search

OpenAPITools / openapi-generator

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
https://openapi-generator.tech
Apache License 2.0
21.85k stars 6.59k forks source link

[REQ] I want to know the relationship(AND/OR) between security field in operation object. #2817

Open yuji38kwmt opened 5 years ago

yuji38kwmt commented 5 years ago

Is your feature request related to a problem? Please describe.

I want to get information of security field in operation object. https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#operation-object

I want to know the relationship(AND/OR) between OrganizationOwner and ProjectOwner.

swagger1.yaml

Following file means OrganizationOwner OR ProjectOwner

    post:
      security:
      - OrganizationOwner: []
      - ProjectOwner: []

swagger2.yaml

Following file means OrganizationOwner AND ProjectOwner

    post:
      security:
      - OrganizationOwner: []
         ProjectOwner: []

DebugOperations

I saw difference swagger1.yaml and swagger2.yaml with DebugOperations flag. But there is no difference.

      "authMethods" : [ {
        "name" : "OrganizationOwner ",
        "type" : "apiKey",
        "hasMore" : true,
        "isBasic" : false,
        "isOAuth" : false,
        "isApiKey" : true,
        "vendorExtensions" : { },
        "keyParamName" : "Authorization",
        "isKeyInQuery" : false,
        "isKeyInHeader" : true,
        "isKeyInCookie" : false,
        "isCode" : false,
        "isPassword" : false,
        "isApplication" : false,
        "isImplicit" : false
      }, {
        "name" : "ProjectOwner",
        "type" : "apiKey",
        "hasMore" : false,
        "isBasic" : false,
        "isOAuth" : false,
        "isApiKey" : true,
        "vendorExtensions" : { },
        "keyParamName" : "Authorization",
        "isKeyInQuery" : false,
        "isKeyInHeader" : true,
        "isKeyInCookie" : false,
        "isCode" : false,
        "isPassword" : false,
        "isApplication" : false,
        "isImplicit" : false
      } ],

Describe the solution you'd like

I would like to distinguish swagger1.yaml and swagger2.yaml

Environmental

$ docker run --rm   -u `id -u`:`id -g`  -v ${PWD}:/local openapitools/openapi-generator-cli generate \
    -i swagger.yaml \
    -g python \
    -o /local/out \
    -t /local/template \
    -Dapis   -DapiTests=false -DapiDocs=false -dDebugOperations
wing328 commented 5 years ago

From what I recall, swagger parser doesn't distinguish between the two. To overcome such limitation, we use the following logic in the client:

Whenever the API key value or HTTP basic info (username, password) is set, we'll include it in the header or the URL query string.

This does not work well with OR but can be easily workaround by resetting one of the API keys to make sure only one API key is sent out.