search

stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI v3.1, v3.0, and v2.0 as well as AsyncAPI v2.x.
https://stoplight.io/spectral
Apache License 2.0
2.43k stars 235 forks source link

Validation failing with `oneOf` #2528

Closed miller79 closed 12 months ago

miller79 commented 1 year ago

It appears that the oas3-valid-media-example has some kind of issue with oneOf that I haven't be able to identify. I've created an OpenAPI spec that exposes the issue below.

openapi: 3.1.0
info:
  title: 'Test'
  version: '1.0.0'
paths:
  /test:
    post:
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                myObject:
                  $ref: '#/components/schemas/myObject'
            examples:
              minimumRequired:
                value:
                  myObject:
                    object2string: '1234'
      responses:
        '204':
          description: Successful action response

components:
  schemas:
    myObject:
      oneOf:
        - $ref: '#/components/schemas/object1'
        - $ref: '#/components/schemas/object2'
    object1:
        type: object
        properties:
          object1string:
            type: string
    object2:
      type: object
      properties:
        object2string:
          type: string

When running this with spectral, it throws the following error:

 20:28    error  oas3-valid-media-example  "myObject" property must match exactly one schema in oneOf     paths./test.post.requestBody.content.application/json.examples.minimumRequired.value.myObject

This appears to be a bug and wanted to see if I could get another eye on it to make sure for one I'm missing something and also to see if its easily fixable.

LasneF commented 12 months ago

@miller79

till none of the object1 or object2 has required fields and additionnalProperties set to false

object2string can match object1 definition as additionnal properties

if you want need this difference , you may either set in object1 the fiels object1string as required , and / or set additionnalProperties to false

that s kind be tricket as additionnalProperties set to false may impact the extensibility ( depending your definition of breaking change)

so to me it is not a bug

miller79 commented 12 months ago

@LasneF I'm not sure if I quite understand what you are proposing. Are you saying because both of the oneOf objects don't have required fields and additionalProperties is set to true that it's matching both objects? If so, that makes sense. I was always supposing that even if you have a schema with no required properties that its still restricted but as you mentioned extensibility may be why it cannot do that.

LasneF commented 12 months ago

yes that s it

and object like { "status" : "happy" } in fact surprisingly will match both schema object1 and object2 , this is why when doing validation of your sample it throw this error your objec1 & object2 schema does not have enough "restriction" . As oneOf is strict ; it MUST match ONE and only ONE schema , it fails if you want to have oneOf you need more restriction in your schema (like introducing some fields required , or additionnalProperties to false) in fact in a oneOf statement , the schema need to be "kind of" incompatible each others

miller79 commented 12 months ago

Thanks for the info! Just played with it and see that it works when doing it that way and makes perfect sense to me now. I'll close this and thanks for the quick education.