteUserIndex = ref<number | null>(null)
diff --git a/ui/src/containers/TrapConfiguration.vue b/ui/src/containers/TrapdConfiguration.vue
similarity index 91%
rename from ui/src/containers/TrapConfiguration.vue
rename to ui/src/containers/TrapdConfiguration.vue
index db1a6a54c711..8275882b092c 100644
--- a/ui/src/containers/TrapConfiguration.vue
+++ b/ui/src/containers/TrapdConfiguration.vue
@@ -36,20 +36,20 @@
 
 <script setup lang="ts">
 import BreadCrumbs from '@/components/Layout/BreadCrumbs.vue'
-import CreateSnmpV3User from '@/components/TrapConfiguration/CreateSnmpV3User.vue'
-import GeneralConfiguration from '@/components/TrapConfiguration/GeneralConfiguration.vue'
-import SnmpV3UserManagement from '@/components/TrapConfiguration/SnmpV3UserManagement.vue'
+import CreateSnmpV3User from '@/components/TrapdConfiguration/CreateSnmpV3User.vue'
+import GeneralConfiguration from '@/components/TrapdConfiguration/GeneralConfiguration.vue'
+import SnmpV3UserManagement from '@/components/TrapdConfiguration/SnmpV3UserManagement.vue'
 import useSnackbar from '@/composables/useSnackbar'
 import { validateTrapdXml } from '@/lib/trapdValidator'
 import { uploadTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useMenuStore } from '@/stores/menuStore'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { BreadCrumb } from '@/types'
 import { FeatherButton } from '@featherds/button'
 import { FeatherTab, FeatherTabContainer, FeatherTabPanel } from '@featherds/tabs'
 
 const menuStore = useMenuStore()
-const store = useTrapConfigStore()
+const store = useTrapdConfigStore()
 const fileInput = ref<HTMLInputElement | null>(null)
 const { showSnackBar } = useSnackbar()
 const homeUrl = computed<string>(() => menuStore.mainMenu?.homeUrl)
diff --git a/ui/src/main/router/index.ts b/ui/src/main/router/index.ts
index 89e51357b70c..ccacaa81a81a 100644
--- a/ui/src/main/router/index.ts
+++ b/ui/src/main/router/index.ts
@@ -289,7 +289,7 @@ const router = createRouter({
     {
       path: '/trapd-config',
       name: 'Trapd Configuration',
-      component: () => import('@/containers/TrapConfiguration.vue')
+      component: () => import('@/containers/TrapdConfiguration.vue')
     },
     {
       path: '/:pathMatch(.*)*', // catch other paths and redirect
diff --git a/ui/src/stores/trapConfigStore.ts b/ui/src/stores/trapdConfigStore.ts
similarity index 95%
rename from ui/src/stores/trapConfigStore.ts
rename to ui/src/stores/trapdConfigStore.ts
index 397c14c1cc46..5b2dbff05cc4 100644
--- a/ui/src/stores/trapConfigStore.ts
+++ b/ui/src/stores/trapdConfigStore.ts
@@ -4,7 +4,7 @@ import { CreateEditMode } from '@/types'
 import { TrapConfigStoreState } from '@/types/trapConfig'
 import { defineStore } from 'pinia'
 
-export const useTrapConfigStore = defineStore('useTrapConfigStore', {
+export const useTrapdConfigStore = defineStore('useTrapdConfigStore', {
   state: (): TrapConfigStoreState => ({
     isLoading: false,
     trapdConfig: getDefaultTrapdConfig(),
diff --git a/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts b/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
similarity index 98%
rename from ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
rename to ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
index 3b38050e0e7c..5abf284400ed 100644
--- a/ui/tests/components/TrapConfiguration/CreateSnmpV3User.test.ts
+++ b/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
@@ -1,4 +1,4 @@
-import CreateSnmpV3User from '@/components/TrapConfiguration/CreateSnmpV3User.vue'
+import CreateSnmpV3User from '@/components/TrapdConfiguration/CreateSnmpV3User.vue'
 import {
   AUTH_PROTOCOL_OPTIONS,
   getDefaultTrapdConfig,
@@ -8,7 +8,7 @@ import {
 import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useScvStore } from '@/stores/scvStore'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { CreateEditMode } from '@/types'
 import type { SnmpV3User } from '@/types/trapConfig'
 import { createTestingPinia } from '@pinia/testing'
@@ -76,7 +76,7 @@ const ScvSearchDrawerStub = defineComponent({
 })
 
 describe('CreateSnmpV3User.vue', () => {
-  let store: ReturnType<typeof useTrapConfigStore>
+  let store: ReturnType<typeof useTrapdConfigStore>
   const useScvStoreMock = vi.mocked(useScvStore)
   const mapUserToServerMock = vi.mocked(mapUserToServer)
   const updateTrapdConfigurationMock = vi.mocked(updateTrapdConfiguration)
@@ -150,7 +150,7 @@ describe('CreateSnmpV3User.vue', () => {
       })
     )
 
-    store = useTrapConfigStore()
+    store = useTrapdConfigStore()
     store.createUserDrawerState.visible = true
     store.createUserDrawerState.mode = CreateEditMode.Create
     store.createUserDrawerState.selectedUserIndex = -1
diff --git a/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts b/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
similarity index 98%
rename from ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
rename to ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
index 67df94a06cf6..e4e896672fe3 100644
--- a/ui/tests/components/TrapConfiguration/GeneralConfiguration.test.ts
+++ b/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
@@ -1,7 +1,7 @@
-import GeneralConfiguration from '@/components/TrapConfiguration/GeneralConfiguration.vue'
+import GeneralConfiguration from '@/components/TrapdConfiguration/GeneralConfiguration.vue'
 import { MAX_PORT, MIN_PORT } from '@/lib/trapdValidator'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import type { TrapConfig } from '@/types/trapConfig'
 import { createTestingPinia } from '@pinia/testing'
 import { flushPromises, mount } from '@vue/test-utils'
@@ -25,7 +25,7 @@ vi.mock('@/services/trapdConfigurationService', () => ({
 }))
 
 describe('GeneralConfiguration.vue', () => {
-  let store: ReturnType<typeof useTrapConfigStore>
+  let store: ReturnType<typeof useTrapdConfigStore>
   const updateTrapdConfigurationMock = vi.mocked(updateTrapdConfiguration)
 
   const baseTrapConfig: TrapConfig = {
@@ -81,7 +81,7 @@ describe('GeneralConfiguration.vue', () => {
       })
     )
 
-    store = useTrapConfigStore()
+    store = useTrapdConfigStore()
     store.trapdConfig = cloneDeep(baseTrapConfig)
     store.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
 
diff --git a/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts b/ui/tests/components/TrapdConfiguration/SnmpV3UserManagement.test.ts
similarity index 98%
rename from ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
rename to ui/tests/components/TrapdConfiguration/SnmpV3UserManagement.test.ts
index 036cd20adce3..97c2569a75a1 100644
--- a/ui/tests/components/TrapConfiguration/SnmpV3UserManagement.test.ts
+++ b/ui/tests/components/TrapdConfiguration/SnmpV3UserManagement.test.ts
@@ -1,6 +1,6 @@
-import SnmpV3UserManagement from '@/components/TrapConfiguration/SnmpV3UserManagement.vue'
+import SnmpV3UserManagement from '@/components/TrapdConfiguration/SnmpV3UserManagement.vue'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { CreateEditMode } from '@/types'
 import type { SnmpV3User } from '@/types/trapConfig'
 import { FeatherSortHeader, SORT } from '@featherds/table'
@@ -80,7 +80,7 @@ const DeleteDialogStub = defineComponent({
 })
 
 describe('SnmpV3UserManagement.vue', () => {
-  let store: ReturnType<typeof useTrapConfigStore>
+  let store: ReturnType<typeof useTrapdConfigStore>
   const updateTrapdConfigurationMock = vi.mocked(updateTrapdConfiguration)
 
   const users: SnmpV3User[] = [
@@ -146,7 +146,7 @@ describe('SnmpV3UserManagement.vue', () => {
       })
     )
 
-    store = useTrapConfigStore()
+    store = useTrapdConfigStore()
     store.createUserDrawerState.visible = false
     store.snmpV3Users = [...users]
     store.trapdConfig = {
diff --git a/ui/tests/containers/TrapConfiguration.test.ts b/ui/tests/containers/TrapdConfiguration.test.ts
similarity index 96%
rename from ui/tests/containers/TrapConfiguration.test.ts
rename to ui/tests/containers/TrapdConfiguration.test.ts
index aeba2b9e7428..e6050431613e 100644
--- a/ui/tests/containers/TrapConfiguration.test.ts
+++ b/ui/tests/containers/TrapdConfiguration.test.ts
@@ -1,9 +1,9 @@
 import BreadCrumbs from '@/components/Layout/BreadCrumbs.vue'
-import TrapConfiguration from '@/containers/TrapConfiguration.vue'
+import TrapdConfiguration from '@/containers/TrapdConfiguration.vue'
 import { validateTrapdXml } from '@/lib/trapdValidator'
 import { uploadTrapdConfiguration } from '@/services/trapdConfigurationService'
 import { useMenuStore } from '@/stores/menuStore'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { createTestingPinia } from '@pinia/testing'
 import { mount } from '@vue/test-utils'
 import { setActivePinia } from 'pinia'
@@ -31,15 +31,15 @@ vi.mock('@/services/trapdConfigurationService', () => ({
   uploadTrapdConfiguration: vi.fn()
 }))
 
-describe('TrapConfiguration.vue', () => {
-  let trapStore: ReturnType<typeof useTrapConfigStore>
+describe('TrapdConfiguration.vue', () => {
+  let trapStore: ReturnType<typeof useTrapdConfigStore>
   let menuStore: ReturnType<typeof useMenuStore>
 
   const validateTrapdXmlMock = vi.mocked(validateTrapdXml)
   const uploadTrapdConfigurationMock = vi.mocked(uploadTrapdConfiguration)
 
   const mountComponent = () => {
-    return mount(TrapConfiguration, {
+    return mount(TrapdConfiguration, {
       global: {
         stubs: {
           GeneralConfiguration: true,
@@ -81,7 +81,7 @@ describe('TrapConfiguration.vue', () => {
   beforeEach(() => {
     vi.clearAllMocks()
     setActivePinia(createTestingPinia({ stubActions: true }))
-    trapStore = useTrapConfigStore()
+    trapStore = useTrapdConfigStore()
     menuStore = useMenuStore()
     menuStore.mainMenu = { homeUrl: '/home' } as any
     trapStore.fetchTrapConfig = vi.fn().mockResolvedValue(undefined)
diff --git a/ui/tests/stores/trapConfigStore.test.ts b/ui/tests/stores/trapdConfigStore.test.ts
similarity index 95%
rename from ui/tests/stores/trapConfigStore.test.ts
rename to ui/tests/stores/trapdConfigStore.test.ts
index 29eabe1989fa..23068c95257e 100644
--- a/ui/tests/stores/trapConfigStore.test.ts
+++ b/ui/tests/stores/trapdConfigStore.test.ts
@@ -1,6 +1,6 @@
 import { getDefaultTrapdConfig } from '@/lib/trapdValidator'
 import { getTrapdConfiguration } from '@/services/trapdConfigurationService'
-import { useTrapConfigStore } from '@/stores/trapConfigStore'
+import { useTrapdConfigStore } from '@/stores/trapdConfigStore'
 import { CreateEditMode } from '@/types'
 import type { TrapConfig } from '@/types/trapConfig'
 import { createPinia, setActivePinia } from 'pinia'
@@ -10,8 +10,8 @@ vi.mock('@/services/trapdConfigurationService', () => ({
   getTrapdConfiguration: vi.fn()
 }))
 
-describe('useTrapConfigStore', () => {
-  let store: ReturnType<typeof useTrapConfigStore>
+describe('useTrapdConfigStore', () => {
+  let store: ReturnType<typeof useTrapdConfigStore>
 
   const trapConfigResponse: TrapConfig = {
     snmpTrapAddress: '192.168.0.20',
@@ -39,7 +39,7 @@ describe('useTrapConfigStore', () => {
   beforeEach(() => {
     vi.clearAllMocks()
     setActivePinia(createPinia())
-    store = useTrapConfigStore()
+    store = useTrapdConfigStore()
   })
 
   it('has the expected initial state', () => {

From 1c0b88a39d81ce935af86f63a1590b6f5efdf3b7 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Mon, 30 Mar 2026 12:16:07 +0500
Subject: [PATCH 32/41] unused imports

---
 .../main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java    | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
index 6c40d277b571..82aa8b39ff8e 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/api/TrapdRestApi.java
@@ -22,11 +22,9 @@
 package org.opennms.web.rest.v2.api;
 
 import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.PUT;
 import javax.ws.rs.core.Context;
@@ -41,7 +39,6 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import org.opennms.web.rest.v2.model.Snmpv3UserDto;
 import org.opennms.web.rest.v2.model.TrapdConfigDto;
 
 @Path("trapd")

From 15cd5908fcfc103369d0099f8ee1ad7f5283c864 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Tue, 31 Mar 2026 21:26:32 +0500
Subject: [PATCH 33/41] review changes

---
 .../opennms/web/rest/v2/TrapdRestService.java |  74 ++--
 .../web/rest/v2/TrapdRestServiceIT.java       | 343 +++++++++++++++++-
 2 files changed, 374 insertions(+), 43 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 1e2dca4c3958..5901b89921ed 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -34,7 +34,6 @@
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
 import org.opennms.core.xml.JaxbUtils;
 import org.opennms.features.config.exception.ValidationException;
-import org.opennms.netmgt.config.trapd.Snmpv3User;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.web.rest.v2.api.TrapdRestApi;
@@ -101,17 +100,12 @@ public Response updateTrapdConfiguration(TrapdConfigDto configDto, SecurityConte
             return Response.status(Status.BAD_REQUEST).entity("Missing trapd configuration in request body.").build();
         }
 
-        String fieldValidation = validateTrapdConfigDtoFields(configDto);
-        if (fieldValidation != null) {
-            return Response.status(Status.BAD_REQUEST).entity(fieldValidation).build();
-        }
-
-        TrapdConfiguration payload = configDto.toEntity();
-        final String validationMessage = validateTrapdConfigurationPayload(payload);
+        String validationMessage = validateTrapdConfigRequest(configDto);
         if (validationMessage != null) {
             return Response.status(Status.BAD_REQUEST).entity(validationMessage).build();
         }
 
+        TrapdConfiguration payload = configDto.toEntity();
         try {
             trapdConfigDao.updateConfig(payload);
             return Response.ok().build();
@@ -124,21 +118,33 @@ public Response updateTrapdConfiguration(TrapdConfigDto configDto, SecurityConte
         }
     }
 
-    private String validateTrapdConfigDtoFields(TrapdConfigDto configDto) {
-        if (StringUtils.isBlank(configDto.getSnmpTrapAddress())) {
-            return "snmpTrapAddress is required.";
-        }
+    /**
+     * Validates the trapd configuration request DTO.
+     *
+     * <p>Only {@code snmpTrapPort} is required. All other numeric fields
+     * ({@code threads}, {@code queueSize}, {@code batchSize}, {@code batchInterval})
+     * are optional — {@link org.opennms.netmgt.config.trapd.TrapdConfiguration} provides
+     * safe defaults (0, 10000, 1000, 500 respectively) when they are omitted.
+     * Range checks are only applied when the client explicitly supplies a value.</p>
+     *
+     * @return an error message string, or {@code null} if the request is valid.
+     */
+    private String validateTrapdConfigRequest(final TrapdConfigDto configDto) {
+        // snmpTrapPort is the only required field (no default in TrapdConfiguration).
         if (configDto.getSnmpTrapPort() == null || configDto.getSnmpTrapPort() < 1 || configDto.getSnmpTrapPort() > 65535) {
             return "snmpTrapPort is required and must be between 1 and 65535.";
         }
+
+        // Optional fields: only validate range when the client explicitly provides a value.
+        // TrapdConfiguration defaults: threads=0 (auto), queueSize=10000, batchSize=1000, batchInterval=500.
         if (configDto.getThreads() != null && configDto.getThreads() < 0) {
             return "threads must be non-negative.";
         }
-        if (configDto.getQueueSize() != null && configDto.getQueueSize() < 0) {
-            return "queueSize must be non-negative.";
+        if (configDto.getQueueSize() != null && configDto.getQueueSize() < 1) {
+            return "queueSize must be greater than 0.";
         }
-        if (configDto.getBatchSize() != null && configDto.getBatchSize() < 0) {
-            return "batchSize must be non-negative.";
+        if (configDto.getBatchSize() != null && configDto.getBatchSize() < 1) {
+            return "batchSize must be greater than 0.";
         }
         if (configDto.getBatchInterval() != null && configDto.getBatchInterval() < 0) {
             return "batchInterval must be non-negative.";
@@ -155,27 +161,27 @@ private String validateTrapdConfigDtoFields(TrapdConfigDto configDto) {
         return null;
     }
 
-    private String validateTrapdConfigurationPayload(final TrapdConfiguration config) {
-        if (!config.hasSnmpTrapPort()) {
-            return "snmpTrapPort is required.";
-        }
-        if (!config.hasNewSuspectOnTrap()) {
-            return "newSuspectOnTrap is required.";
-        }
-        return null;
-    }
-
-
+    /**
+     * Validates a single SNMPv3 user payload.
+     *
+     * <p>{@code securityName} is the only required field. All other fields —
+     * including {@code securityLevel} — are optional per the XSD
+     * ({@code use="optional"}, no default). When {@code securityLevel} is
+     * supplied its value must be 1 (noAuthNoPriv), 2 (authNoPriv), or 3 (authPriv),
+     * and it must be consistent with the provided auth/privacy credentials.
+     * Cross-field pairing checks (e.g. authProtocol ↔ authPassphrase) are always
+     * applied regardless of whether securityLevel is present.</p>
+     *
+     * @return an error message string, or {@code null} if the user is valid.
+     */
     private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
         if (StringUtils.isBlank(user.getSecurityName())) {
             return "securityName is required.";
         }
 
+        // securityLevel is optional; only validate range when explicitly provided.
         final Integer securityLevel = user.getSecurityLevel();
-        if (securityLevel == null) {
-            return "securityLevel is required.";
-        }
-        if (securityLevel < 1 || securityLevel > 3) {
+        if (securityLevel != null && (securityLevel < 1 || securityLevel > 3)) {
             return "securityLevel must be between 1 and 3.";
         }
 
@@ -198,13 +204,13 @@ private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
             return "privacyProtocol and privacyPassphrase must be provided together.";
         }
 
-        if (securityLevel == 1 && (hasAuthProtocol || hasPrivacyProtocol)) {
+        if (securityLevel != null && securityLevel == 1 && (hasAuthProtocol || hasPrivacyProtocol)) {
             return "securityLevel 1 does not allow auth or privacy credentials.";
         }
-        if (securityLevel == 2 && (!hasAuthProtocol || hasPrivacyProtocol)) {
+        if (securityLevel != null && securityLevel == 2 && (!hasAuthProtocol || hasPrivacyProtocol)) {
             return "securityLevel 2 requires auth credentials and does not allow privacy credentials.";
         }
-        if (securityLevel == 3 && (!hasAuthProtocol || !hasPrivacyProtocol)) {
+        if (securityLevel != null && securityLevel == 3 && (!hasAuthProtocol || !hasPrivacyProtocol)) {
             return "securityLevel 3 requires both auth and privacy credentials.";
         }
 
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 70f0068d3b6d..b448dd1ded1d 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -359,6 +359,15 @@ private static TrapdConfiguration buildMinimalConfig() {
         return config;
     }
 
+    /** Builds the smallest valid {@link TrapdConfigDto} accepted by the update endpoint. */
+    private static TrapdConfigDto buildMinimalUpdatePayload() {
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setSnmpTrapPort(10164);
+        payload.setNewSuspectOnTrap(false);
+        return payload;
+    }
+
     @Test
     public void updateShouldReturnBadRequestWhenPayloadMissing() {
         try (Response response = trapdRestService.updateTrapdConfiguration(null, null)) {
@@ -382,17 +391,29 @@ public void updateShouldReturnBadRequestWhenSnmpTrapPortMissing() {
     }
 
     @Test
-    public void updateShouldReturnBadRequestWhenNewSuspectOnTrapMissing() {
+    public void updateShouldAcceptWhenSnmpTrapAddressMissing() {
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapPort(10164);
+        payload.setNewSuspectOnTrap(false);
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+
+        verify(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateShouldAcceptWhenNewSuspectOnTrapMissing() {
         TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
         payload.setSnmpTrapPort(10164);
 
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
-            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("newSuspectOnTrap is required.", response.getEntity());
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
         }
 
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -468,6 +489,291 @@ public void updateShouldReturnServerErrorWhenPersistenceThrows() {
         }
     }
 
