Merge branch 'master' into TT-9234-graceful-shutdown-of-gateway

Author: andrei-tyk

apidef/oas/oas.go

@@ -3,6 +3,7 @@ package oas
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -439,6 +440,40 @@ func (s *OAS) ReplaceServers(apiURLs, oldAPIURLs []string) {
 	s.Servers = append(newServers, userAddedServers...)
 }
 
+// Validate validates OAS document by calling openapi3.T.Validate() function. In addition, it validates Security
+// Requirement section and it's requirements by calling OAS.validateSecurity() function.
+func (s *OAS) Validate(ctx context.Context, opts ...openapi3.ValidationOption) error {
+	validationErr := s.T.Validate(ctx, opts...)
+	securityErr := s.validateSecurity()
+
+	return errors.Join(validationErr, securityErr)
+}
+
+// validateSecurity verifies that existing Security Requirement Objects has Security Schemes declared in the Security
+// Schemes under the Components Object. This function closes gap in validation provided by OAS.Validate func.
+func (s *OAS) validateSecurity() error {
+	if len(s.Security) == 0 {
+		return nil
+	}
+
+	if s.Components == nil || s.Components.SecuritySchemes == nil || len(s.Components.SecuritySchemes) == 0 {
+		return errors.New("No components or security schemes present in OAS")
+	}
+
+	for _, requirement := range s.Security {
+		for key := range requirement {
+			if _, ok := s.Components.SecuritySchemes[key]; !ok {
+				errorMsg := fmt.Sprintf("Missing required Security Scheme '%s' in Components.SecuritySchemes. "+
+					"For more information please visit https://swagger.io/specification/#security-requirement-object",
+					key)
+				return errors.New(errorMsg)
+			}
+		}
+	}
+
+	return nil
+}
+
 // APIDef holds both OAS and Classic forms of an API definition.
 type APIDef struct {
 	// OAS contains the OAS API definition.

apidef/oas/oas_test.go

@@ -3,6 +3,7 @@ package oas
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"testing"
 
@@ -1294,6 +1295,169 @@ func TestAPIContext_getValidationOptionsFromConfig(t *testing.T) {
 	})
 }
 
