[TT-14863] Replace github.com/TykTechnologies/kin-openapi with github.com/getkin/kin-openapi

[edsonmichaque]

User description

TT-10853

Summary	[SPIKE] PoC for updating kin-openapi dependency
Type	Story
Status	In Dev
Points	N/A
Labels	-

---

Description

This PR replaces the internal fork github.com/TykTechnologies/kin-openapi with the official upstream module github.com/getkin/kin-openapi. Migrating to the maintained upstream version reduces technical debt, ensures long-term maintainability, and gives us access to the latest features, bug fixes, and security updates from the community.

Related Issue

https://tyktech.atlassian.net/browse/TT-14863

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

---

PR Type

enhancement

---

Description

• Upgrade kin-openapi dependency to v0.132.0

• Refactor codebase for new kin-openapi API usage

• Update all imports from old to new kin-openapi module path

• Adjust OpenAPI Paths/Responses handling for new API

---

Changes walkthrough 📝

	Relevant files
Dependencies	2 files go.mod Update kin-openapi and related dependencies to latest versions +6/-7      go.sum Update dependency hashes for new kin-openapi and others    +12/-25
Tests	20 files operation_test.go Refactor tests for new kin-openapi Paths/Responses API      +155/-138 default_test.go Refactor tests for new kin-openapi Paths/Responses API      +49/-43  oas_test.go Refactor OAS tests for new Paths/Responses API                      +30/-16  fixtures_test.go Update kin-openapi import path in fixtures test                    +1/-1      import_test.go Update import test for new Paths API                                          +2/-2      security_test.go Refactor security tests for new Paths API                                +4/-4      validator_test.go Refactor validator tests for new kin-openapi API                  +15/-10  example_test.go Update kin-openapi import path in example tests                    +1/-1      api_definition_test.go Update kin-openapi import path in API definition tests      +1/-1      api_test.go Refactor API tests for new kin-openapi Paths API                  +46/-56  looping_test.go Update kin-openapi import path in looping tests                    +2/-2      mock_response_test.go Refactor mock response tests for new kin-openapi API          +76/-64  mw_oas_validate_request_test.go Update kin-openapi import path in middleware tests              +1/-1      mw_streaming_test.go Update kin-openapi import path in streaming tests                +1/-1      testutil.go Update kin-openapi import path in test utilities                  +2/-2      mw_go_plugin_test.go Update kin-openapi import path in Go plugin tests                +1/-1      root_test.go Update kin-openapi import path in root tests                          +1/-1      validator_test.go Update kin-openapi import path in streams validator tests +2/-2      ctx_test.go Update kin-openapi import path in context tests                    +1/-1      paths_test.go Update Paths test for new kin-openapi API                                +3/-2
Enhancement	15 files operation.go Refactor OAS operation logic for new kin-openapi API          +15/-13  default.go Update middleware import logic for new Paths API                  +2/-2      example.go Update example extraction for new Schema type API                +7/-7      oas.go Update OAS struct for new kin-openapi import path                +1/-1      security.go Update kin-openapi import path in security logic                  +1/-1      authentication.go Update kin-openapi import path in authentication logic      +1/-1      old_oas.go Update kin-openapi import path for migration logic              +2/-2      api.go Update kin-openapi import path in API logic                            +1/-1      api_definition.go Update kin-openapi and router imports in API definition    +2/-2      mock_response.go Refactor mock response logic for new Responses API              +4/-2      model_apispec.go Update kin-openapi router import path                                        +1/-1      mw_oas_validate_request.go Update kin-openapi and filter imports in middleware            +2/-2      mw_version_check.go Update kin-openapi router import path in version check      +1/-1      openapi.go Update kin-openapi import path and Paths iteration              +2/-2      paths.go Refactor Paths utilities for new kin-openapi API                  +5/-3

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[buger]

Let's make that PR title a 💯 shall we? 💪

Your PR title and story title look slightly different. Just checking in to know if it was intentional!

Story Title	[SPIKE] PoC for updating kin-openapi dependency
PR Title	[TT-10853] Upgrade kin-openapi to v0.132.0

Check out this guide to learn more about PR best-practices.

[github-actions]

API Changes

no api changes detected

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review API Surface Change The PR updates usage of the openapi3.Paths type throughout the codebase to use the new NewPaths() constructor and .Map() accessor methods, reflecting a breaking change in the kin-openapi library. This impacts how paths and responses are accessed and mutated. The reviewer should validate that all usages of paths, operations, and responses are correctly migrated, especially in edge cases or dynamic path manipulations. // Regardless if `ep` is a zero value, we need a non-nil paths // to produce a valid OAS document if s.Paths == nil { s.Paths = openapi3.NewPaths() } s.fillAllowance(ep.WhiteList, allow) s.fillAllowance(ep.BlackList, block) s.fillAllowance(ep.Ignored, ignoreAuthentication) s.fillTransformRequestMethod(ep.MethodTransforms) s.fillTransformRequestBody(ep.Transform) s.fillTransformResponseBody(ep.TransformResponse) s.fillTransformRequestHeaders(ep.TransformHeader) s.fillTransformResponseHeaders(ep.TransformResponseHeader) s.fillURLRewrite(ep.URLRewrite) s.fillInternal(ep.Internal) s.fillCache(ep.AdvanceCacheConfig) s.fillEnforceTimeout(ep.HardTimeouts) s.fillOASValidateRequest(ep.ValidateJSON) s.fillVirtualEndpoint(ep.Virtual) s.fillEndpointPostPlugins(ep.GoPlugin) s.fillCircuitBreaker(ep.CircuitBreaker) s.fillTrackEndpoint(ep.TrackEndpoints) s.fillDoNotTrackEndpoint(ep.DoNotTrackEndpoints) s.fillRequestSizeLimit(ep.SizeLimit) s.fillRateLimitEndpoints(ep.RateLimit) s.fillMockResponsePaths(*s.Paths, ep) } // fillMockResponsePaths converts classic API mock responses to OAS format. // This method only handles direct mock response conversions, as other middleware // configurations (like allow lists, block lists, etc.) are converted to classic // API mock responses in an earlier step of the process. // // For each mock response, it: // 1. Creates an OAS operation with a unique ID (if it doesn't exist) // 2. Sets up the mock response with content type detection and example values // 3. Configures the operation to ignore authentication for this endpoint // // The content type is determined by: // - Checking the Content-Type header if present // - Attempting to parse the body as JSON // - Defaulting to text/plain if neither above applies func (s *OAS) fillMockResponsePaths(paths openapi3.Paths, ep apidef.ExtendedPathsSet) { for _, mock := range ep.MockResponse { operationID := s.getOperationID(mock.Path, mock.Method) var operation *openapi3.Operation for _, item := range paths.Map() { if op := item.GetOperation(mock.Method); op != nil && op.OperationID == operationID { operation = op break } } if operation.Responses == nil { operation.Responses = openapi3.NewResponses() } // Response description is required by the OAS spec, but we don't have it in Tyk classic. // So we're using a dummy value to satisfy the spec. var oasDesc string response := &openapi3.Response{ Description: &oasDesc, } operation.Responses.Set(strconv.Itoa(mock.Code), &openapi3.ResponseRef{ Value: response, }) operation.Responses.Delete("default") tykOperation := s.GetTykExtension().getOperation(operation.OperationID) if tykOperation.MockResponse == nil { tykOperation.MockResponse = &MockResponse{} } tykOperation.MockResponse.Fill(mock) if tykOperation.IgnoreAuthentication == nil && tykOperation.MockResponse.FromOASExamples == nil { // We need to to add ignoreAuthentication middleware to the operation // to stay consistent to the way mock responses work for classic APIs tykOperation.IgnoreAuthentication = &Allowance{Enabled: true} } if ShouldOmit(tykOperation.MockResponse) { tykOperation.MockResponse = &MockResponse{ FromOASExamples: &FromOASExamples{}, } } } } func (s *OAS) extractPathsAndOperations(ep *apidef.ExtendedPathsSet) { ep.Clear() tykOperations := s.getTykOperations() if len(tykOperations) == 0 { return } for _, pathItem := range oasutil.SortByPathLength(*s.Paths) { for id, tykOp := range tykOperations { path := pathItem.Path for method, operation := range pathItem.Operations() { if id == operation.OperationID { tykOp.extractAllowanceTo(ep, path, method, allow) tykOp.extractAllowanceTo(ep, path, method, block) tykOp.extractAllowanceTo(ep, path, method, ignoreAuthentication) tykOp.extractInternalTo(ep, path, method) tykOp.extractTransformRequestMethodTo(ep, path, method) tykOp.extractTransformRequestBodyTo(ep, path, method) tykOp.extractTransformResponseBodyTo(ep, path, method) tykOp.extractTransformRequestHeadersTo(ep, path, method) tykOp.extractTransformResponseHeadersTo(ep, path, method) tykOp.extractURLRewriteTo(ep, path, method) tykOp.extractCacheTo(ep, path, method) tykOp.extractEnforceTimeoutTo(ep, path, method) tykOp.extractVirtualEndpointTo(ep, path, method) tykOp.extractEndpointPostPluginTo(ep, path, method) tykOp.extractCircuitBreakerTo(ep, path, method) tykOp.extractTrackEndpointTo(ep, path, method) tykOp.extractDoNotTrackEndpointTo(ep, path, method) tykOp.extractRequestSizeLimitTo(ep, path, method) tykOp.extractRateLimitEndpointTo(ep, path, method) break } } } } sortMockResponseAllowList(ep) } func (s *OAS) fillAllowance(endpointMetas []apidef.EndPointMeta, typ AllowanceType) { for _, em := range endpointMetas { operationID := s.getOperationID(em.Path, em.Method) operation := s.GetTykExtension().getOperation(operationID) var allowance *Allowance switch typ { case block: allowance = newAllowance(&operation.Block) case ignoreAuthentication: allowance = newAllowance(&operation.IgnoreAuthentication) default: // Skip endpoints that have mock responses configured via method actions, we should avoid // creating allowance for them. if hasMockResponse(em.MethodActions) { continue } allowance = newAllowance(&operation.Allow) } allowance.Fill(em) if ShouldOmit(allowance) { allowance = nil } } } func newAllowance(prev **Allowance) *Allowance { if *prev == nil { *prev = &Allowance{} } return *prev } func (s *OAS) fillTransformRequestMethod(metas []apidef.MethodTransformMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.TransformRequestMethod == nil { operation.TransformRequestMethod = &TransformRequestMethod{} } operation.TransformRequestMethod.Fill(meta) if ShouldOmit(operation.TransformRequestMethod) { operation.TransformRequestMethod = nil } } } func (s *OAS) fillTransformRequestBody(metas []apidef.TemplateMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.TransformRequestBody == nil { operation.TransformRequestBody = &TransformBody{} } operation.TransformRequestBody.Fill(meta) if ShouldOmit(operation.TransformRequestBody) { operation.TransformRequestBody = nil } } } func (s *OAS) fillTransformResponseBody(metas []apidef.TemplateMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.TransformResponseBody == nil { operation.TransformResponseBody = &TransformBody{} } operation.TransformResponseBody.Fill(meta) if ShouldOmit(operation.TransformResponseBody) { operation.TransformResponseBody = nil } } } func (s *OAS) fillTransformRequestHeaders(metas []apidef.HeaderInjectionMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.TransformRequestHeaders == nil { operation.TransformRequestHeaders = &TransformHeaders{} } operation.TransformRequestHeaders.Fill(meta) if ShouldOmit(operation.TransformRequestHeaders) { operation.TransformRequestHeaders = nil } } } func (s *OAS) fillTransformResponseHeaders(metas []apidef.HeaderInjectionMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.TransformResponseHeaders == nil { operation.TransformResponseHeaders = &TransformHeaders{} } operation.TransformResponseHeaders.Fill(meta) if ShouldOmit(operation.TransformResponseHeaders) { operation.TransformResponseHeaders = nil } } } func (s *OAS) fillCache(metas []apidef.CacheMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.Cache == nil { operation.Cache = &CachePlugin{} } operation.Cache.Fill(meta) if ShouldOmit(operation.Cache) { operation.Cache = nil } } } func (s *OAS) fillEnforceTimeout(metas []apidef.HardTimeoutMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.EnforceTimeout == nil { operation.EnforceTimeout = &EnforceTimeout{} } operation.EnforceTimeout.Fill(meta) if ShouldOmit(operation.EnforceTimeout) { operation.EnforceTimeout = nil } } } func (s *OAS) fillRequestSizeLimit(metas []apidef.RequestSizeMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.GetTykExtension().getOperation(operationID) if operation.RequestSizeLimit == nil { operation.RequestSizeLimit = &RequestSizeLimit{} } operation.RequestSizeLimit.Fill(meta) if ShouldOmit(operation.RequestSizeLimit) { operation.RequestSizeLimit = nil } } } func (o *Operation) extractAllowanceTo(ep *apidef.ExtendedPathsSet, path string, method string, typ AllowanceType) { allowance := o.Allow endpointMetas := &ep.WhiteList switch typ { case block: allowance = o.Block endpointMetas = &ep.BlackList case ignoreAuthentication: allowance = o.IgnoreAuthentication endpointMetas = &ep.Ignored } if allowance == nil { return } endpointMeta := apidef.EndPointMeta{Path: path, Method: method} allowance.ExtractTo(&endpointMeta) *endpointMetas = append(*endpointMetas, endpointMeta) } func (o *Operation) extractTransformRequestMethodTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.TransformRequestMethod == nil { return } meta := apidef.MethodTransformMeta{Path: path, Method: method} o.TransformRequestMethod.ExtractTo(&meta) ep.MethodTransforms = append(ep.MethodTransforms, meta) } func (o *Operation) extractTransformRequestBodyTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.TransformRequestBody == nil { return } meta := apidef.TemplateMeta{Path: path, Method: method} o.TransformRequestBody.ExtractTo(&meta) ep.Transform = append(ep.Transform, meta) } func (o *Operation) extractTransformResponseBodyTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.TransformResponseBody == nil { return } meta := apidef.TemplateMeta{Path: path, Method: method} o.TransformResponseBody.ExtractTo(&meta) ep.TransformResponse = append(ep.TransformResponse, meta) } func (o *Operation) extractTransformRequestHeadersTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.TransformRequestHeaders == nil { return } meta := apidef.HeaderInjectionMeta{Path: path, Method: method} o.TransformRequestHeaders.ExtractTo(&meta) ep.TransformHeader = append(ep.TransformHeader, meta) } func (o *Operation) extractTransformResponseHeadersTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.TransformResponseHeaders == nil { return } meta := apidef.HeaderInjectionMeta{Path: path, Method: method} o.TransformResponseHeaders.ExtractTo(&meta) ep.TransformResponseHeader = append(ep.TransformResponseHeader, meta) } func (o *Operation) extractCacheTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.Cache == nil { return } newCacheMeta := apidef.CacheMeta{ Method: method, Path: path, } o.Cache.ExtractTo(&newCacheMeta) ep.AdvanceCacheConfig = append(ep.AdvanceCacheConfig, newCacheMeta) } func (o *Operation) extractEnforceTimeoutTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.EnforceTimeout == nil { return } meta := apidef.HardTimeoutMeta{Path: path, Method: method} o.EnforceTimeout.ExtractTo(&meta) ep.HardTimeouts = append(ep.HardTimeouts, meta) } func (o *Operation) extractRequestSizeLimitTo(ep *apidef.ExtendedPathsSet, path string, method string) { if o.RequestSizeLimit == nil { return } meta := apidef.RequestSizeMeta{Path: path, Method: method} o.RequestSizeLimit.ExtractTo(&meta) ep.SizeLimit = append(ep.SizeLimit, meta) } // detect possible regex pattern: // - character match ([a-z]) // - greedy match (.*) // - ungreedy match (.+) // - end of string ($). var regexPatterns = []string{ ".+", ".*", "[", "]", "$", } type pathPart struct { name string value string isRegex bool } func (p pathPart) String() string { if p.isRegex { return "{" + p.name + "}" } return p.value } // isRegex checks if value has expected regular expression patterns. func isRegex(value string) bool { for _, pattern := range regexPatterns { if strings.Contains(value, pattern) { return true } } return false } // splitPath splits URL into folder parts, detecting regex patterns. func splitPath(inPath string) ([]pathPart, bool) { trimmedPath := strings.Trim(inPath, "/") if trimmedPath == "" { return []pathPart{}, false } parts := strings.Split(trimmedPath, "/") result := make([]pathPart, len(parts)) regexCount := 0 hasRegex := false for i, segment := range parts { var part pathPart part, regexCount, hasRegex = parsePathSegment(segment, regexCount, hasRegex) result[i] = part } return result, hasRegex } // buildPath converts the URL paths with regex to named parameters // e.g. ["a", ".*"] becomes /a/{customRegex1}. func buildPath(parts []pathPart, appendSlash bool) string { newPath := "" for _, part := range parts { newPath += "/" + part.String() } if appendSlash { return newPath + "/" } return newPath } func (s *OAS) getOperationID(inPath, method string) string { operationID := strings.TrimPrefix(inPath, "/") + method paths := s.Paths.Map() createOrGetPathItem := func(item string) *openapi3.PathItem { if paths[item] == nil { paths[item] = &openapi3.PathItem{} } return paths[item] } createOrUpdateOperation := func(p *openapi3.PathItem) *openapi3.Operation { operation := p.GetOperation(method) if operation == nil { operation = &openapi3.Operation{ Responses: openapi3.NewResponses(), } p.SetOperation(method, operation) } if operation.OperationID == "" { operation.OperationID = operationID } return operation } var p *openapi3.PathItem parts, hasRegex := splitPath(inPath) if hasRegex { newPath := buildPath(parts, strings.HasSuffix(inPath, "/")) p = createOrGetPathItem(newPath) // We should check if the parameters are already set before initializing it. if p.Parameters == nil { p.Parameters = []*openapi3.ParameterRef{} } existingParams := make(map[string]bool) for _, existingParam := range p.Parameters { existingParams[existingParam.Value.Name] = true } for _, part := range parts { // Skip adding the parameter if it already exists so that we don't override it. if existingParams[part.name] { continue } if part.isRegex { schema := &openapi3.SchemaRef{ Value: &openapi3.Schema{ Type: &openapi3.Types{openapi3.TypeString}, Pattern: part.value, }, } param := &openapi3.ParameterRef{ Value: &openapi3.Parameter{ Name: part.name, In: "path", Required: true, Schema: schema, }, } p.Parameters = append(p.Parameters, param) } } } else { p = createOrGetPathItem(inPath) } operation := createOrUpdateOperation(p) return operation.OperationID } func (x *XTykAPIGateway) getOperation(operationID string) *Operation { if x.Middleware == nil { x.Middleware = &Middleware{} } middleware := x.Middleware if middleware.Operations == nil { middleware.Operations = make(Operations) } operations := middleware.Operations if operations[operationID] == nil { operations[operationID] = &Operation{} } return operations[operationID] } // ValidateRequest holds configuration required for validating requests. type ValidateRequest struct { // Enabled is a boolean flag, if set to `true`, it enables request validation. Enabled bool `bson:"enabled" json:"enabled"` // ErrorResponseCode is the error code emitted when the request fails validation. // If unset or zero, the response will returned with http status 422 Unprocessable Entity. ErrorResponseCode int `bson:"errorResponseCode,omitempty" json:"errorResponseCode,omitempty"` } // Fill fills *ValidateRequest receiver from apidef.ValidateRequestMeta. func (v *ValidateRequest) Fill(meta apidef.ValidatePathMeta) { v.Enabled = !meta.Disabled v.ErrorResponseCode = meta.ErrorResponseCode } func (*ValidateRequest) shouldImport(operation *openapi3.Operation) bool { if len(operation.Parameters) > 0 { return true } reqBody := operation.RequestBody if reqBody == nil { return false } reqBodyVal := reqBody.Value if reqBodyVal == nil { return false } media := reqBodyVal.Content.Get("application/json") return media != nil } // Import populates *ValidateRequest with enabled argument and a default error response code. func (v *ValidateRequest) Import(enabled bool) { v.Enabled = enabled v.ErrorResponseCode = http.StatusUnprocessableEntity } func convertSchema(mapSchema map[string]interface{}) (*openapi3.Schema, error) { bytes, err := json.Marshal(mapSchema) if err != nil { return nil, err } schema := openapi3.NewSchema() err = schema.UnmarshalJSON(bytes) if err != nil { return nil, err } return schema, nil } func (s *OAS) fillOASValidateRequest(metas []apidef.ValidatePathMeta) { for _, meta := range metas { operationID := s.getOperationID(meta.Path, meta.Method) operation := s.Paths.Find(meta.Path).GetOperation(meta.Method) requestBodyRef := operation.RequestBody if operation.RequestBody == nil { requestBodyRef = &openapi3.RequestBodyRef{} operation.RequestBody = requestBodyRef } if requestBodyRef.Value == nil { requestBodyRef.Value = openapi3.NewRequestBody() } schema, err := convertSchema(meta.Schema) if err != nil { log.WithError(err).Error("Couldn't convert classic API validate JSON schema to OAS") } else { requestBodyRef.Value.WithJSONSchema(schema) } tykOp := s.GetTykExtension().getOperation(operationID) if tykOp.ValidateRequest == nil { tykOp.ValidateRequest = &ValidateRequest{} } tykOp.ValidateRequest.Fill(meta) if ShouldOmit(tykOp.ValidateRequest) { tykOp.ValidateRequest = nil } } } // MockResponse configures the mock responses. type MockResponse struct { // Enabled activates the mock response middleware. Enabled bool `bson:"enabled" json:"enabled"` // Code is the HTTP response code that will be returned. Code int `bson:"code,omitempty" json:"code,omitempty"` // Body is the HTTP response body that will be returned. Body string `bson:"body,omitempty" json:"body,omitempty"` // Headers are the HTTP response headers that will be returned. Headers Headers `bson:"headers,omitempty" json:"headers,omitempty"` // FromOASExamples is the configuration to extract a mock response from OAS documentation. FromOASExamples *FromOASExamples `bson:"fromOASExamples,omitempty" json:"fromOASExamples,omitempty"` } // Fill populates the MockResponse fields from a classic API MockResponseMeta. func (m *MockResponse) Fill(op apidef.MockResponseMeta) { headers := make([]Header, 0) for k, v := range op.Headers { headers = append(headers, Header{ Name: http.CanonicalHeaderKey(k), Value: v, }) } // Sort headers by name so that the order is deterministic sort.Slice(headers, func(i, j int) bool { return headers[i].Name < headers[j].Name }) m.Enabled = !op.Disabled m.Code = op.Code m.Body = op.Body m.Headers = headers } func (m *MockResponse) ExtractTo(meta *apidef.MockResponseMeta) { meta.Disabled = !m.Enabled meta.Code = m.Code meta.Body = m.Body // Initialize headers map even when empty meta.Headers = make(map[string]string) for _, h := range m.Headers { meta.Headers[h.Name] = h.Value } if len(meta.Headers) == 0 { meta.Headers = nil } } // FromOASExamples configures mock responses that should be returned from OAS example responses. type FromOASExamples struct { // Enabled activates getting a mock response from OAS examples or schemas documented in OAS. Enabled bool `bson:"enabled" json:"enabled"` // Code is the default HTTP response code that the gateway reads from the path responses documented in OAS. Code int `bson:"code,omitempty" json:"code,omitempty"` // ContentType is the default HTTP response body type that the gateway reads from the path responses documented in OAS. ContentType string `bson:"contentType,omitempty" json:"contentType,omitempty"` // ExampleName is the default example name among multiple path response examples documented in OAS. ExampleName string `bson:"exampleName,omitempty" json:"exampleName,omitempty"` } Type Handling Logic The logic for determining schema types in ExampleExtractor and emptyExampleVal has been updated to use the new Types API from kin-openapi. The reviewer should ensure that all type checks (object, array, string, integer, number, boolean) are correctly migrated and that no regressions are introduced in example extraction or default value generation. } switch { case val.Type.Is(openapi3.TypeObject): obj := make(map[string]interface{}) for name, prop := range schema.Value.Properties { obj[name] = ExampleExtractor(prop) } return obj case val.Type.Is(openapi3.TypeArray): items := ExampleExtractor(val.Items) return []interface{}{items} default: if len(val.Enum) > 0 { return val.Enum[0] } return emptyExampleVal(val) } } func emptyExampleVal(schema *openapi3.Schema) interface{} { switch { case schema.Type.Is(openapi3.TypeString): return "string" case schema.Type.Is(openapi3.TypeInteger), schema.Type.Is(openapi3.TypeNumber): return 0 case schema.Type.Is(openapi3.TypeBoolean): return true default: Test Coverage for Path/Response Migration Numerous test cases have been updated to use the new Paths and Responses APIs. The reviewer should ensure that the test logic remains valid and that all assertions accurately reflect the intended behavior, especially where map access and mutation semantics have changed. const existingOperationId = "userPOST" var oas OAS paths := openapi3.NewPaths() paths.Set("/user", &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: operationId, }, }) oas.Paths = paths var operation Operation Fill(t, &operation, 0) operation.TrackEndpoint = nil // This one also fills native part, let's skip it for this test. operation.DoNotTrackEndpoint = nil // This one also fills native part, let's skip it for this test. operation.ValidateRequest = nil // This one also fills native part, let's skip it for this test. operation.MockResponse = nil // This one also fills native part, let's skip it for this test. operation.URLRewrite = nil // This one also fills native part, let's skip it for this test. operation.Internal = nil // This one also fills native part, let's skip it for this test. operation.TransformRequestBody.Path = "" // if `path` and `body` are present, `body` would take precedence, detailed tests can be found in middleware_test.go operation.TransformResponseBody.Path = "" // if `path` and `body` are present, `body` would take precedence, detailed tests can be found in middleware_test.go operation.VirtualEndpoint.Path = "" // if `path` and `body` are present, `body` would take precedence, detailed tests can be found in middleware_test.go operation.VirtualEndpoint.Name = "" // Name is deprecated. operation.PostPlugins = operation.PostPlugins[:1] // only 1 post plugin is considered at this point, ignore others. operation.PostPlugins[0].Name = "" // Name is deprecated. operation.RateLimit.Per = ReadableDuration(time.Minute) xTykAPIGateway := &XTykAPIGateway{ Middleware: &Middleware{ Operations: Operations{ operationId: &operation, }, }, } oas.SetTykExtension(xTykAPIGateway) var ep apidef.ExtendedPathsSet oas.extractPathsAndOperations(&ep) convertedOAS := minimumValidOAS() convertedPaths := openapi3.NewPaths() convertedPaths.Set("/user", &openapi3.PathItem{ Post: &openapi3.Operation{ OperationID: existingOperationId, Responses: openapi3.NewResponses(), }, }) convertedOAS.Paths = paths convertedOAS.SetTykExtension(&XTykAPIGateway{Middleware: &Middleware{Operations: Operations{}}}) convertedOAS.fillPathsAndOperations(ep) assert.Equal(t, oas.getTykOperations(), convertedOAS.getTykOperations()) expCombinedPaths := openapi3.NewPaths() expCombinedPaths.Set("/user", &openapi3.PathItem{ Post: &openapi3.Operation{ OperationID: existingOperationId, Responses: openapi3.NewResponses(), }, Get: &openapi3.Operation{ OperationID: operationId, Responses: openapi3.NewResponses(), }, }) assert.Equal(t, expCombinedPaths, convertedOAS.Paths) t.Run("oas validation", func(t *testing.T) { err := convertedOAS.Validate(context.Background()) assert.NoError(t, err) }) } func TestOAS_MockResponse_extractPathsAndOperations(t *testing.T) { t.Parallel() type testCase struct { name string spec OAS want func(t *testing.T, ep *apidef.ExtendedPathsSet) } tests := []testCase{ { name: "basic mock response", spec: OAS{ T: openapi3.T{ OpenAPI: DefaultOpenAPI, Paths: func() *openapi3.Paths { paths := openapi3.NewPaths() paths.Set("/test", &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: "testGET", }, }) return paths }(), Extensions: map[string]interface{}{ "x-tyk-api-gateway": &XTykAPIGateway{ Middleware: &Middleware{ Operations: Operations{ "testGET": &Operation{ MockResponse: &MockResponse{ Enabled: true, Code: 200, Body: `{"message": "success"}`, Headers: []Header{ {Name: "Content-Type", Value: "application/json"}, }, }, }, }, }, }, }, }, }, want: func(t *testing.T, ep *apidef.ExtendedPathsSet) { t.Helper() // Verify mock responses mockResponses := ep.MockResponse require.Len(t, mockResponses, 0) }, }, { name: "multiple methods on same path", spec: OAS{ T: openapi3.T{ OpenAPI: DefaultOpenAPI, Paths: func() *openapi3.Paths { paths := openapi3.NewPaths() paths.Set("/test", &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: "testGET", }, Post: &openapi3.Operation{ OperationID: "testPOST", }, }) return paths }(), Extensions: map[string]interface{}{ "x-tyk-api-gateway": &XTykAPIGateway{ Middleware: &Middleware{ Operations: Operations{ "testGET": &Operation{ MockResponse: &MockResponse{ Enabled: true, Code: 200, Body: `{"status": "ok"}`, Headers: []Header{ {Name: "Content-Type", Value: "application/json"}, }, }, }, "testPOST": &Operation{ MockResponse: &MockResponse{ Enabled: true, Code: 201, Body: `{"id": "123"}`, Headers: []Header{ {Name: "Content-Type", Value: "application/json"}, {Name: "Location", Value: "/test/123"}, }, }, }, }, }, }, }, }, }, want: func(t *testing.T, ep *apidef.ExtendedPathsSet) { t.Helper() // Verify mock responses mockResponses := ep.MockResponse require.Len(t, mockResponses, 0) }, }, { name: "disabled mock response", spec: OAS{ T: openapi3.T{ OpenAPI: DefaultOpenAPI, Paths: func() *openapi3.Paths { paths := openapi3.NewPaths() paths.Set("/test", &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: "testGET", }, }) return paths }(), Extensions: map[string]interface{}{ "x-tyk-api-gateway": &XTykAPIGateway{ Middleware: &Middleware{ Operations: Operations{ "testGET": &Operation{ MockResponse: &MockResponse{ Enabled: false, Code: 404, Body: `{"error": "not found"}`, }, }, }, }, }, }, }, }, want: func(t *testing.T, ep *apidef.ExtendedPathsSet) { t.Helper() // Verify mock responses mockResponses := ep.MockResponse require.Len(t, mockResponses, 0) }, }, { name: "no mock responses", spec: OAS{ T: openapi3.T{ OpenAPI: DefaultOpenAPI, Paths: func() *openapi3.Paths { paths := openapi3.NewPaths() paths.Set("/test", &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: "testGET", }, }) return paths }(), Extensions: map[string]interface{}{ "x-tyk-api-gateway": &XTykAPIGateway{ Middleware: &Middleware{ Operations: Operations{ "testGET": &Operation{}, }, }, }, }, }, }, want: func(t *testing.T, ep *apidef.ExtendedPathsSet) { t.Helper() assert.Empty(t, ep.MockResponse) }, }, { name: "multiple paths with mock responses", spec: OAS{ T: openapi3.T{ OpenAPI: DefaultOpenAPI, Paths: func() *openapi3.Paths { paths := openapi3.NewPaths() paths.Set("/users", &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: "usersGET", }, }) paths.Set("/items", &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: "itemsGET", }, }) return