The tldr there is that the 3.0 specification says specifically that a required readOnly field isnt required in a request body, and a required writeOnly field isnt required in a response body.
Then in 3.1 it gets a bit more vague and says those keywords are annotations and applications can chose to do with them whatever they like, which could be the same functionality as 3.0 or could be something else if you decide...
Then ->assertValidRequest() should be stripping/ignoring properties with readOnly: true, and ->assertValidResponse(201) should be stripping/ignoring properties with writeOnly: true.
A bit of a faff I know but this is pretty common usage in OpenAPI-land.
As always happy to offer a bribe to whoever can work on this.
When is a required field not required? When it's readOnly and you're writing, or writeOnly and you're reading.
This is something we had to handle when working on contract testing functionality in Prism: https://github.com/stoplightio/prism/issues/1142
The tldr there is that the 3.0 specification says specifically that a required readOnly field isnt required in a request body, and a required writeOnly field isnt required in a response body.
Then in 3.1 it gets a bit more vague and says those keywords are annotations and applications can chose to do with them whatever they like, which could be the same functionality as 3.0 or could be something else if you decide...
Anyhow, if I have something like this:
Then
->assertValidRequest()
should be stripping/ignoring properties withreadOnly: true
, and->assertValidResponse(201)
should be stripping/ignoring properties withwriteOnly: true
.A bit of a faff I know but this is pretty common usage in OpenAPI-land.
As always happy to offer a bribe to whoever can work on this.