+    // --- SNMPv3 User Validation Tests ---
+
+    @Test
+    public void updateShouldAcceptSnmpv3UserWithoutSecurityLevel() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user-no-level");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+
+        verify(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenSecurityNameMissing() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        // securityName intentionally omitted
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityName is required."));
+        }
+
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateShouldAcceptSnmpv3UserWithValidSecurityLevelBoundaries() {
+        // securityLevel 1, 2, 3 are all valid
+        for (int level : new int[]{1, 2, 3}) {
+            TrapdConfigDto payload = buildMinimalUpdatePayload();
+            Snmpv3UserDto user = new Snmpv3UserDto();
+            user.setSecurityName("user-level-" + level);
+            user.setSecurityLevel(level);
+            if (level >= 2) {
+                user.setAuthProtocol("SHA");
+                user.setAuthPassphrase("authpass123");
+            }
+            if (level == 3) {
+                user.setPrivacyProtocol("AES");
+                user.setPrivacyPassphrase("privpass123");
+            }
+            payload.setSnmpv3User(java.util.List.of(user));
+
+            try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+                assertEquals("Expected OK for securityLevel=" + level,
+                        Response.Status.OK.getStatusCode(), response.getStatus());
+            }
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenSecurityLevelOutOfRange() {
+        // Level 0 is below minimum
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user-bad-level");
+        user.setSecurityLevel(0);
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel must be between 1 and 3."));
+        }
+
+        // Level 4 is above maximum
+        payload = buildMinimalUpdatePayload();
+        user = new Snmpv3UserDto();
+        user.setSecurityName("user-bad-level");
+        user.setSecurityLevel(4);
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel must be between 1 and 3."));
+        }
+
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenAuthProtocolWithoutPassphrase() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setAuthProtocol("SHA");
+        // authPassphrase intentionally omitted
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("authProtocol and authPassphrase must be provided together."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenAuthPassphraseWithoutProtocol() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        // authProtocol intentionally omitted
+        user.setAuthPassphrase("somepassphrase");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("authProtocol and authPassphrase must be provided together."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenPrivacyProtocolWithoutPassphrase() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setPrivacyProtocol("AES");
+        // privacyPassphrase intentionally omitted
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("privacyProtocol and privacyPassphrase must be provided together."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenPrivacyPassphraseWithoutProtocol() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        // privacyProtocol intentionally omitted
+        user.setPrivacyPassphrase("privpass");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("privacyProtocol and privacyPassphrase must be provided together."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenUnsupportedAuthProtocol() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setAuthProtocol("INVALID");
+        user.setAuthPassphrase("authpass");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("Unsupported authProtocol."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenUnsupportedPrivacyProtocol() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setPrivacyProtocol("INVALID");
+        user.setPrivacyPassphrase("privpass");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("Unsupported privacyProtocol."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenLevel1HasAuthCredentials() {
+        // securityLevel 1 (noAuthNoPriv) must not have auth credentials
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(1);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("authpass");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel 1 does not allow auth or privacy credentials."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenLevel2MissingAuthCredentials() {
+        // securityLevel 2 (authNoPriv) requires auth but no privacy
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(2);
+        // auth credentials intentionally omitted
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel 2 requires auth credentials and does not allow privacy credentials."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenLevel2HasPrivacyCredentials() {
+        // securityLevel 2 (authNoPriv) must not have privacy credentials
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(2);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("authpass");
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("privpass");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel 2 requires auth credentials and does not allow privacy credentials."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenLevel3MissingPrivacyCredentials() {
+        // securityLevel 3 (authPriv) requires both auth and privacy
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(3);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("authpass");
+        // privacy credentials intentionally omitted
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel 3 requires both auth and privacy credentials."));
+        }
+    }
+
+    @Test
+    public void updateShouldApplyPairingCheckEvenWhenSecurityLevelIsAbsent() {
+        // Cross-field pairing is always enforced regardless of securityLevel presence.
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        // securityLevel omitted — only authProtocol provided, passphrase missing
+        user.setAuthProtocol("SHA");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("authProtocol and authPassphrase must be provided together."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectFirstInvalidUserInList() {
+        // Only the first invalid user should trigger the error
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+
+        Snmpv3UserDto validUser = new Snmpv3UserDto();
+        validUser.setSecurityName("valid-user");
+
+        Snmpv3UserDto invalidUser = new Snmpv3UserDto();
+        // securityName missing — invalid
+        invalidUser.setSecurityLevel(1);
+
+        payload.setSnmpv3User(java.util.List.of(validUser, invalidUser));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityName is required."));
+        }
+
+        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
     // --- Boundary Value Tests ---
     @Test
     public void updateShouldAcceptSnmpTrapPortAtLowerAndUpperBound() {
@@ -506,20 +812,39 @@ public void updateShouldRejectSnmpTrapPortOutOfBounds() {
     }
 
     @Test
-    public void updateShouldAcceptZeroForOptionalFields() {
+    public void updateShouldAcceptZeroOnlyForFieldsThatAllowIt() {
         TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
         payload.setSnmpTrapPort(162);
         payload.setNewSuspectOnTrap(false);
         payload.setThreads(0);
-        payload.setQueueSize(0);
-        payload.setBatchSize(0);
         payload.setBatchInterval(0);
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
         }
     }
 
+    @Test
+    public void updateShouldRejectZeroForQueueSizeAndBatchSize() {
+        TrapdConfigDto payload = new TrapdConfigDto();
+        payload.setSnmpTrapAddress("127.0.0.1");
+        payload.setSnmpTrapPort(162);
+        payload.setNewSuspectOnTrap(false);
+
+        payload.setQueueSize(0);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("queueSize must be greater than 0.", response.getEntity());
+        }
+
+        payload.setQueueSize(null);
+        payload.setBatchSize(0);
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertEquals("batchSize must be greater than 0.", response.getEntity());
+        }
+    }
+
     @Test
     public void updateShouldRejectNegativeForOptionalFields() {
         TrapdConfigDto payload = new TrapdConfigDto();
@@ -535,13 +860,13 @@ public void updateShouldRejectNegativeForOptionalFields() {
         payload.setQueueSize(-1);
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("queueSize must be non-negative.", response.getEntity());
+            assertEquals("queueSize must be greater than 0.", response.getEntity());
         }
         payload.setQueueSize(null);
         payload.setBatchSize(-1);
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("batchSize must be non-negative.", response.getEntity());
+            assertEquals("batchSize must be greater than 0.", response.getEntity());
         }
         payload.setBatchSize(null);
         payload.setBatchInterval(-1);

From 77991d754a13b9d045e09c4c1230269bff073980 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 2 Apr 2026 00:34:22 +0500
Subject: [PATCH 34/41] response messages update

---
 .../main/java/org/opennms/web/rest/v2/TrapdRestService.java   | 4 ++--
 .../test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index 5901b89921ed..d17ce34ea6b2 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -57,7 +57,7 @@ public class TrapdRestService implements TrapdRestApi {
     @Override
     public Response uploadTrapdConfiguration(final Attachment attachment, final SecurityContext securityContext) {
         if (attachment == null) {
-            return Response.status(Status.BAD_REQUEST).entity("Missing uploaded file field 'upload'.").build();
+            return Response.status(Status.BAD_REQUEST).entity("Missing uploaded file for trapd file upload.").build();
         }
 
         final TrapdConfiguration config;
@@ -111,7 +111,7 @@ public Response updateTrapdConfiguration(TrapdConfigDto configDto, SecurityConte
             return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
-            return Response.status(Status.BAD_REQUEST).entity(e.getMessage()).build();
+            return Response.status(Status.BAD_REQUEST).entity("Provided trapd configuration failed schema validation.").build();
         } catch (Exception e) {
             LOG.error("Failed to persist provided trapd configuration.", e);
             return Response.status(Status.INTERNAL_SERVER_ERROR).entity("Failed to persist trapd configuration.").build();
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index b448dd1ded1d..8316b602f8cf 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -87,7 +87,7 @@ public void setUp() throws Exception {
     public void uploadShouldReturnBadRequestWhenAttachmentMissing() {
         try (Response response = trapdRestService.uploadTrapdConfiguration(null, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("Missing uploaded file field 'upload'.", response.getEntity());
+            assertEquals("Missing uploaded file for trapd file upload.", response.getEntity());
         }
     }
 
@@ -469,7 +469,7 @@ public void updateShouldReturnBadRequestWhenValidationFails() {
 
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
-            assertEquals("validation failed", response.getEntity());
+            assertEquals("Provided trapd configuration failed schema validation.", response.getEntity());
         }
     }
 

From bdda3bf7ee44916ed2cd087ab60b59a457db3be5 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Thu, 2 Apr 2026 23:32:36 +0500
Subject: [PATCH 35/41] validator fix

---
 ui/src/lib/trapdValidator.ts        | 4 +---
 ui/tests/lib/trapdValidator.test.ts | 5 +++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/ui/src/lib/trapdValidator.ts b/ui/src/lib/trapdValidator.ts
index 44382c0c7ca9..6c5ec475b3c1 100644
--- a/ui/src/lib/trapdValidator.ts
+++ b/ui/src/lib/trapdValidator.ts
@@ -139,9 +139,7 @@ const validateSnmpV3UserElement = (
 
   const securityLevelAttr = user.getAttribute('security-level')
   let securityLevel: number | undefined
-  if (securityLevelAttr === null || securityLevelAttr.trim() === '') {
-    addError(errors, `${prefix}.security-level`, `${prefix}: security-level is required (1, 2, or 3)`)
-  } else {
+  if (securityLevelAttr !== null && securityLevelAttr.trim() !== '') {
     securityLevel = parseInt(securityLevelAttr, 10)
     if (!isValidSnmpSecurityLevel(securityLevel)) {
       addError(
diff --git a/ui/tests/lib/trapdValidator.test.ts b/ui/tests/lib/trapdValidator.test.ts
index a12557e3e364..0ef301f7c39c 100644
--- a/ui/tests/lib/trapdValidator.test.ts
+++ b/ui/tests/lib/trapdValidator.test.ts
@@ -446,10 +446,11 @@ describe('validateTrapdXml – snmpv3-user: security-name and security-level', (
     expect(result.errors.some((e) => e.field.includes('security-name'))).toBe(true)
   })
 
-  it('returns error when security-level is missing', () => {
+  it('allows missing security-level (optional)', () => {
     const user = buildUser({ 'security-name': 'user1' })
     const result = validateTrapdXml(buildXml({ users: user }))
-    expect(result.errors.some((e) => e.field.includes('security-level'))).toBe(true)
+    expect(result.valid).toBe(true)
+    expect(result.errors.some((e) => e.field.includes('security-level'))).toBe(false)
   })
 
   it('returns error for security-level 0 (None)', () => {

From bf38a5450574cc81149b1bac749fb561b95fdd81 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 3 Apr 2026 00:58:48 +0500
Subject: [PATCH 36/41] DAO update fix

---
 .../netmgt/dao/api/TrapdConfigDao.java        |  1 +
 .../dao/jaxb/DefaultTrapdConfigDao.java       |  6 +++
 .../opennms/web/rest/v2/TrapdRestService.java |  4 +-
 .../web/rest/v2/TrapdRestServiceIT.java       | 46 +++++++++++++------
 4 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
index 44bd5d4c1d8a..0b3fcd84a07f 100644
--- a/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
+++ b/opennms-dao-api/src/main/java/org/opennms/netmgt/dao/api/TrapdConfigDao.java
@@ -26,4 +26,5 @@
 public interface TrapdConfigDao {
     TrapdConfiguration getConfig();
     void updateConfig(TrapdConfiguration config);
+    void replaceConfig(TrapdConfiguration config);
 }
diff --git a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
index 9c49af73da65..10a4f324f195 100644
--- a/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
+++ b/opennms-dao/src/main/java/org/opennms/netmgt/dao/jaxb/DefaultTrapdConfigDao.java
@@ -23,6 +23,7 @@
 
 import org.opennms.features.config.service.api.ConfigUpdateInfo;
 import org.opennms.features.config.service.impl.AbstractCmJaxbConfigDao;
+import org.opennms.features.config.service.util.ConfigConvertUtil;
 import org.opennms.netmgt.config.trapd.TrapdConfiguration;
 import org.opennms.netmgt.dao.api.TrapdConfigDao;
 import org.opennms.netmgt.dao.jaxb.callback.ConfigurationReloadEventCallback;
@@ -60,4 +61,9 @@ public Consumer<ConfigUpdateInfo> getUpdateCallback(){
     public Consumer getValidationCallback() {
         return super.getValidationCallback();
     }
+
+    @Override
+    public void replaceConfig(TrapdConfiguration config) {
+        this.updateConfig(this.getDefaultConfigId(), ConfigConvertUtil.objectToJson(config), true);
+    }
 }
diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index d17ce34ea6b2..e492b6e92b3a 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -69,7 +69,7 @@ public Response uploadTrapdConfiguration(final Attachment attachment, final Secu
         }
 
         try {
-            trapdConfigDao.updateConfig(config);
+            trapdConfigDao.replaceConfig(config);
             return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Uploaded trapd configuration failed schema validation.", e);
@@ -107,7 +107,7 @@ public Response updateTrapdConfiguration(TrapdConfigDto configDto, SecurityConte
 
         TrapdConfiguration payload = configDto.toEntity();
         try {
-            trapdConfigDao.updateConfig(payload);
+            trapdConfigDao.replaceConfig(payload);
             return Response.ok().build();
         } catch (ValidationException e) {
             LOG.warn("Provided trapd configuration failed schema validation.", e);
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 8316b602f8cf..6fd1373244d7 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -117,7 +117,7 @@ public void uploadShouldPersistValidXmlAndReturnOk() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).replaceConfig(captor.capture());
         assertEquals(10163, captor.getValue().getSnmpTrapPort());
     }
 