paths }(), Extensions: map[string]interface{}{ "x-tyk-api-gateway": &XTykAPIGateway{ Middleware: &Middleware{ Operations: Operations{ "usersGET": &Operation{ MockResponse: &MockResponse{ Enabled: true, Code: 200, Body: `["user1", "user2"]`, Headers: []Header{{Name: "Content-Type", Value: "application/json"}}, }, }, "itemsGET": &Operation{ MockResponse: &MockResponse{ Enabled: true, Code: 200, Body: `["item1", "item2"]`, Headers: []Header{{Name: "Content-Type", Value: "application/json"}}, }, }, }, }, }, }, }, }, want: func(t *testing.T, ep *apidef.ExtendedPathsSet) { t.Helper() // Verify mock responses mockResponses := ep.MockResponse require.Len(t, mockResponses, 0) }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { var ep apidef.ExtendedPathsSet tt.spec.extractPathsAndOperations(&ep) // We should ensure no AllowList is created require.Len(t, ep.WhiteList, 0) tt.want(t, &ep) }) } } func TestOAS_PathsAndOperationsRegex(t *testing.T) { t.Parallel() expectedOperationID := "users/[a-z]+/[0-9]+$GET" expectedPath := "/users/{customRegex1}/{customRegex2}" var oas OAS oas.Paths = openapi3.NewPaths() _ = oas.getOperationID("/users/[a-z]+/[0-9]+$", "GET") expectedPathItems := openapi3.NewPaths() expectedPathItems.Set(expectedPath, &openapi3.PathItem{ Get: &openapi3.Operation{ OperationID: expectedOperationID, Responses: openapi3.NewResponses(), }, Parameters: []*openapi3.ParameterRef{ { Value: &openapi3.Parameter{ Schema: &openapi3.SchemaRef{ Value: &openapi3.Schema{ Type: &openapi3.Types{openapi3.TypeString}, Pattern: "[a-z]+", }, }, Name: "customRegex1", In: "path", Required: true, }, }, { Value: &openapi3.Parameter{ Schema: &openapi3.SchemaRef{ Value: &openapi3.Schema{ Type: &openapi3.Types{openapi3.TypeString}, Pattern: "[0-9]+$", }, }, Name: "customRegex2", In: "path", Required: true, }, }, }, }) assert.Equal(t, expectedPathItems, oas.Paths, "expected path item differs") } func TestOAS_RegexOperationIDs(t *testing.T) { t.Parallel() type test struct { input string method string want string } tests := []test{ {"/.+", "GET", ".+GET"}, {"/.*", "GET", ".*GET"}, {"/[^a]*", "GET", "[^a]*GET"}, {"/foo$", "GET", "foo$GET"}, {"/group/.+", "GET", "group/.+GET"}, {"/group/.*", "GET", "group/.*GET"}, {"/group/[^a]*", "GET", "group/[^a]*GET"}, {"/group/foo$", "GET", "group/foo$GET"}, {"/group/[^a]*/.*", "GET", "group/[^a]*/.*GET"}, } for i, tc := range tests { var oas OAS oas.Paths = openapi3.NewPaths() oas.Paths.Set(tc.input, &openapi3.PathItem{ Get: &openapi3.Operation{}, }) got := oas.getOperationID(tc.input, tc.method) assert.Equalf(t, tc.want, got, "test %d: expected operationID %v, got %v", i, tc.want, got) } } func TestOAS_RegexPaths(t *testing.T) { t.Parallel() type test struct { input string want string params int } tests := []test{ {"/v1.Service", "/v1.Service", 0}, {"/v1.Service/stats.Service", "/v1.Service/stats.Service", 0}, {"/.+", "/{customRegex1}", 1}, {"/.*", "/{customRegex1}", 1}, {"/[^a]*", "/{customRegex1}", 1}, {"/foo$", "/{customRegex1}", 1}, {"/group/.+", "/group/{customRegex1}", 1}, {"/group/.*", "/group/{customRegex1}", 1}, {"/group/[^a]*", "/group/{customRegex1}", 1}, {"/group/foo$", "/group/{customRegex1}", 1}, {"/group/[^a]*/.*", "/group/{customRegex1}/{customRegex2}", 2}, } for i, tc := range tests { var oas OAS oas.Paths = openapi3.NewPaths() oas.Paths.Set(tc.input, &openapi3.PathItem{ Get: &openapi3.Operation{}, }) got := oas.getOperationID(tc.input, "GET") pathKeys := make([]string, 0, len(oas.Paths.Map())) for k := range oas.Paths.Map() { pathKeys = append(pathKeys, k) } assert.Lenf(t, oas.Paths, 1, "Expected one path key being created, got %#v", pathKeys) _, ok := oas.Paths.Map()[tc.want] assert.True(t, ok) p, ok := oas.Paths.Map()[tc.want] assert.Truef(t, ok, "test %d: path doesn't exist in OAS: %v", i, tc.want) assert.Lenf(t, p.Parameters, tc.params, "test %d: expected %d parameters, got %d", i, tc.params, len(p.Parameters)) // rebuild original link got = tc.want for _, param := range p.Parameters { assert.NotNilf(t, param.Value, "test %d: missing value", i) assert.NotNilf(t, param.Value.Schema, "test %d: missing schema", i) assert.NotNilf(t, param.Value.Schema.Value, "test %d: missing schema value", i) assert.Truef(t, strings.HasPrefix(param.Value.Name, "customRegex"), "test %d: invalid name %v", i, param.Value.Name) got = strings.ReplaceAll(got, "{"+param.Value.Name+"}", param.Value.Schema.Value.Pattern) } assert.Equalf(t, tc.input, got, "test %d: rebuilt link, expected %v, got %v", i, tc.input, got) } } // Map HTTP methods to their corresponding PathItem field setters var methodSetters = map[string]func(*openapi3.PathItem, *openapi3.Operation){ "GET": func(p *openapi3.PathItem, op *openapi3.Operation) { p.Get = op }, "POST": func(p *openapi3.PathItem, op *openapi3.Operation) { p.Post = op }, "PUT": func(p *openapi3.PathItem, op *openapi3.Operation) { p.Put = op }, "PATCH": func(p *openapi3.PathItem, op *openapi3.Operation) { p.Patch = op }, "DELETE": func(p *openapi3.PathItem, op *openapi3.Operation) { p.Delete = op }, "HEAD": func(p *openapi3.PathItem, op *openapi3.Operation) { p.Head = op }, "OPTIONS": func(p *openapi3.PathItem, op *openapi3.Operation) { p.Options = op }, } func TestOAS_MockResponse_fillMockResponsePaths(t *testing.T) { t.Parallel() type testCase struct { name string ep apidef.ExtendedPathsSet spec *OAS want func(t *testing.T, spec *OAS) } tests := []testCase{ { name: "basic mock response", spec: &OAS{ T: openapi3.T{ OpenAPI: DefaultOpenAPI, Paths: func() *openapi3.Paths { paths := openapi3.NewPaths() paths.Set("/test", &openapi3.PathItem{ Get: &openapi3.Operation{ Summary: "Existing summary", OperationID: "testGET", }, }) return paths }(), }, }, ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{{ Path: "/test", Method: "GET", Code: 200, Body: `{"message": "success"}`, Headers: map[string]string{ "Content-Type": "application/json", }, }}, }, want: func(t *testing.T, spec *OAS) { t.Helper() require.Len(t, spec.Paths, 1) pathItem := spec.Paths.Map()["/test"] require.NotNil(t, pathItem) tykOperation := spec.GetTykExtension().getOperation(pathItem.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) // Verify operation require.NotNil(t, pathItem.Get) require.Equal(t, "testGET", pathItem.Get.OperationID) require.Equal(t, "Existing summary", pathItem.Get.Summary) require.Nil(t, pathItem.Post) require.Nil(t, pathItem.Put) require.Nil(t, pathItem.Patch) require.Nil(t, pathItem.Delete) // Verify response response200Ref := pathItem.Get.Responses.Map()["200"] require.NotNil(t, response200Ref, "Response ref for 200 should not be nil") response200 := response200Ref.Value require.NotNil(t, response200, "Response value for 200 should not be nil") require.NotNil(t, response200.Description) // Verify headers require.Nil(t, response200.Headers) }, }, { name: "multiple methods on same path", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{ { Path: "/test", Method: "GET", Code: 200, Body: `{"status": "ok"}`, Headers: map[string]string{ "Content-Type": "application/json", }, }, { Path: "/test", Method: "POST", Code: 201, Body: `{"id": "123"}`, Headers: map[string]string{ "Content-Type": "application/json", "Location": "/test/123", }, }, }, }, want: func(t *testing.T, spec *OAS) { t.Helper() assert.Len(t, spec.Paths, 1) pathItem := spec.Paths.Map()["/test"] require.NotNil(t, pathItem) // Verify GET operation require.NotNil(t, pathItem.Get) require.Equal(t, "testGET", pathItem.Get.OperationID) tykOperation := spec.GetTykExtension().getOperation(pathItem.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) response200Ref := pathItem.Get.Responses.Map()["200"] require.NotNil(t, response200Ref, "Response ref for 200 should not be nil") response200 := response200Ref.Value require.NotNil(t, response200, "Response value should not be nil") require.NotNil(t, response200.Description) // Verify POST operation require.NotNil(t, pathItem.Post) require.Equal(t, "testPOST", pathItem.Post.OperationID) tykOperation = spec.GetTykExtension().getOperation(pathItem.Post.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) postResponse := pathItem.Post.Responses.Map()["201"].Value require.NotNil(t, postResponse) require.NotNil(t, postResponse.Description) }, }, { name: "no content type header defaults to text/plain", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{{ Path: "/test", Method: "GET", Code: 204, Body: "", }}, }, want: func(t *testing.T, spec *OAS) { t.Helper() pathItem := spec.Paths.Map()["/test"] require.NotNil(t, pathItem) require.Equal(t, "testGET", pathItem.Get.OperationID) tykOperation := spec.GetTykExtension().getOperation(pathItem.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) response204Ref := pathItem.Get.Responses.Map()["204"] require.NotNil(t, response204Ref, "Response ref for 204 should not be nil") response204 := response204Ref.Value require.NotNil(t, response204, "Response value for 204 should not be nil") require.Nil(t, response204.Content["text/plain"]) require.Empty(t, response204.Headers) }, }, { name: "multiple paths", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{ { Path: "/users", Method: "GET", Code: 200, Body: `["user1", "user2"]`, Headers: map[string]string{ "Content-Type": "application/json", }, }, { Path: "/items", Method: "GET", Code: 200, Body: `["item1", "item2"]`, Headers: map[string]string{ "Content-Type": "application/json", }, }, }, }, want: func(t *testing.T, spec *OAS) { t.Helper() assert.Len(t, spec.Paths, 2) // Verify /users path usersPath := spec.Paths.Map()["/users"] require.NotNil(t, usersPath) require.NotNil(t, usersPath.Get) require.Equal(t, "usersGET", usersPath.Get.OperationID) tykOperation := spec.GetTykExtension().getOperation(usersPath.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) usersResponse := usersPath.Get.Responses.Map()["200"].Value require.NotNil(t, usersResponse) require.NotNil(t, usersResponse.Description) // Verify /items path itemsPath := spec.Paths.Map()["/items"] require.NotNil(t, itemsPath) require.NotNil(t, itemsPath.Get) require.Equal(t, "itemsGET", itemsPath.Get.OperationID) tykOperation = spec.GetTykExtension().getOperation(itemsPath.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) itemsResponse := itemsPath.Get.Responses.Map()["200"].Value require.NotNil(t, itemsResponse) require.NotNil(t, itemsResponse.Description) }, }, { name: "empty mock response list", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{}, }, want: func(t *testing.T, spec *OAS) { t.Helper() assert.Empty(t, spec.Paths) }, }, { name: "multiple response codes for same path", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{ { Path: "/test", Method: "GET", Code: 200, Body: `{"status": "success"}`, Headers: map[string]string{ "Content-Type": "application/json", }, }, }, }, want: func(t *testing.T, spec *OAS) { t.Helper() pathItem := spec.Paths.Map()["/test"] require.NotNil(t, pathItem) require.NotNil(t, pathItem.Get) require.Equal(t, "testGET", pathItem.Get.OperationID) // Verify responses exist require.NotNil(t, pathItem.Get.Responses) // Verify 200 response response200 := pathItem.Get.Responses.Map()["200"] require.NotNil(t, response200, "Response for 200 should not be nil") require.NotNil(t, response200.Value) require.NotNil(t, response200.Value.Description) tykOperation := spec.GetTykExtension().getOperation(pathItem.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) }, }, { name: "different content types", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{ { Path: "/test", Method: "GET", Code: 200, Body: `{"data": "json"}`, Headers: map[string]string{ "Content-Type": "application/json", }, }, { Path: "/test.xml", Method: "GET", Code: 200, Body: `<data>xml</data>`, Headers: map[string]string{ "Content-Type": "application/xml", }, }, { Path: "/test.txt", Method: "GET", Code: 200, Body: `plain text`, Headers: map[string]string{ "Content-Type": "text/plain", }, }, }, }, want: func(t *testing.T, spec *OAS) { t.Helper() // JSON endpoint jsonPath := spec.Paths.Map()["/test"] require.NotNil(t, jsonPath) jsonResponse := jsonPath.Get.Responses.Map()["200"].Value require.NotNil(t, jsonResponse) require.NotNil(t, jsonResponse.Description) tykOperation := spec.GetTykExtension().getOperation(jsonPath.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) // XML endpoint xmlPath := spec.Paths.Map()["/test.xml"] require.NotNil(t, xmlPath) xmlResponse := xmlPath.Get.Responses.Map()["200"].Value require.NotNil(t, xmlResponse) require.NotNil(t, xmlResponse.Description) tykOperation = spec.GetTykExtension().getOperation(xmlPath.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) // Text endpoint txtPath := spec.Paths.Map()["/test.txt"] require.NotNil(t, txtPath) txtResponse := txtPath.Get.Responses.Map()["200"].Value require.NotNil(t, txtResponse) require.NotNil(t, txtResponse.Description) tykOperation = spec.GetTykExtension().getOperation(txtPath.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) }, }, { name: "custom headers", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{{ Path: "/test", Method: "GET", Code: 200, Body: `{"data": "test"}`, Headers: map[string]string{ "Content-Type": "application/json", "X-Custom-Header": "custom-value", "X-Request-ID": "123", "X-Correlation-ID": "abc", "Cache-Control": "no-cache", "X-RateLimit-Limit": "100", }, }}, }, want: func(t *testing.T, spec *OAS) { t.Helper() pathItem := spec.Paths.Map()["/test"] require.NotNil(t, pathItem) response := pathItem.Get.Responses.Map()["200"].Value require.NotNil(t, response) require.NotNil(t, response.Description) tykOperation := spec.GetTykExtension().getOperation(pathItem.Get.