Describe the bughttps://github.com/solo-io/gloo-portal-issues/issues/137 added support for preserving securitySchemes with the preserveApiDocSecurity flag on Environment. In addition to the securityScheme fields, we also need to include security fields in the original OpenAPI definition referenced in an ApiDoc.
I can confirm that the securitySchemes do get merged in the final OpenAPI, but any security fields are not carried over. Here's the relevant sections from my example app:
"securitySchemes": {
"devportal-apikey-auth": {
"description": "API Key-Based Security provided by Gloo Portal",
"in": "header",
"name": "api-key",
"type": "apiKey"
},
"foo-auth": {
"description": "Foo auth (we want to disply this in the portal UI)",
"in": "header",
"name": "foo",
"type": "apiKey"
}
}
"security": [
{
"devportal-apikey-auth": []
}
Bring up the API in dev portal and authorize with both security schemes. Note that only api-key is provided in the auth options for the actual API calls.
Expected behavior
The merged OpenAPI definition should include security components from the original OpenAPI definition in addition to our generated definitions, e.g.
Describe the bug https://github.com/solo-io/gloo-portal-issues/issues/137 added support for preserving securitySchemes with the
preserveApiDocSecurity
flag on Environment. In addition to the securityScheme fields, we also need to include security fields in the original OpenAPI definition referenced in an ApiDoc.I believe the root cause is that we are merging securitySchemes fields with the new flag, but we still dump the original security field. This looks like we discard the security field from the original APIDoc And here we just add our own security scheme ref to the security field
I can confirm that the securitySchemes do get merged in the final OpenAPI, but any security fields are not carried over. Here's the relevant sections from my example app:
To Reproduce
Expected behavior The merged OpenAPI definition should include security components from the original OpenAPI definition in addition to our generated definitions, e.g.
Additional context Original issue: https://github.com/solo-io/gloo-portal-issues/issues/137