This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Issue in OASValidation policy

Posted on 06-05-2023 10:24 PM
Peeyush_Singhai
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi Team,

We are using OASValidation (OpenAPI Specification Validation) policy to validate an incoming request(Manadatory headers) against an OpenAPI 3.0 Specification(JSON or YAML). We have done some analysis and seems like we hit a minor discrepancy in Apigee in this policy to implement.

It works only for the params (headers, etc) that are mentioned directly under parameters tag (not as a reference). The ones mentioned as reference do not get validated for cardinality required. In other words, missing AppID gives the expected error but missing TestID doesn't

However if we set: <ValidateMessageBody>true</ValidateMessageBody> in policy both get validated. However, the challenge with this setting is that it validates the incoming payload against the schema.

Is there a way to just validate incoming parameters (that are mentioned as references) except the payload.

openapi: 3.0.0
info:
  title: Title API
  description: >-
    Some desc

  contact: 
    name: "My Team"
    email: "email@sample.co.uk"
  version: 1.0.1servers:
  - url: 'https://example.com/customer/v1'
    description: some desc
paths:
  /diagnostics/collect:
    get:
      parameters:
        - name: appid
          in: header
          required: true
          schema:
            type: string
        - $ref: '#/components/parameters/TestID'
      responses:
        '200':
          description: OK
components:
  parameters:
    TestID:
      name: testid
      in: header
      required: true
      schema:
        type: string
      example: 8476a9db-f82c-4713-824c-c6046521a947

Please share your inputs on this policy issue.

Thanks

@kurtkanaskie @dchiesa1 @Sai Saran Vaidyanathan
@dknezic @ganadurai @Harish123 @Manisha_Chennu @shrenikkumar-s @Renuka_atnoor 

1 5 447
Topic Labels
5 REPLIES 5

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

That seems like a bug to me! Have you reported this to Apigee support?  They can file a bug on your behalf, and route it to the appropriate engineering team. 

Posted on --/--/---- --:-- AM
Peeyush_Singhai
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Thanks @dchiesa1 ,

We will raise a ticket to Apigee support.

Posted on --/--/---- --:-- AM
shrenikkumar-s
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Google created an internal bug ID: 286770010 on this matter.

Posted on --/--/---- --:-- AM
soosmarci
Bronze 4
Bronze 4
In response to shrenikkumar-s
Reply posted on --/--/---- --:-- AM

@shrenikkumar-s , @dchiesa1 do you have any update on this 286770010 bug?
I have tried to find this ticket on the public internet, but did not find anything.
Thank you in advance!
Marcello

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to soosmarci
Reply posted on --/--/---- --:-- AM

Hi soosmarci, 

that reference number is internal to Google. You won't be able to see it or examine it directly.  It refers to a ticket in our internal ticketing system .

And, as for status - i just looked, and it's still in the backlog.  I'm sorry I don't have better news. My only suggestion: If you have a support contact, you can connect with that person and ask to escalate the priority of this bug. That is also not a guarantee that it will be fixed quickly, but it is a way to request more attention on the ticket.