Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add security field at the operation level #505

Merged
merged 4 commits into from
Apr 14, 2022

Conversation

LokeshRishi
Copy link

File % Stmts % Branch % Funcs % Lines Uncovered Line #s
All files 95.87 88.33 97.32 98.21
lib 96.29 88.79 99.24 98.85
anonymousNaming.js 100 95.45 100 100 28
asyncapiSchemaFormatParser.js 100 100 100 100
constants.js 100 100 100 100
customValidators.js 99.02 96.97 100 100 45,513,541-545
index.js 100 100 100 100
iterators.js 94.64 88.1 95.65 99.04 243
json-parse.js 95.45 66.67 100 95.45 41
parser.js 97.35 91.07 100 99.02 112
utils.js 91.1 79.38 100 96.75 83-85,94-96
lib/errors 95 91.67 66.67 93.33
parser-error.js 95 91.67 66.67 93.33 60
lib/mixins 100 100 100 100
bindings.js 100 100 100 100
description.js 100 100 100 100
external-docs.js 100 100 100 100
specification-extensions.js 100 100 100 100
tags.js 100 100 100 100
lib/models 95.05 85.78 96.21 97.41
asyncapi.js 95.83 87.1 96.77 96.58 54,274,319,354
base.js 80 75 100 100 11,21
channel-parameter.js 90 50 100 100 30
channel.js 93.55 83.33 100 100 75-83
components.js 100 100 100 100
contact.js 100 100 100 100
correlation-id.js 100 100 100 100
external-docs.js 100 100 100 100
info.js 100 100 100 100
license.js 100 100 100 100
message-trait.js 100 100 100 100
message-traitable.js 92 66.67 100 100 39-47
message.js 93.75 80 100 100 33,48-55
oauth-flow.js 100 100 100 100
operation-security-requirement.js 100 100 100 100
operation-trait.js 100 100 100 100
operation-traitable.js 100 100 100 100
operation.js 80 66.67 88.89 86.36 18-20
publish-operation.js 40 100 0 40 15-29
schema.js 100 96.77 100 100 421,437
security-scheme.js 100 100 100 100
server-security-requirement.js 100 100 100 100
server-variable.js 92.31 50 100 100 30
server.js 94.44 50 100 100 69
subscribe-operation.js 40 100 0 40 15-29
tag.js 100 100 100 100
utils.js 100 100 100 100

Description
We are using AsyncAPI specifications for publishing the subscriber specific details of our topics and associated payloads for our HTTP push use cases.

Our subscribable channels(or topics) are protected by a set of OAuth scopes (authorization code or client credentials) - that a potential subscriber needs to be aware of.

Here is a sample contract.

We are able to accommodate almost every detail of interest to an integrator/subscriber (THANK YOU) - with the exception of being able to call out the oauth scopes necessary for the subscription to the topic - i.e. the security aspect at the channel or rather channel/operation level.

The current specification is perhaps more aligned with a broker based topology - but ours is a pure push use case (to registered webhooks) and we need an ability to call out any security aspects at the channel operation level.

Related issue(s)
#434
asyncapi/spec-json-schemas#189

Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome to AsyncAPI. Thanks a lot for creating your first pull request. Please check out our contributors guide useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

API.md Outdated
@@ -265,6 +265,7 @@
* [.hasTraits()](#module_@asyncapi/parser+Operation+hasTraits) ⇒ <code>boolean</code>
* [.messages()](#module_@asyncapi/parser+Operation+messages) ⇒ <code>Array.&lt;Message&gt;</code>
* [.message()](#module_@asyncapi/parser+Operation+message) ⇒ <code>Message</code>
* [.OperationSecurityRequirement](#module_@asyncapi/parser+OperationSecurityRequirement) ⇐ <code>Base</code>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 where is this defined?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doc should be generated automatically iirc.
Indeed OperationSecurityRequirementis not the method you declared, but Security.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @fmvilas and @smoya
If its generated automatically, would you suggest reverting my changes?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you mind trying npm run docs? This command should build the right API doc.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The whole PR is ok, just delete the above and I can accept :)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@smoya @magicmatatjahu I deleted my changes to the API doc and regenerated it using the above command.

@smoya smoya mentioned this pull request Mar 31, 2022
55 tasks
@smoya
Copy link
Member

smoya commented Mar 31, 2022

Thanks for the PR @LokeshRishi! would you mind fixing the title to be compliant with Conventional Commits? You have an error on it. See https://github.com/asyncapi/parser-js/runs/5698773473?check_suite_focus=true

Error: The subject "Add security field at the operation level" found in the pull request title "feat: Add security field at the operation level" should start with a lowercase character.

@LokeshRishi LokeshRishi changed the title feat: Add security field at the operation level feat: add security field at the operation level Mar 31, 2022
@LokeshRishi
Copy link
Author

@smoya @fmvilas Gentle reminder

describe('#security()', function() {
it('should return an array of security requirements objects', function() {
const d = new Operation(js);
expect(Array.isArray(d.security())).to.equal(true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to test that the array is not empty. Otherwise, in the case it is empty, the logic inside the following forEach won't ever be executed.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@smoya Thanks for the review! I have incorporated the suggestion.

it('should return an array of security requirements objects', function() {
const d = new Operation(js);
expect(Array.isArray(d.security())).to.equal(true);
expect(d.security().length > 0).to.equal(true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: I think you can simplify this with the proper Jest function:

Suggested change
expect(d.security().length > 0).to.equal(true);
expect(d.security()).toHaveLength(1);

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.toHaveLength(1); was throwing an error, I have update it to .to.have.lengthOf(1)

@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 5, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Copy link
Member

@smoya smoya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@smoya
Copy link
Member

smoya commented Apr 5, 2022

@magicmatatjahu would you mind aproving workflows? Thanks!
2022-04-05 at 15 38 48

@smoya
Copy link
Member

smoya commented Apr 14, 2022

/rtm

@asyncapi-bot asyncapi-bot merged commit 20b9017 into asyncapi:2022-04-release Apr 14, 2022
@asyncapi-bot
Copy link
Contributor

🎉 This PR is included in version 1.15.0-2022-04-release.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

WaleedAshraf pushed a commit to WaleedAshraf/parser-js that referenced this pull request Apr 20, 2022
WaleedAshraf pushed a commit to WaleedAshraf/parser-js that referenced this pull request Apr 20, 2022
WaleedAshraf pushed a commit to WaleedAshraf/parser-js that referenced this pull request Apr 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants