search

APIDevTools / swagger-parser

Swagger 2.0 and OpenAPI 3.0 parser/validator
https://apitools.dev/swagger-parser
MIT License
1.09k stars 154 forks source link

Validation has behavior and documentation issues, e.g. there's unwanted half-baked validation when bundling #182

Open jmm opened 3 years ago

jmm commented 3 years ago

Hello,

Thanks for your work on this.

Validation behavior and documentation has room for improvement.

This is with version 10.0.2.

https://runkit.com/60d21a4e32916a0013c0a954/6112cce77f5afb001eec2d34

  1. It doesn't perform validation if I ask for it. The documentation says all methods take the same options, which leads me to believe that I could request validation when bundling:

    SwaggerParser.bundle({
  info: {},
  openapi: "3.0.3",
  paths: {},

  bogusProperty: true,
}, {
  validate: {
    schema: true,
    spec: true,
  },
})

    Expected result:

    Rejects with validation error(s).

    Actual result:

    Fulfills, no error.

  2. Worse, it performs half-baked validation that I don't ask for:

    SwaggerParser.bundle({})

    Even if I explicitly try to opt out!

    SwaggerParser.bundle({}, {
  validate: {
    schema: false,
    spec: false,
  },
})

    (Again, these validate options that are documented like they're applicable to bundle() don't do anything in bundle().)

    Expected result:

    No error, fulfills with bundled output.

    Actual result:

    Rejects with cryptic error:

    SyntaxError: [object Object] is not a valid Openapi API definition

    https://github.com/APIDevTools/swagger-parser/blob/c47b3f5cc849b09d7b0bc11a14e4a44d5caee1df/lib/index.js#L82-L85

  3. It's worth noting that json-schema-ref-parser, which outwardly appears to have the same bundle(), and is used by this package, doesn't do the unwanted validation (I initially used that and switched to this package when I found that opting in to validation doesn't work):

    $RefParser.bundle({})

    Actual result:

    Fulfills with output, no error.