search

openziti / edge

Application-embedded connectivity and zero-trust components
Apache License 2.0
74 stars 19 forks source link

AuthPolicyDetail is incompatible with API response #1584

Closed sabedevops closed 1 year ago

sabedevops commented 1 year ago

ziti version: v0.29.0

Attempting GET /auth-policies results in the below exception when using the python generated client to the edge management API.

openziti_edge_management.exceptions.ApiValueError: Invalid inputs given to generate an instance of 'AuthPolicyDetailAllOf'. The input data was invalid for the allOf schema 'AuthPolicyDetailAllOf' in the composed schema 'AuthPolicyDetail'. Error=Invalid type for variable 'allowed_signers'. Required value type is list and passed type was NoneType at ['received_data']['data']['value'][0]['primary']['ext_jwt']['allowed_signers']

The return values for the default auth policies is as follows:

                "extJwt": {
                    "allowed": true,
                    "allowedSigners": null
                }

null is not a list type, and the client is correctly rejecting the reponse as invalid with respect to the definition of allowedSigners here:

https://github.com/openziti/edge-api/blob/main/management.yml#L12905

andrewpmartinez commented 1 year ago

Interesting. This isn't found in any tests or the CLI because Go treats nil/null as semi-equivalent (nil/null is an empty list), so the go generated client happily continues.

We will likely encounter more of these as every language+generator makes different assumptions for edge-case values and data types. The only way to find them preemptively is to use every langue+generator combo out there and test them - which is unfeasible.

We will take care of this.

andrewpmartinez commented 1 year ago

I am transferring this issue to github.com/openziti/edge as this is an edge issue, not a spec issue.