@@ -134,7 +134,7 @@ public void uploadShouldPersistUseAddressFromVarbindWhenProvidedInXml() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).replaceConfig(captor.capture());
         assertTrue(captor.getValue().shouldUseAddressFromVarbind());
     }
 
@@ -158,7 +158,7 @@ public void uploadShouldReturnServerErrorWhenPersistenceFails() {
         when(attachment.getObject(InputStream.class)).thenReturn(
                 new ByteArrayInputStream(validTrapdConfigXml().getBytes(StandardCharsets.UTF_8))
         );
-        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        org.mockito.Mockito.doThrow(new RuntimeException("db down")).when(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         try (Response response = trapdRestService.uploadTrapdConfiguration(attachment, null)) {
             assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
@@ -387,7 +387,7 @@ public void updateShouldReturnBadRequestWhenSnmpTrapPortMissing() {
             assertEquals("snmpTrapPort is required and must be between 1 and 65535.", response.getEntity());
         }
 
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -400,7 +400,7 @@ public void updateShouldAcceptWhenSnmpTrapAddressMissing() {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
         }
 
-        verify(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -413,7 +413,7 @@ public void updateShouldAcceptWhenNewSuspectOnTrapMissing() {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
         }
 
-        verify(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -432,7 +432,7 @@ public void updateShouldMergePayloadAndPersist() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).replaceConfig(captor.capture());
         TrapdConfiguration persisted = captor.getValue();
         assertEquals(10164, persisted.getSnmpTrapPort());
         assertEquals(4, persisted.getThreads());
@@ -453,14 +453,14 @@ public void updateShouldPersistUseAddressFromVarbindWhenProvided() {
         }
 
         ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
-        verify(trapdConfigDao).updateConfig(captor.capture());
+        verify(trapdConfigDao).replaceConfig(captor.capture());
         assertTrue(captor.getValue().shouldUseAddressFromVarbind());
     }
 
     @Test
     public void updateShouldReturnBadRequestWhenValidationFails() {
         org.mockito.Mockito.doThrow(new ValidationException("validation failed"))
-                .when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+                .when(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
@@ -476,7 +476,7 @@ public void updateShouldReturnBadRequestWhenValidationFails() {
     @Test
     public void updateShouldReturnServerErrorWhenPersistenceThrows() {
         org.mockito.Mockito.doThrow(new RuntimeException("db down"))
-                .when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+                .when(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
 
         TrapdConfigDto payload = new TrapdConfigDto();
         payload.setSnmpTrapAddress("127.0.0.1");
@@ -503,7 +503,23 @@ public void updateShouldAcceptSnmpv3UserWithoutSecurityLevel() {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
         }
 
-        verify(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void updateShouldClearSnmpv3UsersWhenEmptyListProvided() {
+        // Reproduces the bug: sending snmpv3User=[] should result in replaceConfig being called
+        // with an entity that has no SNMPv3 users (not the old ones retained from a merge).
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        payload.setSnmpv3User(java.util.Collections.emptyList());
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(trapdConfigDao).replaceConfig(captor.capture());
+        assertEquals(0, captor.getValue().getSnmpv3UserCount());
     }
 
     @Test
@@ -519,7 +535,7 @@ public void updateShouldRejectSnmpv3UserWhenSecurityNameMissing() {
             assertTrue(((String) response.getEntity()).contains("securityName is required."));
         }
 
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -573,7 +589,7 @@ public void updateShouldRejectSnmpv3UserWhenSecurityLevelOutOfRange() {
             assertTrue(((String) response.getEntity()).contains("securityLevel must be between 1 and 3."));
         }
 
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     @Test
@@ -771,7 +787,7 @@ public void updateShouldRejectFirstInvalidUserInList() {
             assertTrue(((String) response.getEntity()).contains("securityName is required."));
         }
 
-        verify(trapdConfigDao, never()).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        verify(trapdConfigDao, never()).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     // --- Boundary Value Tests ---
@@ -887,7 +903,7 @@ public void updateShouldEnforceAuthorizationIfSecurityContextIsUsed() {
     }
 
     private void whenValidationFailsOnUpdate(final String message) {
-        org.mockito.Mockito.doThrow(new ValidationException(message)).when(trapdConfigDao).updateConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+        org.mockito.Mockito.doThrow(new ValidationException(message)).when(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
 
     private static void setField(final Object target, final String fieldName, final Object value) throws Exception {

From 5e82549b16cb35429335f55016cfe89cfe6d4ec5 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 3 Apr 2026 19:25:51 +0500
Subject: [PATCH 37/41] DAO fixes

---
 opennms-webapp-rest/pom.xml                   |   6 +
 .../web/rest/v2/TrapdRestServiceIT.java       | 263 ++++++++----------
 2 files changed, 125 insertions(+), 144 deletions(-)

diff --git a/opennms-webapp-rest/pom.xml b/opennms-webapp-rest/pom.xml
index 1701c18efd12..eb45eb66b6c3 100644
--- a/opennms-webapp-rest/pom.xml
+++ b/opennms-webapp-rest/pom.xml
@@ -618,5 +618,11 @@
       <artifactId>org.opennms.features.notifications.api</artifactId>
       <scope>${onmsLibScope}</scope>
     </dependency>
+    <dependency>
+      <groupId>org.opennms.features.config.dao</groupId>
+      <artifactId>org.opennms.features.config.dao.api</artifactId>
+      <version>${project.version}</version>
+      <scope>${onmsLibScope}</scope>
+    </dependency>
   </dependencies>
 </project>
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 6fd1373244d7..52048d706d4b 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -67,7 +67,6 @@
 @JUnitConfigurationEnvironment(systemProperties = "org.opennms.timeseries.strategy=integration")
 @JUnitTemporaryDatabase
 public class TrapdRestServiceIT {
-    private static final String PASSPHRASE_PLACEHOLDER = "********";
 
     @Autowired
     private TrapdRestService trapdRestService;
@@ -203,38 +202,17 @@ public void getShouldReturnServerErrorWhenExceptionThrown() {
         }
     }
 
-    // --- passphrase masking tests ---
-
     @Test
-    public void getShouldMaskBothPassphrasesWithPlaceholder() {
+    public void getShouldReturnSnmpv3UserFieldsUnchanged() {
         TrapdConfiguration config = buildMinimalConfig();
         Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("user1");
+        user.setSecurityName("engine-user");
+        user.setEngineId("0x8000000001020304");
         user.setSecurityLevel(3);
         user.setAuthProtocol("SHA");
-        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
+        user.setAuthPassphrase("authpass");
         user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
-        config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
-
-        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
-            Snmpv3UserDto returnedUser = returned.getSnmpv3User().get(0);
-            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getAuthPassphrase());
-            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getPrivacyPassphrase());
-        }
-    }
-
-    @Test
-    public void getShouldMaskAuthPassphraseWhenPrivacyPassphraseIsAbsent() {
-        TrapdConfiguration config = buildMinimalConfig();
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("user1");
-        user.setSecurityLevel(2);
-        user.setAuthProtocol("MD5");
-        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
+        user.setPrivacyPassphrase("privpass");
         config.addSnmpv3User(user);
         when(trapdConfigDao.getConfig()).thenReturn(config);
 
@@ -242,13 +220,18 @@ public void getShouldMaskAuthPassphraseWhenPrivacyPassphraseIsAbsent() {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
             Snmpv3UserDto returnedUser = returned.getSnmpv3User().get(0);
-            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getAuthPassphrase());
-            assertNull(returnedUser.getPrivacyPassphrase());
+            assertEquals("engine-user", returnedUser.getSecurityName());
+            assertEquals("0x8000000001020304", returnedUser.getEngineId());
+            assertEquals("SHA", returnedUser.getAuthProtocol());
+            assertEquals("AES", returnedUser.getPrivacyProtocol());
+            assertEquals(Integer.valueOf(3), returnedUser.getSecurityLevel());
+            assertEquals("authpass", returnedUser.getAuthPassphrase());
+            assertEquals("privpass", returnedUser.getPrivacyPassphrase());
         }
     }
 
     @Test
-    public void getShouldNotSetPlaceholderWhenPassphrasesAreNull() {
+    public void getShouldReturnNullPassphrasesWhenNotSet() {
         TrapdConfiguration config = buildMinimalConfig();
         Snmpv3User user = new Snmpv3User();
         user.setSecurityName("user1");
@@ -267,23 +250,15 @@ public void getShouldNotSetPlaceholderWhenPassphrasesAreNull() {
     }
 
     @Test
-    public void getShouldMaskPassphrasesForEveryUser() {
+    public void getShouldReturnAllSnmpv3Users() {
         TrapdConfiguration config = buildMinimalConfig();
 
         Snmpv3User userA = new Snmpv3User();
         userA.setSecurityName("user-a");
-        userA.setSecurityLevel(3);
-        userA.setAuthProtocol("SHA");
-        userA.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
-        userA.setPrivacyProtocol("AES");
-        userA.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(userA);
 
         Snmpv3User userB = new Snmpv3User();
         userB.setSecurityName("user-b");
-        userB.setSecurityLevel(2);
-        userB.setAuthProtocol("MD5");
-        userB.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
         config.addSnmpv3User(userB);
 
         when(trapdConfigDao.getConfig()).thenReturn(config);
@@ -292,62 +267,8 @@ public void getShouldMaskPassphrasesForEveryUser() {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
             assertEquals(2, returned.getSnmpv3User().size());
-            assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(0).getAuthPassphrase());
-            assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(0).getPrivacyPassphrase());
-            assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(1).getAuthPassphrase());
-            assertNull(returned.getSnmpv3User().get(1).getPrivacyPassphrase());
-        }
-    }
-
-    @Test
-    public void getShouldNotMutateStoredConfigWhenMaskingPassphrases() {
-        TrapdConfiguration config = buildMinimalConfig();
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("user1");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
-        user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
-        config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
-
-        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-        }
-
-        // The config returned by getConfig should not have been mutated by the service
-        assertEquals(PASSPHRASE_PLACEHOLDER, config.getSnmpv3User(0).getAuthPassphrase());
-        assertEquals(PASSPHRASE_PLACEHOLDER, config.getSnmpv3User(0).getPrivacyPassphrase());
-    }
-
-    @Test
-    public void getShouldReturnConfigWithOtherFieldsIntactAfterMasking() {
-        TrapdConfiguration config = buildMinimalConfig();
-        Snmpv3User user = new Snmpv3User();
-        user.setSecurityName("engine-user");
-        user.setEngineId("0x8000000001020304");
-        user.setSecurityLevel(3);
-        user.setAuthProtocol("SHA");
-        user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
-        user.setPrivacyProtocol("AES");
-        user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
-        config.addSnmpv3User(user);
-        when(trapdConfigDao.getConfig()).thenReturn(config);
-
-        try (Response response = trapdRestService.getTrapdConfiguration(null)) {
-            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
-            TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
-            Snmpv3UserDto returnedUser = returned.getSnmpv3User().get(0);
-            // Non-sensitive fields must be preserved
-            assertEquals("engine-user", returnedUser.getSecurityName());
-            assertEquals("0x8000000001020304", returnedUser.getEngineId());
-            assertEquals("SHA", returnedUser.getAuthProtocol());
-            assertEquals("AES", returnedUser.getPrivacyProtocol());
-            assertEquals(Integer.valueOf(3), returnedUser.getSecurityLevel());
-            // Sensitive fields must be masked
-            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getAuthPassphrase());
-            assertEquals(PASSPHRASE_PLACEHOLDER, returnedUser.getPrivacyPassphrase());
+            assertEquals("user-a", returned.getSnmpv3User().get(0).getSecurityName());
+            assertEquals("user-b", returned.getSnmpv3User().get(1).getSecurityName());
         }
     }
 
