This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

OAS Validation on response keys - not values

Posted a week ago
alirz
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

How can i use the message body of response with OASValidation but don't care about null or undefined values. 

For instance if in my spec i have 

 

 

properties:
  name:
    type: string

 

 

If my backend returns a name as undefined, the OAS validator doesn't like it. One solution is to add nullable true to the spec. However, I was wondering if there's a way to have the validator only check for the existence of the keys (in this case name), not its value.

 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OASValidation continueOnError="false" enabled="true" name="OAS-Response-Validation">
    <DisplayName>OAS-Response-Validation</DisplayName>
    <Options>
        <ValidateMessageBody>true</ValidateMessageBody>
    </Options>
    <Source>response</Source>
    <OASResource>oas://apispec.yaml</OASResource>
</OASValidation>

 

 

Solved Solved
0 9 142
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
paul-wright
Staff
In response to alirz
Reply posted on --/--/---- --:-- AM

OK, I see.

Looking down this path, it starts to beg the question on what types of customization should be allowed on top of what is specified in the spec itself. For instance today, you can optionally configure the behavior of the policy when header, query, or cookie parameters are present in the request that are not defined in the OpenAPI Specification by using the <AllowUnspecifiedParameters> tag.

However, I think this is a slippery slope. The spec is there to give you control on what and what not to look for. For instance, if we had a flag that allowed nulls for values... it would probably have to do that for all values, at which point it may be performing a kind of schema structure check, but would allow a basically empty payload to pass through.

The OAS spec allows you to make the choices, to have the control, to determine which fields, parameters, properties, should exist, have a specific value type, etc.

I think in the long run, specifying which fields can accept nulls is the way to go for the use case you have described.

View solution in original post

Jump to Solution
0 Likes
9 REPLIES 9
Top Solution Authors
View all