Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow missing security schemes #232

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

vijayvepa
Copy link

@vijayvepa vijayvepa commented May 13, 2021

Our company uses the following process in contract validation space (currently with Swagger 2.0/asserj-swagger)

  • Create a contract-first specification in YAML/Swagger 2.0
  • Generate code from the contract-first specification (using Swagger Codegen)
  • Resolve at runtime, implemented specification from code using Swagger Annotations and Spring Fox
  • Compare the implemented specification with the contract first specification to ensure it matches

We are planning to migrate to Open Api 3.0 and as part of the research, I found this tool as a replacement for assertj-swagger.
When I was trying it out with above use-case, I found that the comparison is not allowed when security schemes are missing. Currently spring-fox is unable to resolve security-schemes correctly.

I wanted to get a workaround by allowing missing security schemes.

Here's the sample code for our validation process

public class SwaggerTests extends AbstractControllerTest {

    @Test
    public void validateImplementationAgainstDesignSpec() throws Exception {

       //contract-first specification yaml
        String projectPath = new File(".").getAbsoluteFile().getParentFile().getPath();
        String currContractLocation = projectPath + "/api/petstore-3-0.yaml";

      // resolved implementation specification yaml (spring fox)
        MvcResult mvcResult = this.mockMvc.perform(get("/v3/api-docs?group=default")
                                                           .accept(MediaType.APPLICATION_JSON))
                .andExpect(status().isOk())
                .andReturn();

        assertNotNull(mvcResult);
        assertNotNull(mvcResult.getResponse());

        SwaggerParseResult spec = new OpenAPIParser().readLocation(currContractLocation, null, null);
        OpenAPI specApi = spec.getOpenAPI();

        SwaggerParseResult impl = new OpenAPIParser().readContents(
                mvcResult.getResponse().getContentAsString(), null, null);
        OpenAPI implApi = impl.getOpenAPI();

        //assertEquals(specApi, implApi);

//comparison between implementation and specification
        final ChangedOpenApi changedOpenApi = OpenApiCompare.fromSpecifications(specApi, implApi);

        assertNotNull(changedOpenApi);

        final List<String> ignoredOperations = ImmutableList.of("uploadFileUsingPOST");

        changedOpenApi.getChangedOperations().forEach(changedOperation->{

            if(ignoredOperations.contains(changedOperation.getOperationId().getRight())){
                System.out.println("IGNORING " + changedOperation.getOperationId());
                return;
            }

            final ChangedRequestBody requestBody = changedOperation.getRequestBody();

            if(requestBody == null){
                return;
            }

            final DiffContext context = requestBody.getContext();

            final List<Changed> changedElements = requestBody.getChangedElements();
            if(changedElements == null){
                return;
            }
            final List<Changed> collect = changedElements.stream()
                    .filter(Objects::nonNull)
                    .filter(
                    Changed::isIncompatible).collect(
                    Collectors.toList());

            if(collect.size() > 0) {
                assertEquals(
                        changedOperation.getOperationId() +
                                "collect" + collect, 0, collect.size());
            }
        });

    }
}

Here's a sample consumption project where it works with the change. (and does not work with master)

OpenApiConsume3.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant