You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+106-6Lines changed: 106 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,7 +65,7 @@ Obviously, if you have a lot of secret variables that need adding as inputs, the
65
65
66
66
## OpenAPI Servers
67
67
68
-
OpenAPI Documents allow you to specify servers at the root, [path](https://spec.openapis.org/oas/latest.html#path-item-object) and [operation](https://spec.openapis.org/oas/latest.html#operation-object) level. They allow you to specify multiple servers, however the OpenAPI specification is opinionated that all servers specified in a Document should return the same thing.
68
+
OpenAPI Documents allow you to specify servers at the root, [path](https://spec.openapis.org/oas/latest.html#path-item-object) and [operation](https://spec.openapis.org/oas/latest.html#operation-object) level. They allow you to specify multiple servers, however the OpenAPI specification is opinionated that all servers specified in a Document should return the same thing and this Arazzo Runner will follow this opinion and only attempt one of the specified servers.
69
69
70
70
This Arazzo Runner will pick the first server it comes across in the array of servers and run the operation against that.
71
71
@@ -77,10 +77,114 @@ It will attempt to map to the [Server Variables](https://spec.openapis.org/oas/l
77
77
78
78
## OpenAPI Parameters
79
79
80
-
OpenAPI Documents allow you to specify [`header`, `path` and `query` parameters](https://spec.openapis.org/oas/latest.html#parameter-object) in myriad of styles. This Arazzo Runner will respect your styling (unless you specify stylings for `Accept`, `Authorization` or `Content-Type` headers, then it will ignore the stylings, as per the OpenAPI specification) and send the format to the server as specified by your OpenAPI document.
80
+
OpenAPI Documents allow you to specify [`header`, `path` and `query` parameters](https://spec.openapis.org/oas/latest.html#parameter-object) in myriad of styles. This Arazzo Runner will respect your styling (unless you specify stylings for `Accept`, `Authorization` or `Content-Type` headers, then it will ignore the stylings, as per the OpenAPI specification) and send the format to the server as specified by your OpenAPI Document.
81
81
82
82
It currently does not follow the `allowEmptyValue`, `allowReserved` or the `content` keywords currently.
83
83
84
+
## OpenAPI Security
85
+
86
+
OpenAPI Document security is supported. There are a couple of ways that you will have to document your Arazzo Workflow for certain documentation types.
87
+
88
+
### Basic
89
+
90
+
For HTTP Basic authentication, you should document your Arazzo like:
> mutualTLS is quite a complex authorization topic. I have written a naive way of dealing with it that I am unsure will actually work in production. If you are using mutualTLS and this Arazzo Runner and find that you run into bugs/issues, please do feel free to opena. report. The more I know and understand mutualTLS the better I can support it.
151
+
152
+
You will need to provide inputs for your ClientKey and ClientCert as their path locations:
153
+
154
+
**input.json**
155
+
156
+
```json
157
+
{
158
+
"deleteCurrentUser-mutualTLS": {
159
+
"username": "jack",
160
+
"key": "./client-key.pem",
161
+
"cert": "./client-cert.pem"
162
+
}
163
+
}
164
+
```
165
+
166
+
`key` and `cert` are reserved names when used in an OpenAPI Document with `mutualTLS` as the authentication method. The Runner will error out if they are not found.
167
+
168
+
### UNSUPPORTED oauth/openId
169
+
170
+
**CURRENTLY UNSUPPORTED**
171
+
172
+
You will need to provide inputs for your clientId and clientSecret:
173
+
174
+
**input.json**
175
+
176
+
```json
177
+
{
178
+
"deleteCurrentUser-mutualTLS": {
179
+
"username": "jack",
180
+
"clientId": "abc123",
181
+
"clientSecret": "123abc"
182
+
}
183
+
}
184
+
```
185
+
186
+
`clientId` and `clientSecret` are reserved name and will be used when oauth or openId authentication is set.
187
+
84
188
## Logging And Reporting
85
189
86
190
### Logging
@@ -111,10 +215,6 @@ Work on Reporting still needs completeing.
111
215
112
216
## Still unsupported
113
217
114
-
### Security
115
-
116
-
OpenAPI security is still not fully supported
117
-
118
218
### PathOperation
119
219
120
220
Accessing an OpenAPI operation by Operation Path `'{$sourceDescriptions.petstoreDescription.url}#/paths/~1pet~1findByStatus/get'` does not work currently
0 commit comments