There is a bug in core OpenAPI version picking function getOpenApiHighestElevatedVersion that could choose an unsupported API version when automatic elevation mechanism endpointElevatedApiVersions is used.
This bug can start occurring when API v36.0 is no longer supported.
The bug occurs in OpenAPI handling function getOpenApiHighestElevatedVersion that picks client API versions for OpenAPI endpoints. It occurs when both of the following conditions are met:
Endpoint in question uses automatic elevation mechanism (has at least single entry in endpointElevatedApiVersions map)
Endpoint has one or more elevation records in endpointElevatedApiVersions, but all of these entries only elevate to API versions older than default minimum supported API version (37.0 at this moment)
Example
So an example when the bug occurs is: We have an endpoint 1.0.0/firewallGroups/. This endpoint leverages automatic elevation mechanism and only has a single record:
"36.0", // Adds support for Dynamic Security Groups by deprecating Type field in favor of TypeValue in endpointElevatedApiVersions.
The function getOpenApiHighestElevatedVersion has a bug when evaluating such conditions and it picks the version that is in the endpointElevatedApiVersions which is 36.0 in a given example. This is not good and will fail when minimum supported version is 37.0.
There are many, but example test that surfaces this bug is Test_NsxtFirewall
There is a bug in core OpenAPI version picking function
getOpenApiHighestElevatedVersionthat could choose an unsupported API version when automatic elevation mechanismendpointElevatedApiVersionsis used.This bug can start occurring when API v36.0 is no longer supported.
The bug occurs in OpenAPI handling function
getOpenApiHighestElevatedVersionthat picks client API versions for OpenAPI endpoints. It occurs when both of the following conditions are met:endpointElevatedApiVersionsmap)endpointElevatedApiVersions, but all of these entries only elevate to API versions older than default minimum supported API version (37.0 at this moment)Example
So an example when the bug occurs is: We have an endpoint
1.0.0/firewallGroups/. This endpoint leverages automatic elevation mechanism and only has a single record:"36.0", // Adds support for Dynamic Security Groups by deprecating Type field in favor of TypeValue in endpointElevatedApiVersions.The function
getOpenApiHighestElevatedVersionhas a bug when evaluating such conditions and it picks the version that is in theendpointElevatedApiVersionswhich is36.0in a given example. This is not good and will fail when minimum supported version is37.0.There are many, but example test that surfaces this bug is
Test_NsxtFirewallAffected tests: