feat: add security field at the operation level #505
Conversation
LokeshRishi
requested review from
fmvilas,
magicmatatjahu,
jonaslagoni,
derberg and
asyncapi-bot-eve
as code owners
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Welcome to AsyncAPI. Thanks a lot for creating your first pull request. Please check out our contributors guide useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.
API.md
Outdated
| @@ -265,6 +265,7 @@ | |||
| * [.hasTraits()](#module_@asyncapi/parser+Operation+hasTraits) ⇒ <code>boolean</code> | |||
| * [.messages()](#module_@asyncapi/parser+Operation+messages) ⇒ <code>Array.<Message></code> | |||
| * [.message()](#module_@asyncapi/parser+Operation+message) ⇒ <code>Message</code> | |||
| * [.OperationSecurityRequirement](#module_@asyncapi/parser+OperationSecurityRequirement) ⇐ <code>Base</code> | |||
There was a problem hiding this comment.
This doc should be generated automatically iirc.
Indeed OperationSecurityRequirementis not the method you declared, but Security.
There was a problem hiding this comment.
Would you mind trying npm run docs? This command should build the right API doc.
There was a problem hiding this comment.
The whole PR is ok, just delete the above and I can accept :)
There was a problem hiding this comment.
@smoya @magicmatatjahu I deleted my changes to the API doc and regenerated it using the above command.
|
Thanks for the PR @LokeshRishi! would you mind fixing the title to be compliant with Conventional Commits? You have an error on it. See https:/asyncapi/parser-js/runs/5698773473?check_suite_focus=true
|
LokeshRishi
changed the title
| describe('#security()', function() { | ||
| it('should return an array of security requirements objects', function() { | ||
| const d = new Operation(js); | ||
| expect(Array.isArray(d.security())).to.equal(true); |
There was a problem hiding this comment.
We need to test that the array is not empty. Otherwise, in the case it is empty, the logic inside the following forEach won't ever be executed.
There was a problem hiding this comment.
@smoya Thanks for the review! I have incorporated the suggestion.
test/models/operation_test.js
Outdated
| it('should return an array of security requirements objects', function() { | ||
| const d = new Operation(js); | ||
| expect(Array.isArray(d.security())).to.equal(true); | ||
| expect(d.security().length > 0).to.equal(true); |
There was a problem hiding this comment.
Nitpick: I think you can simplify this with the proper Jest function:
| expect(d.security().length > 0).to.equal(true); | |
| expect(d.security()).toHaveLength(1); |
There was a problem hiding this comment.
.toHaveLength(1); was throwing an error, I have update it to .to.have.lengthOf(1)
|
Kudos, SonarCloud Quality Gate passed!
|
|
@magicmatatjahu would you mind aproving workflows? Thanks! |
|
/rtm |
|
🎉 This PR is included in version 1.15.0-2022-04-release.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Description
We are using AsyncAPI specifications for publishing the subscriber specific details of our topics and associated payloads for our HTTP push use cases.
Our subscribable channels(or topics) are protected by a set of OAuth scopes (authorization code or client credentials) - that a potential subscriber needs to be aware of.
Here is a sample contract.
We are able to accommodate almost every detail of interest to an integrator/subscriber (THANK YOU) - with the exception of being able to call out the oauth scopes necessary for the subscription to the topic - i.e. the security aspect at the channel or rather channel/operation level.
The current specification is perhaps more aligned with a broker based topology - but ours is a pure push use case (to registered webhooks) and we need an ability to call out any security aspects at the channel operation level.
Related issue(s)
#434
asyncapi/spec-json-schemas#189