search

stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI (v3.1, v3.0, and v2.0), Arazzo v1.0, as well as AsyncAPI v2.x.
https://stoplight.io/spectral
Apache License 2.0
2.45k stars 234 forks source link

spectral:oas ruleset doesn't recognize mutualTLS option for security scheme #2476

Closed pdconant closed 1 year ago

pdconant commented 1 year ago

Describe the bug When validating an OpenAPI spec that uses Mutual TLS, spectral lint, spectral reports that mutualTLS is not a viable security scheme. Mutual TLS support was added to Open API 3.1.

To Reproduce

  1. Create a .spectral.json file containing: 
    {
"extends": ["spectral:oas", "spectral:asyncapi"]
}

  2. And an API spec that contains:

    
"securitySchemes" : {
  "MutualTLS" : {
    "type" : "mutualTLS"
  }
}
  3. Run the command: spectral lint {path-to}/api.json --ruleset {path-to}/.spectral.json,
  4. Observe the following output: 
    2451:15    error  oas3-schema            Invalid security scheme.                                                                                  components.securitySchemes.MutualTLS
2452:13    error  oas3-schema            "type" property must be equal to one of the allowed values: "apiKey", "http", "oauth2", "openIdConnect".  components.securitySchemes.MutualTLS.type

Expected behavior Expected mutualTLS to be supported since it was added to OAS 3.1 here: https://github.com/OAI/OpenAPI-Specification/pull/1764

pdconant commented 1 year ago

Oops -- My OPenAPI spec references OAS 3.0.1 instead of 3.1. Will fix and verify that it's working as expected.

pdconant commented 1 year ago

Confirmed - spectral is working exactly as expected.