@@ -892,16 +813,6 @@ public void updateShouldRejectNegativeForOptionalFields() {
         }
     }
 
-    // --- Security/Authorization Placeholder ---
-    // Note: SecurityContext is not currently used for access control in TrapdRestService.
-    // This test is a placeholder for future security/authorization checks.
-    @Test
-    public void updateShouldEnforceAuthorizationIfSecurityContextIsUsed() {
-        // If/when SecurityContext is used for access control, add tests here.
-        // For now, this is a no-op.
-        assertTrue(true);
-    }
-
     private void whenValidationFailsOnUpdate(final String message) {
         org.mockito.Mockito.doThrow(new ValidationException(message)).when(trapdConfigDao).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
     }
@@ -927,51 +838,115 @@ private static String validTrapdConfigXmlWithUseAddressFromVarbind() {
     }
 
     @Test
-    public void getShouldHandleLargeNumberOfSnmpv3Users() {
-        TrapdConfiguration config = buildMinimalConfig();
-        int userCount = 1000; // Large number for stress test
-        for (int i = 0; i < userCount; i++) {
-            Snmpv3User user = new Snmpv3User();
-            user.setSecurityName("user-" + i);
-            user.setSecurityLevel(3);
-            user.setAuthProtocol("SHA");
-            user.setAuthPassphrase(PASSPHRASE_PLACEHOLDER);
-            user.setPrivacyProtocol("AES");
-            user.setPrivacyPassphrase(PASSPHRASE_PLACEHOLDER);
-            config.addSnmpv3User(user);
-        }
-        when(trapdConfigDao.getConfig()).thenReturn(config);
+    public void uploadShouldNotCallReplaceConfigWhenXmlParsingFails() {
+        Attachment attachment = mock(Attachment.class);
+        when(attachment.getObject(InputStream.class)).thenReturn(
+                new ByteArrayInputStream("<trapd-configuration".getBytes(StandardCharsets.UTF_8))
+        );
+
+        trapdRestService.uploadTrapdConfiguration(attachment, null);
+
+        verify(trapdConfigDao, never()).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
+
+    @Test
+    public void getShouldReturnEmptySnmpv3UserListWhenNoUsersConfigured() {
+        when(trapdConfigDao.getConfig()).thenReturn(buildMinimalConfig());
+
         try (Response response = trapdRestService.getTrapdConfiguration(null)) {
             assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
             TrapdConfigDto returned = (TrapdConfigDto) response.getEntity();
-            assertEquals(userCount, returned.getSnmpv3User().size());
-            for (int i = 0; i < userCount; i++) {
-                assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(i).getAuthPassphrase());
-                assertEquals(PASSPHRASE_PLACEHOLDER, returned.getSnmpv3User().get(i).getPrivacyPassphrase());
-            }
+            assertTrue(returned.getSnmpv3User().isEmpty());
         }
     }
 
     @Test
-    public void updateShouldBeThreadSafeUnderConcurrentAccess() throws InterruptedException {
-        final int threadCount = 10;
-        final TrapdConfigDto payload = new TrapdConfigDto();
-        payload.setSnmpTrapAddress("127.0.0.1");
-        payload.setSnmpTrapPort(162);
-        payload.setNewSuspectOnTrap(false);
-        Runnable updateTask = () -> {
-            try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
-                assertTrue(response.getStatus() == Response.Status.OK.getStatusCode() ||
-                           response.getStatus() == Response.Status.BAD_REQUEST.getStatusCode() ||
-                           response.getStatus() == Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
-            }
-        };
-        Thread[] threads = new Thread[threadCount];
-        for (int i = 0; i < threadCount; i++) {
-            threads[i] = new Thread(updateTask);
-        }
-        for (Thread t : threads) t.start();
-        for (Thread t : threads) t.join();
-        // If no exceptions, concurrency is handled gracefully
+    public void updateShouldNotSetSnmpv3UsersOnEntityWhenListIsNull() {
+        // When snmpv3User is null (omitted from request), toEntity() must not call setSnmpv3User
+        // so the entity's user count defaults to 0 (fresh TrapdConfiguration).
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        // snmpv3User deliberately not set — remains null
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(trapdConfigDao).replaceConfig(captor.capture());
+        assertEquals(0, captor.getValue().getSnmpv3UserCount());
+    }
+
+    @Test
+    public void updateShouldPersistSnmpv3UsersWhenValidUsersProvided() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("my-user");
+        user.setSecurityLevel(2);
+        user.setAuthProtocol("SHA");
+        user.setAuthPassphrase("authpass123");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+        }
+
+        ArgumentCaptor<TrapdConfiguration> captor = ArgumentCaptor.forClass(TrapdConfiguration.class);
+        verify(trapdConfigDao).replaceConfig(captor.capture());
+        assertEquals(1, captor.getValue().getSnmpv3UserCount());
+        assertEquals("my-user", captor.getValue().getSnmpv3User(0).getSecurityName());
+        assertEquals("SHA", captor.getValue().getSnmpv3User(0).getAuthProtocol());
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenLevel1HasPrivacyCredentials() {
+        // securityLevel 1 (noAuthNoPriv) must not have privacy-only credentials either
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(1);
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("privpass");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel 1 does not allow auth or privacy credentials."));
+        }
+    }
+
+    @Test
+    public void updateShouldRejectSnmpv3UserWhenLevel3MissingAuthCredentials() {
+        // securityLevel 3 with only privacy (no auth) must be rejected
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("user1");
+        user.setSecurityLevel(3);
+        // auth intentionally omitted
+        user.setPrivacyProtocol("AES");
+        user.setPrivacyPassphrase("privpass");
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            assertTrue(((String) response.getEntity()).contains("securityLevel 3 requires both auth and privacy credentials."));
+        }
+    }
+
+    @Test
+    public void updateShouldIncludeSecurityNameInValidationErrorMessage() {
+        // The error message format is: "Invalid SNMPv3 user: <name>. <reason>"
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        Snmpv3UserDto user = new Snmpv3UserDto();
+        user.setSecurityName("bad-user");
+        user.setSecurityLevel(0); // out of range
+        payload.setSnmpv3User(java.util.List.of(user));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            String entity = (String) response.getEntity();
+            assertTrue(entity.contains("bad-user"));
+            assertTrue(entity.contains("securityLevel must be between 1 and 3."));
+        }
     }
 }

From 3362b191c175433e1cf5b06e3ec1c8df8bdc4308 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 3 Apr 2026 20:16:57 +0500
Subject: [PATCH 38/41] changelog

---
 .../main/resources/changelog-cm/36.0.0/changelog-cm.xml   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/features/config/upgrade/src/main/resources/changelog-cm/36.0.0/changelog-cm.xml b/features/config/upgrade/src/main/resources/changelog-cm/36.0.0/changelog-cm.xml
index f9f4f8f12ec6..95a68c57efcb 100644
--- a/features/config/upgrade/src/main/resources/changelog-cm/36.0.0/changelog-cm.xml
+++ b/features/config/upgrade/src/main/resources/changelog-cm/36.0.0/changelog-cm.xml
@@ -12,10 +12,10 @@
         <cm:importConfig schemaId="snmp-config" filePath="snmp-config.xml"/>
     </changeSet>
 
-    <changeSet author="cpape" id="register-schema-snmp-config">
-        <cm:registerSchema id="snmp-config"/>
-        <cm:importSchemaFromXsd id="snmp-config" xsdFileName="snmp-config.xsd" xsdFileHash="5a894df89fa3afd7e48d885802384b54e9cc92ba88573374dd6b35fd9d0ab517" rootElement="snmp-config"/>
-        <cm:importConfig schemaId="snmp-config" filePath="snmp-config.xml"/>
+    <changeSet author="cpape" id="register-schema-trapd-configuration">
+        <cm:registerSchema id="trapd-config"/>
+        <cm:importSchemaFromXsd id="trapd-config" xsdFileName="trapd-configuration.xsd" xsdFileHash="ad97a001cd7ebb8a8b1a45574ba4e681e204ecf8592bf264764d4d7f52efc7a1" rootElement="trapd-configuration"/>
+        <cm:importConfig schemaId="trapd-config" filePath="trapd-configuration.xml"/>
     </changeSet>
 
 </databaseChangeLog>
\ No newline at end of file

From fef7d6649bd7aa436d381feddfb86065043701e3 Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Fri, 3 Apr 2026 23:42:59 +0500
Subject: [PATCH 39/41] New changes and test fixes

---
 .../WEB-INF/menu/menu-template-default.json   | 11 +---
 .../webapp/WEB-INF/menu/menu-template.json    | 11 +---
 .../TrapdConfiguration/CreateSnmpV3User.vue   | 26 +++++++-
 .../GeneralConfiguration.vue                  |  3 +-
 ui/src/containers/TrapdConfiguration.vue      | 12 ++--
 ui/src/lib/trapdValidator.ts                  | 31 +++-------
 .../CreateSnmpV3User.test.ts                  | 59 +++++++++++++++++++
 .../GeneralConfiguration.test.ts              |  2 +-
 .../containers/TrapdConfiguration.test.ts     |  4 +-
 ui/tests/services/snmpConfigService.test.ts   |  6 ++
 10 files changed, 114 insertions(+), 51 deletions(-)

diff --git a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json
index c5f3ff3dd288..91cfe4d906db 100644
--- a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json
+++ b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template-default.json
@@ -454,15 +454,8 @@
           "roles": ["ROLE_ADMIN", "ROLE_PROVISION"]
         },
         {
-          "id": "trapdConfiguration",
-          "name": "Trapd Configuration",
-          "url": "ui/index.html#/trapd-config",
-          "locationMatch": "",
-          "roles": null
-        },
-        {
-          "id": "trapdConfiguration",
-          "name": "Trapd Configuration",
+          "id": "trapListenerConfiguration",
+          "name": "Trap Listener Configuration",
           "url": "ui/index.html#/trapd-config",
           "locationMatch": "",
           "roles": null
diff --git a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json
index c5f3ff3dd288..91cfe4d906db 100644
--- a/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json
+++ b/opennms-webapp-rest/src/main/webapp/WEB-INF/menu/menu-template.json
@@ -454,15 +454,8 @@
           "roles": ["ROLE_ADMIN", "ROLE_PROVISION"]
         },
         {
-          "id": "trapdConfiguration",
-          "name": "Trapd Configuration",
-          "url": "ui/index.html#/trapd-config",
-          "locationMatch": "",
-          "roles": null
-        },
-        {
-          "id": "trapdConfiguration",
-          "name": "Trapd Configuration",
+          "id": "trapListenerConfiguration",
+          "name": "Trap Listener Configuration",
           "url": "ui/index.html#/trapd-config",
           "locationMatch": "",
           "roles": null
diff --git a/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
index fa4175c70c51..46f191b63ff7 100644
--- a/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
@@ -45,6 +45,7 @@
           <FeatherSelect
             label="Security Level"
             v-model="securityLevel"
+            @update:model-value="onSecurityLevelChange"
             :clear="'true'"
             :options="SECURITY_LEVEL_OPTIONS"
             :error="error.securityLevel"
@@ -124,7 +125,6 @@
         {{ store.createUserDrawerState.mode === CreateEditMode.Create ? 'Create User' : 'Update User' }}
       </FeatherButton>
     </div>
-    <!-- <SearchExistingCredential /> -->
     <ScvSearchDrawer
       :isOpen="store.credentialDrawerState.visible"
       @hidden="store.closeCredentialDrawer"
@@ -246,6 +246,28 @@ const scvItemSelected = (item: any) => {
   store.closeCredentialDrawer()
 }
 
