search

Redocly / redocly-cli

⚒️ Redocly CLI makes OpenAPI easy. Lint/validate to any standard, generate beautiful docs, and more.
https://redocly.com/docs/cli/
MIT License
913 stars 139 forks source link

join command does not join root security #1409

Open ootkin opened 8 months ago

ootkin commented 8 months ago

Describe the bug

security section is not joined in the output if a schema specify the security section in the root level

To Reproduce

spec1.yaml:

openapi: 3.1.0
info:
  title: "spec1"
  version: 1.0.0
servers:
  - url: https://api.example.com
security:
  - oauth2: []
components:
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://example.com/oauth/authorize
          tokenUrl: https://example.com/oauth/token
          scopes: {}
paths: {}

spec2.yaml:

openapi: 3.1.0
info:
  title: "spec1"
  version: 1.0.0
servers:
  - url: https://api.example.com
paths:
  /post:
    get:
      summary: Example
      operationId: example
      responses:
        200:
          description: OK
        400:
          description: Bad request

run command: npx @redocly/cli join spec1.yaml spec2.yaml -o joined.yaml

output:

openapi: 3.1.0
info:
  title: spec1
  version: 1.0.0
servers:
  - url: https://api.example.com
tags:
  - name: spec2_other
    x-displayName: other
paths:
  /post:
    get:
      summary: Example
      operationId: example
      responses:
        '200':
          description: OK
        '400':
          description: Bad request
      tags:
        - spec2_other
components:
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://example.com/oauth/authorize
          tokenUrl: https://example.com/oauth/token
          scopes: {}
x-tagGroups:
  - name: spec2
    tags:
      - spec2_other

Expected behavior

the security in the root level must be present in the output

OpenAPI description

oas version: 3.1

Redocly Version(s)

1.6.0

Node.js Version(s)

v20.10.0

tatomyr commented 8 months ago

This looks like a bug. Thank you for finding this!

lornajane commented 7 months ago

See also: #913

MarcelHoell commented 6 months ago

We've got some custom 'x-' properties right inside the root object (same level as 'openapi', 'info', ...), which get lost upon 'join'. Maybe this is the same issue?

artsiommiksiuk commented 4 months ago

Are there any workarounds until it's fixed? Except blunt text append to generated schema.

tatomyr commented 4 months ago

@MarcelHoell not exactly the same, but rather similar. Currently, we have to specify the fields to be merged in the code, and I think it will be difficult to merge unknown fields correctly (although it is still worth investigating).

@artsiommiksiuk unfortunately I cannot come up with a workaround here. Just in case, we accept PRs here!