+func TestOAS_ValidateSecurity(t *testing.T) {
+	apiKey := "api_key"
+	oauth2 := "oauth2"
+
+	createSecurityReq := func(oas *OAS, key string, value []string) {
+		securityRequirement := openapi3.NewSecurityRequirement()
+		securityRequirement[key] = value
+		oas.Security = append(oas.Security, securityRequirement)
+	}
+
+	addSingleSecurityReq := func(oas *OAS) {
+		createSecurityReq(oas, apiKey, []string{})
+	}
+
+	addMultipleSecurityReq := func(oas *OAS) {
+		addSingleSecurityReq(oas)
+		createSecurityReq(oas, oauth2, []string{"read", "write"})
+	}
+
+	expectedErrorForNoComponentOrSchemes := "No components or security schemes present in OAS"
+	expectedErrorForMissingSchema := func(s string) string {
+		return fmt.Sprintf("Missing required Security Scheme '%s' in Components.SecuritySchemes", s)
+	}
+
+	tests := []struct {
+		name          string
+		setupOAS      func(oas *OAS)
+		expectedError string
+	}{
+		{
+			name: "no security requirements",
+			setupOAS: func(oas *OAS) {
+				oas.Security = openapi3.SecurityRequirements{}
+			},
+			expectedError: "",
+		},
+		{
+			name: "security requirements with matching security schemes",
+			setupOAS: func(oas *OAS) {
+				addSingleSecurityReq(oas)
+
+				if oas.Components == nil {
+					oas.Components = &openapi3.Components{}
+				}
+				if oas.Components.SecuritySchemes == nil {
+					oas.Components.SecuritySchemes = make(openapi3.SecuritySchemes)
+				}
+				oas.Components.SecuritySchemes[apiKey] = &openapi3.SecuritySchemeRef{
+					Value: openapi3.NewJWTSecurityScheme(),
+				}
+			},
+			expectedError: "",
+		},
+		{
+			name: "security requirements but no Components",
+			setupOAS: func(oas *OAS) {
+				addSingleSecurityReq(oas)
+
+				oas.Components = nil
+			},
+			expectedError: expectedErrorForNoComponentOrSchemes,
+		},
+		{
+			name: "security requirements but no SecuritySchemes",
+			setupOAS: func(oas *OAS) {
+				addSingleSecurityReq(oas)
+
+				// Add Components but not SecuritySchemes
+				oas.Components = &openapi3.Components{}
+				oas.Components.SecuritySchemes = nil
+			},
+			expectedError: expectedErrorForNoComponentOrSchemes,
+		},
+		{
+			name: "security requirements but empty SecuritySchemes",
+			setupOAS: func(oas *OAS) {
+				addSingleSecurityReq(oas)
+
+				oas.Components = &openapi3.Components{}
+				oas.Components.SecuritySchemes = make(openapi3.SecuritySchemes)
+			},
+			expectedError: expectedErrorForNoComponentOrSchemes,
+		},
+		{
+			name: "security requirements with missing security scheme for this requirement",
+			setupOAS: func(oas *OAS) {
+				addSingleSecurityReq(oas)
+
+				if oas.Components == nil {
+					oas.Components = &openapi3.Components{}
+				}
+				if oas.Components.SecuritySchemes == nil {
+					oas.Components.SecuritySchemes = make(openapi3.SecuritySchemes)
+				}
+				oas.Components.SecuritySchemes["other_key"] = &openapi3.SecuritySchemeRef{
+					Value: openapi3.NewJWTSecurityScheme(),
+				}
+			},
+			expectedError: expectedErrorForMissingSchema(apiKey),
+		},
+		{
+			name: "multiple security requirements with all matching security schemes",
+			setupOAS: func(oas *OAS) {
+				addMultipleSecurityReq(oas)
+
+				if oas.Components == nil {
+					oas.Components = &openapi3.Components{}
+				}
+				if oas.Components.SecuritySchemes == nil {
+					oas.Components.SecuritySchemes = make(openapi3.SecuritySchemes)
+				}
+				oas.Components.SecuritySchemes[apiKey] = &openapi3.SecuritySchemeRef{
+					Value: openapi3.NewJWTSecurityScheme(),
+				}
+				oas.Components.SecuritySchemes[oauth2] = &openapi3.SecuritySchemeRef{
+					Value: openapi3.NewJWTSecurityScheme(),
+				}
+			},
+			expectedError: "",
+		},
+		{
+			name: "multiple security requirements with one missing security scheme",
+			setupOAS: func(oas *OAS) {
+				addMultipleSecurityReq(oas)
+
+				if oas.Components == nil {
+					oas.Components = &openapi3.Components{}
+				}
+				if oas.Components.SecuritySchemes == nil {
+					oas.Components.SecuritySchemes = make(openapi3.SecuritySchemes)
+				}
+				oas.Components.SecuritySchemes[apiKey] = &openapi3.SecuritySchemeRef{}
+			},
+			expectedError: expectedErrorForMissingSchema(oauth2),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			oas := &OAS{
+				T: openapi3.T{
+					OpenAPI: "3.0.3",
+					Info: &openapi3.Info{
+						Title:   "Test API",
+						Version: "1.0.0",
+					},
+					Paths: openapi3.Paths{},
+				},
+			}
+
+			tt.setupOAS(oas)
+
+			err := oas.Validate(context.Background())
+			if tt.expectedError == "" {
+				assert.NoError(t, err)
+			} else {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tt.expectedError)
+			}
+		})
+	}
+}
+
 func TestYaml(t *testing.T) {
 	oasDoc := OAS{}
 	Fill(t, &oasDoc, 0)

apidef/streams/bento/schema/bento-config-schema.json

@@ -1161,6 +1161,15 @@
                     "custom_delimiter": {
                       "type": "string"
                     },
+                    "expected_headers": {
+                      "items": {
+                        "type": "string"
+                      },
+                      "type": "array"
+                    },
+                    "expected_number_of_fields": {
+                      "type": "number"
+                    },
                     "lazy_quotes": {
                       "type": "boolean"
                     },
@@ -1299,6 +1308,23 @@
                 }
               },
               "type": "object"
+            },
+            {
+              "properties": {
+                "xml_documents": {
+                  "additionalProperties": false,
+                  "properties": {
+                    "cast": {
+                      "type": "boolean"
+                    },
+                    "operator": {
+                      "type": "string"
+                    }
+                  },
+                  "type": "object"
+                }
+              },
+              "type": "object"
             }
           ]
         },
@@ -2852,6 +2878,9 @@
               },
               "type": "object"
             },
+            "heartbeat": {
+              "type": "string"
+            },
             "key_file": {
               "type": "string"
             },
@@ -2864,6 +2893,9 @@
             "pong_wait": {
               "type": "string"
             },
+            "stream_format": {
+              "type": "string"
+            },
             "stream_path": {
               "type": "string"
             },
@@ -2873,6 +2905,9 @@
             "write_wait": {
               "type": "string"
             },
+            "ws_message_type": {
+              "type": "string"
+            },
             "ws_path": {
               "type": "string"
             }