+const onSecurityLevelChange = async () => {
+  const selectedSecurityLevel = Number(securityLevel.value?._value)
+  await nextTick()
+
+  if (selectedSecurityLevel === SecurityLevel.NoAuthNoPriv) {
+    authProtocol.value = createEmptySelectItem()
+    privacyProtocol.value = createEmptySelectItem()
+    authPassphrase.value = ''
+    privacyPassphrase.value = ''
+  }
+  if (selectedSecurityLevel === SecurityLevel.AuthNoPriv) {
+    authProtocol.value = AUTH_PROTOCOL_OPTIONS[0] || createEmptySelectItem()
+    authPassphrase.value = ''
+  }
+  if (selectedSecurityLevel === SecurityLevel.AuthPriv) {
+    authProtocol.value = AUTH_PROTOCOL_OPTIONS[0] || createEmptySelectItem()
+    privacyProtocol.value = PRIVACY_PROTOCOL_OPTIONS[0] || createEmptySelectItem()
+    authPassphrase.value = ''
+    privacyPassphrase.value = ''
+  }
+}
+
 const validateInputs = () => {
   const newError: SnmpV3UserError = {}
 
@@ -295,7 +317,7 @@ const loadUserData = async (drawerState: typeof store.createUserDrawerState) =>
       privacyPassphrase.value = selectedUser.privacyPassphrase || ''
     }
   } else {
-    securityLevel.value = createEmptySelectItem()
+    securityLevel.value = SECURITY_LEVEL_OPTIONS.find(option => option._value === String(SecurityLevel.NoAuthNoPriv)) ?? createEmptySelectItem()
     authProtocol.value = createEmptySelectItem()
     privacyProtocol.value = createEmptySelectItem()
     securityName.value = ''
diff --git a/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
index 2181c549e441..26116bca04b7 100644
--- a/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
@@ -2,8 +2,9 @@
   <TableCard class="general-configuration">
     <div class="header">
       <div class="section-left">
-        <h3>TrapD Listener Settings</h3>
+        <h3>Trap Listener Settings</h3>
         <p>General config for TrapD Config</p>
+        <p>Note: Changes to these settings only affect OpenNMS runtime.</p>
       </div>
     </div>
     <div class="section">
diff --git a/ui/src/containers/TrapdConfiguration.vue b/ui/src/containers/TrapdConfiguration.vue
index 8275882b092c..243387962c91 100644
--- a/ui/src/containers/TrapdConfiguration.vue
+++ b/ui/src/containers/TrapdConfiguration.vue
@@ -7,7 +7,7 @@
     </div>
     <div class="header">
       <div class="heading">
-        <h1>TrapD Configuration</h1>
+        <h1>Trap Listener Configuration</h1>
       </div>
       <div class="action">
         <input type="file" accept=".xml" single @change="handleConfigurationUpload" ref="fileInput" />
@@ -56,7 +56,7 @@ const homeUrl = computed<string>(() => menuStore.mainMenu?.homeUrl)
 
 const breadcrumbs = computed<BreadCrumb[]>(() => ([
   { label: 'Home', to: homeUrl.value, isAbsoluteLink: true },
-  { label: 'Trap Configurations', to: '#', position: 'last' }
+  { label: 'Trap Listener Configuration', to: '#', position: 'last' }
 ]))
 
 const openFileDialog = () => {
@@ -65,12 +65,16 @@ const openFileDialog = () => {
 
 const handleConfigurationUpload = async (event: Event) => {
   const input = event.target as HTMLInputElement
-  if (!input.files || input.files.length === 0) return
+  if (!input.files || input.files.length === 0) {
+    return
+  }
 
   const file = input.files[0]
 
   // Reset input so the same file can be re-uploaded
-  if (fileInput.value) fileInput.value.value = ''
+  if (fileInput.value) {
+    fileInput.value.value = ''
+  }
 
   if (!file.name.endsWith('.xml')) {
     showSnackBar({ msg: 'Only .xml files are supported.', error: true })
diff --git a/ui/src/lib/trapdValidator.ts b/ui/src/lib/trapdValidator.ts
index 6c5ec475b3c1..c6a5d76d42a5 100644
--- a/ui/src/lib/trapdValidator.ts
+++ b/ui/src/lib/trapdValidator.ts
@@ -79,7 +79,9 @@ export const isValidSnmpSecurityLevel = (level: number | undefined): boolean =>
 
 export const isValidIP = (ip: string): boolean => {
   const parts = ip.split('.')
-  if (parts.length !== 4) return false
+  if (parts.length !== 4) {
+    return false
+  }
   return parts.every((part) => {
     const num = parseInt(part, 10)
     return !isNaN(num) && num >= 0 && num <= 255
@@ -122,14 +124,9 @@ const VALID_AUTH_PROTOCOL_VALUES = new Set(AuthProtocols.map(normalizeAuthProtoc
 // All valid privacy protocol values
 const VALID_PRIVACY_PROTOCOL_VALUES = new Set(PrivacyProtocols as string[])
 
-const addError = (errors: XmlValidationError[], field: string, message: string) =>
-  errors.push({ field, message })
+const addError = (errors: XmlValidationError[], field: string, message: string) => errors.push({ field, message })
 
-const validateSnmpV3UserElement = (
-  user: Element,
-  index: number,
-  errors: XmlValidationError[]
-): void => {
+const validateSnmpV3UserElement = (user: Element, index: number, errors: XmlValidationError[]): void => {
   const prefix = `snmpv3-user[${index}]`
 
   const securityName = user.getAttribute('security-name')
@@ -165,11 +162,7 @@ const validateSnmpV3UserElement = (
       )
     }
     if (!authPassphrase || authPassphrase.trim() === '') {
-      addError(
-        errors,
-        `${prefix}.auth-passphrase`,
-        `${prefix}: auth-passphrase is required when auth-protocol is set`
-      )
+      addError(errors, `${prefix}.auth-passphrase`, `${prefix}: auth-passphrase is required when auth-protocol is set`)
     }
   }
 
@@ -189,11 +182,7 @@ const validateSnmpV3UserElement = (
       )
     }
     if (authProtocol === null) {
-      addError(
-        errors,
-        `${prefix}.auth-protocol`,
-        `${prefix}: auth-protocol is required when privacy-protocol is set`
-      )
+      addError(errors, `${prefix}.auth-protocol`, `${prefix}: auth-protocol is required when privacy-protocol is set`)
     }
   }
 
@@ -335,11 +324,7 @@ export const validateTrapdXml = (xmlString: string): XmlValidationResult => {
 
   const xmlns = root.namespaceURI ?? root.getAttribute('xmlns')
   if (xmlns !== TRAPD_XML_NAMESPACE) {
-    addError(
-      errors,
-      'xmlns',
-      `Invalid xmlns '${xmlns ?? ''}': expected '${TRAPD_XML_NAMESPACE}'`
-    )
+    addError(errors, 'xmlns', `Invalid xmlns '${xmlns ?? ''}': expected '${TRAPD_XML_NAMESPACE}'`)
   }
 
   // snmp-trap-address: required; must be '*' or a valid IPv4 address
diff --git a/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts b/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
index 5abf284400ed..f569bf963afe 100644
--- a/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
+++ b/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
@@ -288,6 +288,65 @@ describe('CreateSnmpV3User.vue', () => {
     expect(store.closeCredentialDrawer).toHaveBeenCalledTimes(1)
   })
 
+  it('closes SCV drawer when ScvSearchDrawer emits hidden', async () => {
+    const wrapper = mountComponent()
+
+    await wrapper.findComponent(ScvSearchDrawerStub).vm.$emit('hidden')
+
+    expect(store.closeCredentialDrawer).toHaveBeenCalledTimes(1)
+  })
+
+  it('closes SCV drawer without changing passphrases when SCV key is unknown', async () => {
+    const wrapper = mountComponent()
+    store.credentialDrawerState.key = 'other'
+    await setBindingValue(wrapper, 'authPassphrase', 'existing-auth')
+    await setBindingValue(wrapper, 'privacyPassphrase', 'existing-privacy')
+
+    ;(wrapper.vm as any).scvItemSelected({ alias: 'vault', key: 'some-key' })
+    await nextTick()
+
+    expect((wrapper.vm as any).authPassphrase).toBe('existing-auth')
+    expect((wrapper.vm as any).privacyPassphrase).toBe('existing-privacy')
+    expect(store.closeCredentialDrawer).toHaveBeenCalledTimes(1)
+  })
+
+  it('onSecurityLevelChange sets default auth protocol for AuthNoPriv', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    await (wrapper.vm as any).onSecurityLevelChange()
+    await nextTick()
+
+    expect((wrapper.vm as any).authProtocol).toEqual(AUTH_PROTOCOL_OPTIONS[0])
+    expect((wrapper.vm as any).authPassphrase).toBe('')
+  })
+
+  it('onSecurityLevelChange sets default auth/privacy protocols for AuthPriv', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[2])
+    await (wrapper.vm as any).onSecurityLevelChange()
+    await nextTick()
+
+    expect((wrapper.vm as any).authProtocol).toEqual(AUTH_PROTOCOL_OPTIONS[0])
+    expect((wrapper.vm as any).privacyProtocol).toEqual(PRIVACY_PROTOCOL_OPTIONS[0])
+    expect((wrapper.vm as any).authPassphrase).toBe('')
+    expect((wrapper.vm as any).privacyPassphrase).toBe('')
+  })
+
+  it('loads create mode defaults with NoAuthNoPriv selected', async () => {
+    const wrapper = mountComponent()
+
+    store.createUserDrawerState.mode = CreateEditMode.Create
+    store.createUserDrawerState.selectedUserIndex = -1
+    await nextTick()
+    await nextTick()
+
+    expect((wrapper.vm as any).securityLevel).toEqual(SECURITY_LEVEL_OPTIONS[0])
+    expect((wrapper.vm as any).securityName).toBe('')
+    expect((wrapper.vm as any).engineId).toBe('')
+  })
+
   it('creates user successfully in create mode', async () => {
     const wrapper = mountComponent()
 
diff --git a/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts b/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
index e4e896672fe3..d08f359fd158 100644
--- a/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
+++ b/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
@@ -91,7 +91,7 @@ describe('GeneralConfiguration.vue', () => {
   it('renders the section labels and loads the current trap configuration values from the store', () => {
     const wrapper = mountComponent()
 
-    expect(wrapper.text()).toContain('TrapD Listener Settings')
+    expect(wrapper.text()).toContain('Trap Listener Settings')
     expect(wrapper.text()).toContain('Update Changes')
     expect((wrapper.vm as any).port).toBe(162)
     expect((wrapper.vm as any).bindAddress).toBe('192.168.1.10')
diff --git a/ui/tests/containers/TrapdConfiguration.test.ts b/ui/tests/containers/TrapdConfiguration.test.ts
index e6050431613e..848385fd893f 100644
--- a/ui/tests/containers/TrapdConfiguration.test.ts
+++ b/ui/tests/containers/TrapdConfiguration.test.ts
@@ -92,7 +92,7 @@ describe('TrapdConfiguration.vue', () => {
   it('renders heading and child sections', () => {
     const wrapper = mountComponent()
 
