openapi-2-kong package generates invalid scopes_required when both global security scope and specific is defined in the same openapi spec

[mrestivill]

Expected Behavior

the expected generated source should be:

service: 
 plugins:
   - name: openid-connect   
     config:
       required_scopes: 
       - api
routes: 
 - path: /api/protected/mock 
   plugins:
   - name: openic-connect
      config:
      required_scopes: 
       - api
       - protected

Actual Behavior

When using Insomnia to generate deck configuration with x-kong-security-openid-connect extension the generated file does not have the required scopes needed and specified by original openapi specifications.

The output from the generation is:

service: openid-connect  plugin protected with required_scopes: - api OK
route: 
/api/protected/mock (protected required_scopes: - protected ) Fail, should be protected by both api and protected scopes.

The generated source is protected by the specific scope but not by the global scope

Reproduction Steps

1. click the design view
2. copy the openapi document to insomnia
3. click on Insomnia dropdown menu/Declarative Config
4. obtain the generated kong configuration

Is there an existing issue for this?

• [X] I have searched the issue tracker for this problem.

Additional Information

Use the following yaml to generate deck file (kong.yaml):

openapi: 3.0.3
x-kong-route-defaults:
  # the defaults for the Kong routes generated from 'paths' below
  # see https://docs.konghq.com/1.2.x/admin-api/#route-object
  preserve_host: true
  request_buffering: false
  response_buffering: false
  strip_path: false 
x-kong-name: app-a
x-kong-service-defaults:
  # the defaults for the Kong services generated from 'servers' above
  # see https://docs.konghq.com/1.2.x/admin-api/#service-object
  retries: 5
  connect_timeout: 60000 
  write_timeout: 60000    
  read_timeout: 60000
  protocol: http

info:
  title: Protected API-REST
  version: 1.0.0
servers:
  - url: http://sample-service-a:8081/
    description: sample-service-a
tags:
  - name: protected
    description: Protected endpoints
  - name: public
    description: Public endpoints
paths:  
  /api/protected/mock:
    get:
      tags:
        - protected
      summary: Protected demo endpoint
      description: Protected demo endpoint
      operationId: protectedMockResponse      
      responses:
        "200":
          description: successful operation
        "401":
          description: unauthorized
        "403":
          description: access-denied
      security:
        - openId: # <--- Use the same name as specified in securitySchemes
            - protected
  /api/public/mock:
    get:
      tags:
        - public
      summary: Unprotected endpoint
      description: Unprotected endpoint
      operationId: insecureMockResponse      
      responses:
        "200":
          description: successful operation
        "401":
          description: unauthorized
        "403":
          description: access-denied
security:
  - openId: 
      - api
components:
  securitySchemes:
    openId:
      type: openIdConnect
      openIdConnectUrl: /.well-known/openid-configuration
      x-kong-security-openid-connect:
        config: 
          client_id:
          - client_id

Insomnia Version

2023.1.0

What operating system are you using?

Windows

Operating System Version

Windows 10 Enterprise 21H2

Installation method

download from insomnia website and install

Last Known Working Insomnia version

No response

[mrestivill]

Actual behavior:

expected generated source should be:

service: 
 plugins:
   - name: openid-connect   
     config:
       required_scopes: 
       - api
routes: 
 - path: /api/protected/mock 
   plugins:
   - name: openic-connect
      config:
      required_scopes: 
       - protected

on the route it is required the api required_scopes