Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generated OpenAPI spec lacks 'securityDefinitions' key #14268

Closed
caseyfw opened this issue May 22, 2017 · 4 comments
Closed

Generated OpenAPI spec lacks 'securityDefinitions' key #14268

caseyfw opened this issue May 22, 2017 · 4 comments
Assignees
@simo5
Labels
component/restapi kind/bug Categorizes issue or PR as related to a bug. priority/P2

Comments

@caseyfw
Copy link

caseyfw commented May 22, 2017

The generated OpenAPI spec is missing the securityDefinitions section that defines which security mechanisms the API supports (e.g. OAuth, HTTP Basic, etc).

This means clients generated from it using tools like Swagger Codegen lack security context and only work with endpoints that do not require auth.

Version

Current master branch.

Steps To Reproduce
curl -s https://raw.githubusercontent.com/openshift/origin/master/api/swagger-spec/openshift-openapi-spec.json | grep securityDefinitions
Current Result

No output.

Expected Result
  "securityDefinitions": {
Additional Information

As a concrete example, here is an OpenShift PHP client generated using the 2.3.0 branch of Swagger Codegen from the current OpenShift API spec in master branch. The PHP codegen templates (correctly) only output auth code if the authMethods item is set, which is derived from the securityDefinitions key in the spec.

The example API spec provided by Swagger shows a correctly configured securityDefinitions item.
@pweil- pweil- added component/restapi kind/bug Categorizes issue or PR as related to a bug. priority/P2 labels May 22, 2017
@mfojtik mfojtik assigned enj and unassigned mfojtik May 30, 2017
@enj
Copy link
Contributor

enj commented May 30, 2017

@liggitt I think the cleanest change would be to update DefaultOpenAPIConfig to extract info from masterConfig to build the SecurityDefinitions. I believe we would want (assuming OpenAPI supports all of these):

  1. OAuth
  2. Bearer Token (web sockets?)
  3. x509

WDYT?

@simo5 simo5 self-assigned this Jun 16, 2017
@simo5
Copy link
Contributor

simo5 commented Jun 16, 2017

Looking at existing securityDefitions examples in the code, it looks like Oauth is considered a Bearertoken and rthere is no differentiation between that ans ServiceAccount tokens ...
Also I could not find any example of x509 auth defintions ...

@enj
Copy link
Contributor

enj commented Jun 17, 2017

@simo5 does swagger differentiate between random noise tokens and JWTs? I believe they use the same header. I would assume you need to look at the swagger specification to determine how to represent tokens, certs, etc.

@simo5
Copy link
Contributor

simo5 commented Jun 19, 2017

Swagger (and code in origin) does not differentiate between JWT and other Bearer tokens.
I couldn't find any example of swagger representing a x509 authentication, so I am kinda blocked on that one.
I will open a WIP PR in a moment to start reasoning on this with some code at hand.

@simo5 simo5 mentioned this issue Jun 19, 2017
Merged
@enj enj mentioned this issue Jun 21, 2017
Open
@simo5 simo5 unassigned enj Jun 26, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simo5 simo5

Labels
component/restapi kind/bug Categorizes issue or PR as related to a bug. priority/P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mfojtik @caseyfw @pweil- @enj @simo5