search

solo-io / gloo-portal-issues

Public tracker for issues related to Gloo Portal
https://docs.solo.io/gloo-portal/latest/
1 stars 3 forks source link

Preserve security component when merging securitySchemes #171

Closed kcbabo closed 2 years ago

kcbabo commented 2 years ago

Describe the bug https://github.com/solo-io/gloo-portal-issues/issues/137 added support for preserving securitySchemes with the preserveApiDocSecurity flag on Environment. In addition to the securityScheme fields, we also need to include security fields in the original OpenAPI definition referenced in an ApiDoc.

I believe the root cause is that we are merging securitySchemes fields with the new flag, but we still dump the original security field. This looks like we discard the security field from the original APIDoc And here we just add our own security scheme ref to the security field

I can confirm that the securitySchemes do get merged in the final OpenAPI, but any security fields are not carried over. Here's the relevant sections from my example app:

"securitySchemes": {
    "devportal-apikey-auth": {
        "description": "API Key-Based Security provided by Gloo Portal",
        "in": "header",
        "name": "api-key",
        "type": "apiKey"
    },
    "foo-auth": {
        "description": "Foo auth (we want to disply this in the portal UI)",
        "in": "header",
        "name": "foo",
        "type": "apiKey"
    }
}
"security": [
    {
        "devportal-apikey-auth": []
    }

To Reproduce

Expected behavior The merged OpenAPI definition should include security components from the original OpenAPI definition in addition to our generated definitions, e.g. 


"security": [
    {
        "devportal-apikey-auth": [],
        "foo-auth": []
    }
]

Additional context Original issue: https://github.com/solo-io/gloo-portal-issues/issues/137

sam-heilbron commented 2 years ago

Original PR merged, backport last remaining piece of work here

bewebi commented 2 years ago

Released in dev-portal 1.2.1 and 1.3.0-beta2