-    expect(wrapper.find('h1').text()).toBe('TrapD Configuration')
+    expect(wrapper.find('h1').text()).toBe('Trap Listener Configuration')
     expect(wrapper.findComponent(BreadCrumbs).exists()).toBe(true)
     expect(wrapper.find('input[type="file"]').exists()).toBe(true)
   })
@@ -104,7 +104,7 @@ describe('TrapdConfiguration.vue', () => {
 
     expect(items).toHaveLength(2)
     expect(items[0]).toEqual({ label: 'Home', to: '/home', isAbsoluteLink: true })
-    expect(items[1]).toEqual({ label: 'Trap Configurations', to: '#', position: 'last' })
+    expect(items[1]).toEqual({ label: 'Trap Listener Configuration', to: '#', position: 'last' })
   })
 
   it('calls fetchTrapConfig on mount', () => {
diff --git a/ui/tests/services/snmpConfigService.test.ts b/ui/tests/services/snmpConfigService.test.ts
index b46d7063fd1d..ab67fce86024 100644
--- a/ui/tests/services/snmpConfigService.test.ts
+++ b/ui/tests/services/snmpConfigService.test.ts
@@ -317,6 +317,7 @@ describe('snmpConfigService', () => {
     })
 
     it('should handle exceptions and return failure result', async () => {
+      const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {})
       vi.mocked(v2.post).mockRejectedValue(new Error('Network error'))
 
       const config: SnmpBaseConfiguration = {
@@ -330,6 +331,11 @@ describe('snmpConfigService', () => {
       expect(v2.post).toHaveBeenCalledWith('/snmp-config/defaults', config)
       expect(result.success).toBe(false)
       expect(result.message).toBe('Failed to save SNMP configuration defaults')
+      expect(consoleErrorSpy).toHaveBeenCalledWith(
+        'Error saving SNMP config defaults:',
+        expect.any(Error)
+      )
+      consoleErrorSpy.mockRestore()
     })
 
     it('should work with SNMPv3 configuration', async () => {

From c51c3d4a0db252ea17ebbff00d3681156b77b47b Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Sat, 4 Apr 2026 01:10:47 +0500
Subject: [PATCH 40/41] new fixes

---
 .../opennms/web/rest/v2/TrapdRestService.java |   8 +-
 .../web/rest/v2/TrapdRestServiceIT.java       |  15 +++
 .../TrapdConfiguration/CreateSnmpV3User.vue   |  34 +++--
 .../GeneralConfiguration.vue                  |   8 +-
 .../CreateSnmpV3User.test.ts                  | 127 +++++++++++++++++-
 .../GeneralConfiguration.test.ts              |  22 ++-
 6 files changed, 193 insertions(+), 21 deletions(-)

diff --git a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
index e492b6e92b3a..fdea5e9b1328 100644
--- a/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
+++ b/opennms-webapp-rest/src/main/java/org/opennms/web/rest/v2/TrapdRestService.java
@@ -151,11 +151,13 @@ private String validateTrapdConfigRequest(final TrapdConfigDto configDto) {
         }
 
         if (configDto.getSnmpv3User() != null) {
+            int index = 0;
             for (Snmpv3UserDto user : configDto.getSnmpv3User()) {
                 String userValidation = validateSnmpv3UserPayload(user);
                 if (userValidation != null) {
-                    return "Invalid SNMPv3 user: " + user.getSecurityName() + ". " + userValidation;
+                    return "Invalid SNMPv3 user at index " + index + ": " + userValidation;
                 }
+                index++;
             }
         }
         return null;
@@ -175,6 +177,10 @@ private String validateTrapdConfigRequest(final TrapdConfigDto configDto) {
      * @return an error message string, or {@code null} if the user is valid.
      */
     private String validateSnmpv3UserPayload(final Snmpv3UserDto user) {
+        if (user == null) {
+            return "entry must not be null.";
+        }
+
         if (StringUtils.isBlank(user.getSecurityName())) {
             return "securityName is required.";
         }
diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index 52048d706d4b..ef67bca685f1 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -949,4 +949,19 @@ public void updateShouldIncludeSecurityNameInValidationErrorMessage() {
             assertTrue(entity.contains("securityLevel must be between 1 and 3."));
         }
     }
+
+    @Test
+    public void updateShouldRejectNullSnmpv3UserEntryWithIndexInMessage() {
+        TrapdConfigDto payload = buildMinimalUpdatePayload();
+        payload.setSnmpv3User(java.util.Collections.singletonList(null));
+
+        try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
+            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+            String entity = (String) response.getEntity();
+            assertTrue(entity.contains("Invalid SNMPv3 user at index 0:"));
+            assertTrue(entity.contains("entry must not be null."));
+        }
+
+        verify(trapdConfigDao, never()).replaceConfig(org.mockito.Mockito.any(TrapdConfiguration.class));
+    }
 }
diff --git a/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue b/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
index 46f191b63ff7..16c67d83ea52 100644
--- a/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
+++ b/ui/src/components/TrapdConfiguration/CreateSnmpV3User.vue
@@ -135,6 +135,7 @@
 
 <script setup lang="ts">
 import useSnackbar from '@/composables/useSnackbar'
+import { DEFAULT_SNMP_V3_AUTH_PROTOCOL, DEFAULT_SNMP_V3_PRIVACY_PROTOCOL, DEFAULT_SNMP_V3_SECURITY_NAME } from '@/lib/constants'
 import { AUTH_PROTOCOL_OPTIONS, PRIVACY_PROTOCOL_OPTIONS, SECURITY_LEVEL_OPTIONS, SecurityLevel } from '@/lib/trapdValidator'
 import { mapUserToServer } from '@/mappers/trapdConfig.mapper'
 import { updateTrapdConfiguration } from '@/services/trapdConfigurationService'
@@ -257,12 +258,12 @@ const onSecurityLevelChange = async () => {
     privacyPassphrase.value = ''
   }
   if (selectedSecurityLevel === SecurityLevel.AuthNoPriv) {
-    authProtocol.value = AUTH_PROTOCOL_OPTIONS[0] || createEmptySelectItem()
+    authProtocol.value = AUTH_PROTOCOL_OPTIONS.find(option => option._value === DEFAULT_SNMP_V3_AUTH_PROTOCOL) ?? createEmptySelectItem()
     authPassphrase.value = ''
   }
   if (selectedSecurityLevel === SecurityLevel.AuthPriv) {
-    authProtocol.value = AUTH_PROTOCOL_OPTIONS[0] || createEmptySelectItem()
-    privacyProtocol.value = PRIVACY_PROTOCOL_OPTIONS[0] || createEmptySelectItem()
+    authProtocol.value = AUTH_PROTOCOL_OPTIONS.find(option => option._value === DEFAULT_SNMP_V3_AUTH_PROTOCOL) ?? createEmptySelectItem()
+    privacyProtocol.value = PRIVACY_PROTOCOL_OPTIONS.find(option => option._value === DEFAULT_SNMP_V3_PRIVACY_PROTOCOL) ?? createEmptySelectItem()
     authPassphrase.value = ''
     privacyPassphrase.value = ''
   }
@@ -270,27 +271,40 @@ const onSecurityLevelChange = async () => {
 
 const validateInputs = () => {
   const newError: SnmpV3UserError = {}
+  const levelValue = Number(securityLevel.value?._value)
 
   if (!securityName.value) {
     newError.securityName = 'Security Name is required'
   }
 
-  if (!securityLevel.value) {
-    newError.securityLevel = 'Security Level is required'
+  // Level 1 (NoAuthNoPriv) must not carry auth or privacy credentials (backend rule)
+  if (levelValue === SecurityLevel.NoAuthNoPriv && (authProtocol.value || privacyProtocol.value)) {
+    newError.securityLevel = 'Security level 1 does not allow auth or privacy credentials'
   }
 
-  if (authProtocolVisible.value && !authProtocol.value) {
-    newError.authProtocol = 'Auth Protocol is required for selected security level'
+  // Level 2 (AuthNoPriv) must not carry privacy credentials (backend rule)
+  if (levelValue === SecurityLevel.AuthNoPriv && privacyProtocol.value) {
+    newError.privacyProtocol = 'Security level 2 does not allow privacy credentials'
   }
 
-  if (privacyProtocolVisible.value && !privacyProtocol.value) {
-    newError.privacyProtocol = 'Privacy Protocol is required for selected security level'
+  // authProtocol and authPassphrase must be provided together (backend rule)
+  if (authProtocolVisible.value && !authProtocol.value) {
+    newError.authProtocol = authPassphrase.value
+      ? 'Auth Passphrase requires an Auth Protocol to be selected'
+      : 'Auth Protocol is required for selected security level'
   }
 
   if (authProtocolVisible.value && authProtocol.value && !authPassphrase.value) {
     newError.authPassphrase = 'Auth Passphrase is required for selected auth protocol'
   }
 
+  // privacyProtocol and privacyPassphrase must be provided together (backend rule)
+  if (privacyProtocolVisible.value && !privacyProtocol.value) {
+    newError.privacyProtocol = privacyPassphrase.value
+      ? 'Privacy Passphrase requires a Privacy Protocol to be selected'
+      : 'Privacy Protocol is required for selected security level'
+  }
+
   if (privacyProtocolVisible.value && privacyProtocol.value && !privacyPassphrase.value) {
     newError.privacyPassphrase = 'Privacy Passphrase is required for selected privacy protocol'
   }
@@ -320,7 +334,7 @@ const loadUserData = async (drawerState: typeof store.createUserDrawerState) =>
     securityLevel.value = SECURITY_LEVEL_OPTIONS.find(option => option._value === String(SecurityLevel.NoAuthNoPriv)) ?? createEmptySelectItem()
     authProtocol.value = createEmptySelectItem()
     privacyProtocol.value = createEmptySelectItem()
-    securityName.value = ''
+    securityName.value = DEFAULT_SNMP_V3_SECURITY_NAME
     engineId.value = ''
     authPassphrase.value = ''
     privacyPassphrase.value = ''
diff --git a/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue b/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
index 26116bca04b7..4e37567591de 100644
--- a/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
+++ b/ui/src/components/TrapdConfiguration/GeneralConfiguration.vue
@@ -183,12 +183,12 @@ const validateInputs = (): TrapdConfigurationError => {
     trapConfigError.threads = 'Threads cannot be negative.'
   }
 
-  if (queueSize.value < 0) {
-    trapConfigError.queueSize = 'Queue Size cannot be negative.'
+  if (queueSize.value < 1) {
+    trapConfigError.queueSize = 'Queue Size must be greater than 0.'
   }
 
-  if (batchSize.value < 0) {
-    trapConfigError.batchSize = 'Batch Size cannot be negative.'
+  if (batchSize.value < 1) {
+    trapConfigError.batchSize = 'Batch Size must be greater than 0.'
   }
 
   if (batchInterval.value < 0) {
diff --git a/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts b/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
index f569bf963afe..139e7993a69a 100644
--- a/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
+++ b/ui/tests/components/TrapdConfiguration/CreateSnmpV3User.test.ts
@@ -1,4 +1,9 @@
 import CreateSnmpV3User from '@/components/TrapdConfiguration/CreateSnmpV3User.vue'
+import {
+  DEFAULT_SNMP_V3_AUTH_PROTOCOL,
+  DEFAULT_SNMP_V3_PRIVACY_PROTOCOL,
+  DEFAULT_SNMP_V3_SECURITY_NAME
+} from '@/lib/constants'
 import {
   AUTH_PROTOCOL_OPTIONS,
   getDefaultTrapdConfig,
@@ -14,9 +19,12 @@ import type { SnmpV3User } from '@/types/trapConfig'
 import { createTestingPinia } from '@pinia/testing'
 import { flushPromises, mount } from '@vue/test-utils'
 import { setActivePinia } from 'pinia'
+import { ISelectItemType } from '@featherds/select'
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 import { defineComponent, nextTick } from 'vue'
 
+const createEmptySelectItem = (): ISelectItemType => (undefined as unknown as ISelectItemType)
+
 const { showSnackBarMock, populateScvMock } = vi.hoisted(() => ({
   showSnackBarMock: vi.fn(),
   populateScvMock: vi.fn().mockResolvedValue(undefined)
@@ -317,7 +325,9 @@ describe('CreateSnmpV3User.vue', () => {
     await (wrapper.vm as any).onSecurityLevelChange()
     await nextTick()
 
-    expect((wrapper.vm as any).authProtocol).toEqual(AUTH_PROTOCOL_OPTIONS[0])
+    expect((wrapper.vm as any).authProtocol).toEqual(
+      AUTH_PROTOCOL_OPTIONS.find(option => option._value === DEFAULT_SNMP_V3_AUTH_PROTOCOL)
+    )
     expect((wrapper.vm as any).authPassphrase).toBe('')
   })
 
@@ -328,8 +338,12 @@ describe('CreateSnmpV3User.vue', () => {
     await (wrapper.vm as any).onSecurityLevelChange()
     await nextTick()
 
-    expect((wrapper.vm as any).authProtocol).toEqual(AUTH_PROTOCOL_OPTIONS[0])
-    expect((wrapper.vm as any).privacyProtocol).toEqual(PRIVACY_PROTOCOL_OPTIONS[0])
+    expect((wrapper.vm as any).authProtocol).toEqual(
+      AUTH_PROTOCOL_OPTIONS.find(option => option._value === DEFAULT_SNMP_V3_AUTH_PROTOCOL)
+    )
+    expect((wrapper.vm as any).privacyProtocol).toEqual(
+      PRIVACY_PROTOCOL_OPTIONS.find(option => option._value === DEFAULT_SNMP_V3_PRIVACY_PROTOCOL)
+    )
     expect((wrapper.vm as any).authPassphrase).toBe('')
     expect((wrapper.vm as any).privacyPassphrase).toBe('')
   })
@@ -343,7 +357,7 @@ describe('CreateSnmpV3User.vue', () => {
     await nextTick()
 
     expect((wrapper.vm as any).securityLevel).toEqual(SECURITY_LEVEL_OPTIONS[0])
-    expect((wrapper.vm as any).securityName).toBe('')
+    expect((wrapper.vm as any).securityName).toBe(DEFAULT_SNMP_V3_SECURITY_NAME)
     expect((wrapper.vm as any).engineId).toBe('')
   })
 
@@ -415,11 +429,66 @@ describe('CreateSnmpV3User.vue', () => {
     })
   })
 
+  it('does not require security level to match backend optional behaviour', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'new-user')
+    await setBindingValue(wrapper, 'securityLevel', createEmptySelectItem())
+
+    expect((wrapper.vm as any).error.securityLevel).toBeUndefined()
+  })
+
+  it('shows validation error when level 1 has auth credentials (backend cross-field rule)', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'new-user')
+    // Manually set auth protocol with NoAuthNoPriv level to simulate dirty state
+    ;(wrapper.vm as any).securityLevel = SECURITY_LEVEL_OPTIONS[0]
+    ;(wrapper.vm as any).authProtocol = AUTH_PROTOCOL_OPTIONS[0]
+    await nextTick()
+
+    expect((wrapper.vm as any).error.securityLevel).toBe(
+      'Security level 1 does not allow auth or privacy credentials'
+    )
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows validation error when level 1 has privacy credentials (backend cross-field rule)', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'new-user')
+    ;(wrapper.vm as any).securityLevel = SECURITY_LEVEL_OPTIONS[0]
+    ;(wrapper.vm as any).privacyProtocol = PRIVACY_PROTOCOL_OPTIONS[0]
+    await nextTick()
+
+    expect((wrapper.vm as any).error.securityLevel).toBe(
+      'Security level 1 does not allow auth or privacy credentials'
+    )
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows validation error when level 2 has privacy credentials (backend cross-field rule)', async () => {
+    const wrapper = mountComponent()
+
+    // Set level 2 and await so the watcher fires and clears privacyProtocol normally
+    ;(wrapper.vm as any).securityLevel = SECURITY_LEVEL_OPTIONS[1]
+    await nextTick()
+
+    // Now inject dirty privacy state AFTER the watcher ran, and call validateInputs
+    // directly before the Vue scheduler has a chance to run watchEffect again
+    ;(wrapper.vm as any).privacyProtocol = PRIVACY_PROTOCOL_OPTIONS[0]
+    const errors = (wrapper.vm as any).validateInputs()
+
+    expect(errors.privacyProtocol).toBe('Security level 2 does not allow privacy credentials')
+  })
+
   it('requires auth protocol and auth passphrase for auth-only security level', async () => {
     const wrapper = mountComponent()
 
     await setInputValue(wrapper, 'security-name-input', 'auth-only-user')
     await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    await setBindingValue(wrapper, 'authProtocol', createEmptySelectItem())
+    await setBindingValue(wrapper, 'authPassphrase', '')
     await clickButton(wrapper, 'create-user-button')
 
     expect(updateTrapdConfigurationMock).not.toHaveBeenCalled()
@@ -429,6 +498,28 @@ describe('CreateSnmpV3User.vue', () => {
     })
   })
 
+  it('shows auth protocol error with passphrase-specific message when passphrase is set but protocol is cleared', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'auth-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    await setBindingValue(wrapper, 'authProtocol', createEmptySelectItem())
+    await setBindingValue(wrapper, 'authPassphrase', 'some-passphrase')
+
+    expect((wrapper.vm as any).error.authProtocol).toBe('Auth Passphrase requires an Auth Protocol to be selected')
+  })
+
+  it('shows generic auth protocol error when passphrase is also missing', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'auth-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[1])
+    await setBindingValue(wrapper, 'authProtocol', createEmptySelectItem())
+    await setBindingValue(wrapper, 'authPassphrase', '')
+
+    expect((wrapper.vm as any).error.authProtocol).toBe('Auth Protocol is required for selected security level')
+  })
+
   it('requires privacy protocol and privacy passphrase for auth-priv security level', async () => {
     const wrapper = mountComponent()
 
@@ -445,6 +536,32 @@ describe('CreateSnmpV3User.vue', () => {
     })
   })
 
+  it('shows privacy protocol error with passphrase-specific message when privacy passphrase is set but protocol is cleared', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'priv-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[2])
+    await setBindingValue(wrapper, 'authProtocol', AUTH_PROTOCOL_OPTIONS[0])
+    await setBindingValue(wrapper, 'authPassphrase', 'auth-secret')
+    await setBindingValue(wrapper, 'privacyProtocol', createEmptySelectItem())
+    await setBindingValue(wrapper, 'privacyPassphrase', 'privacy-secret')
+
+    expect((wrapper.vm as any).error.privacyProtocol).toBe('Privacy Passphrase requires a Privacy Protocol to be selected')
+  })
+
+  it('shows generic privacy protocol error when privacy passphrase is also missing', async () => {
+    const wrapper = mountComponent()
+
+    await setInputValue(wrapper, 'security-name-input', 'priv-user')
+    await setBindingValue(wrapper, 'securityLevel', SECURITY_LEVEL_OPTIONS[2])
+    await setBindingValue(wrapper, 'authProtocol', AUTH_PROTOCOL_OPTIONS[0])
+    await setBindingValue(wrapper, 'authPassphrase', 'auth-secret')
+    await setBindingValue(wrapper, 'privacyProtocol', createEmptySelectItem())
+    await setBindingValue(wrapper, 'privacyPassphrase', '')
+
+    expect((wrapper.vm as any).error.privacyProtocol).toBe('Privacy Protocol is required for selected security level')
+  })
+
   it('shows service error when updateTrapdConfiguration throws Error', async () => {
     updateTrapdConfigurationMock.mockRejectedValue(new Error('save failed'))
     const wrapper = mountComponent()
@@ -492,6 +609,8 @@ describe('CreateSnmpV3User.vue', () => {
   it('shows validation message when trying to save with empty security name', async () => {
     const wrapper = mountComponent()
 
+    await setInputValue(wrapper, 'security-name-input', '')
+
     await clickButton(wrapper, 'create-user-button')
 
     expect(showSnackBarMock).toHaveBeenCalledWith({
diff --git a/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts b/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
index d08f359fd158..9031e9b8a229 100644
--- a/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
+++ b/ui/tests/components/TrapdConfiguration/GeneralConfiguration.test.ts
@@ -323,7 +323,16 @@ describe('GeneralConfiguration.vue', () => {
 
     await setBindingValue(wrapper, 'queueSize', -1)
 
-    expect((wrapper.vm as any).trapConfigError.queueSize).toBe('Queue Size cannot be negative.')
+    expect((wrapper.vm as any).trapConfigError.queueSize).toBe('Queue Size must be greater than 0.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows a validation error when queue size is zero', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'queueSize', 0)
+
+    expect((wrapper.vm as any).trapConfigError.queueSize).toBe('Queue Size must be greater than 0.')
     expect((wrapper.vm as any).isSaveDisabled).toBe(true)
   })
 
@@ -332,7 +341,16 @@ describe('GeneralConfiguration.vue', () => {
 
     await setBindingValue(wrapper, 'batchSize', -1)
 
-    expect((wrapper.vm as any).trapConfigError.batchSize).toBe('Batch Size cannot be negative.')
+    expect((wrapper.vm as any).trapConfigError.batchSize).toBe('Batch Size must be greater than 0.')
+    expect((wrapper.vm as any).isSaveDisabled).toBe(true)
+  })
+
+  it('shows a validation error when batch size is zero', async () => {
+    const wrapper = mountComponent()
+
+    await setBindingValue(wrapper, 'batchSize', 0)
+
+    expect((wrapper.vm as any).trapConfigError.batchSize).toBe('Batch Size must be greater than 0.')
     expect((wrapper.vm as any).isSaveDisabled).toBe(true)
   })
 

From 2f8a71656ebe45174963fbc797dd1bad24eff99d Mon Sep 17 00:00:00 2001
From: Shahbaz <rmasood@nanthealth.com>
Date: Sun, 5 Apr 2026 00:58:34 +0500
Subject: [PATCH 41/41] test fix

---
 .../test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
index ef67bca685f1..1d7e7dcacff2 100644
--- a/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
+++ b/opennms-webapp-rest/src/test/java/org/opennms/web/rest/v2/TrapdRestServiceIT.java
@@ -935,7 +935,7 @@ public void updateShouldRejectSnmpv3UserWhenLevel3MissingAuthCredentials() {
 
     @Test
     public void updateShouldIncludeSecurityNameInValidationErrorMessage() {
-        // The error message format is: "Invalid SNMPv3 user: <name>. <reason>"
+        // The error message format is: "Invalid SNMPv3 user at index <index>: <reason>"
         TrapdConfigDto payload = buildMinimalUpdatePayload();
         Snmpv3UserDto user = new Snmpv3UserDto();
         user.setSecurityName("bad-user");
@@ -945,7 +945,7 @@ public void updateShouldIncludeSecurityNameInValidationErrorMessage() {
         try (Response response = trapdRestService.updateTrapdConfiguration(payload, null)) {
             assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
             String entity = (String) response.getEntity();
-            assertTrue(entity.contains("bad-user"));
+            assertTrue(entity.contains("at index 0"));
             assertTrue(entity.contains("securityLevel must be between 1 and 3."));
         }
     }