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) }, }, { name: "all HTTP methods", ep: apidef.ExtendedPathsSet{ MockResponse: []apidef.MockResponseMeta{ {Path: "/test", Method: "GET", Code: 200, Body: `{"method":"get"}`}, {Path: "/test", Method: "POST", Code: 201, Body: `{"method":"post"}`}, {Path: "/test", Method: "PUT", Code: 200, Body: `{"method":"put"}`}, {Path: "/test", Method: "PATCH", Code: 200, Body: `{"method":"patch"}`}, {Path: "/test", Method: "DELETE", Code: 204, Body: ``}, {Path: "/test", Method: "HEAD", Code: 200, Body: ``}, {Path: "/test", Method: "OPTIONS", Code: 200, Body: ``}, }, }, want: func(t *testing.T, spec *OAS) { t.Helper() pathItem := spec.Paths.Map()["/test"] require.NotNil(t, pathItem) verifyOASOperation(t, spec, pathItem.Get, "GET", 200) verifyOASOperation(t, spec, pathItem.Post, "POST", 201) verifyOASOperation(t, spec, pathItem.Put, "PUT", 200) verifyOASOperation(t, spec, pathItem.Patch, "PATCH", 200) verifyOASOperation(t, spec, pathItem.Delete, "DELETE", 204) }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { spec := &OAS{ T: openapi3.T{ OpenAPI: DefaultOpenAPI, Info: &openapi3.Info{ Title: "Test API", Version: "1.0.0", }, Paths: openapi3.NewPaths(), }, } if tt.spec != nil && tt.spec.Paths != nil { spec.Paths = tt.spec.Paths } // Initialize the middleware extension with proper mock response setup middleware := &Middleware{ Operations: make(Operations), } // Pre-initialize operations with mock responses for _, mockResp := range tt.ep.MockResponse { operationID := spec.getOperationID(mockResp.Path, mockResp.Method) operation := &Operation{ MockResponse: &MockResponse{ Code: mockResp.Code, Body: mockResp.Body, Headers: make([]Header, 0), }, } // Convert headers to the expected format for name, value := range mockResp.Headers { operation.MockResponse.Headers = append(operation.MockResponse.Headers, Header{ Name: name, Value: value, }) } middleware.Operations[operationID] = operation } spec.SetTykExtension(&XTykAPIGateway{ Middleware: middleware, }) // Initialize paths for _, mockResp := range tt.ep.MockResponse { operationID := spec.getOperationID(mockResp.Path, mockResp.Method) // Initialize operation with responses op := &openapi3.Operation{ OperationID: operationID, Responses: openapi3.NewResponses(), } // Preserve existing operation properties if they exist if pathItem := spec.Paths.Find(mockResp.Path); pathItem != nil { if existingOp := pathItem.GetOperation(mockResp.Method); existingOp != nil { op.Summary = existingOp.Summary op.Description = existingOp.Description // Copy other relevant fields as needed } } if tt.spec != nil { if spec.Paths == nil { spec.Paths = openapi3.NewPaths() } for k, v := range tt.spec.Paths.Map() { spec.Paths.Map()[k] = v } } // Set the operation based on method if setter, ok := methodSetters[mockResp.Method]; ok { path := mockResp.Path // Use the mock response path directly if spec.Paths.Map()[path] == nil { spec.Paths.Map()[path] = &openapi3.PathItem{} } setter(spec.Paths.Map()[path], op) var desc string // Add response for the specific status code statusCode := strconv.Itoa(mockResp.Code) op.Responses.Set(statusCode, &openapi3.ResponseRef{ Value: &openapi3.Response{ Description: &desc, }, }) } } spec.fillMockResponsePaths(*spec.Paths, tt.ep) tt.want(t, spec) }) } } // Helper function to verify OpenAPI operation responses func verifyOASOperation(t *testing.T, spec *OAS, op *openapi3.Operation, method string, code int) { t.Helper() require.NotNil(t, op, "Operation %s should exist", method) require.NotNil(t, op.Responses, "Responses should not be nil") statusCode := strconv.Itoa(code) require.NotNil(t, op.Responses.Map()[statusCode], "Responses should not be nil for status code %s and method %s", statusCode, method) response := op.Responses.Map()[statusCode].Value require.NotNil(t, response) require.NotNil(t, response.Description) tykOperation := spec.GetTykExtension().getOperation(op.OperationID) require.NotNil(t, tykOperation) require.Nil(t, tykOperation.Allow) } func TestOAS_fillAllowance(t *testing.T) { t.Run("should fill allow list correctly", func(t *testing.T) { s := &OAS{ T: openapi3.T{ Paths: openapi3.NewPaths(), }, } s.SetTykExtension(&XTykAPIGateway{ Middleware: &Middleware{ Operations: make(Operations), }, }) endpointMetas := []apidef.EndPointMeta{ { Path: "/test", Method: http.MethodGet, MethodActions: map[string]apidef.EndpointMethodMeta{ http.MethodGet: { Action: apidef.NoAction, }, }, }, } s.fillAllowance(endpointMetas, allow) operationID := s.getOperationID("/test", http.MethodGet) operation := s.GetTykExtension().getOperation(operationID) assert.NotNil(t, operation.Allow) assert.True(t, operation.Allow.Enabled) assert.Nil(t, operation.Block) assert.Nil(t, operation.IgnoreAuthentication) }) t.Run("should fill block list correctly", func(t *testing.T) { s := &OAS{ T: openapi3.T{ Paths: openapi3.NewPaths(), }, } s.SetTykExtension(&XTykAPIGateway{ Middleware: &Middleware{ Operations: make(Operations), }, }) endpointMetas := []apidef.EndPointMeta{ { Path: "/test", Method: http.MethodGet, }, } s.fillAllowance(endpointMetas, block) operationID := s.getOperationID("/test", http.MethodGet) operation := s.GetTykExtension().getOperation(operationID) assert.NotNil(t, operation.Block) assert.True(t, operation.Block.Enabled) assert.Nil(t, operation.Allow) assert.Nil(t, operation.IgnoreAuthentication) }) t.Run("should fill ignore authentication correctly", func(t *testing.T) { s := &OAS{ T: openapi3.T{ Paths: openapi3.NewPaths(), }, } s.SetTykExtension(&XTykAPIGateway{ Middleware: &Middleware{ Operations: make(Operations), }, }) endpointMetas := []apidef.EndPointMeta{ { Path: "/test", Method: http.MethodGet, }, } s.fillAllowance(endpointMetas, ignoreAuthentication) operationID := s.getOperationID("/test", http.MethodGet) operation := s.GetTykExtension().getOperation(operationID) assert.NotNil(t, operation.IgnoreAuthentication) assert.True(t, operation.IgnoreAuthentication.Enabled) assert.Nil(t, operation.Allow) assert.Nil(t, operation.Block) }) t.Run("should skip Reply actions for allow list", func(t *testing.T) { spec := &OAS{ T: openapi3.T{ Paths: openapi3.NewPaths(), }, } spec.SetTykExtension(&XTykAPIGateway{ Middleware: &Middleware{ Operations: make(Operations), }, }) endpointMetas := []apidef.EndPointMeta{ { Path: "/test", Method: http.MethodGet, MethodActions: map[string]apidef.EndpointMethodMeta{ http.MethodGet: { Action: apidef.Reply, }, }, }, } spec.fillAllowance(endpointMetas, allow) operationID := spec.getOperationID("/test", http.MethodGet) operation := spec.GetTykExtension().getOperation(operationID) assert.Nil(t, operation.Allow, "Allow should be nil for Reply actions") }) t.Run("should handle empty endpoint metas", func(t *testing.T) { s := &OAS{ T: openapi3.T{ Paths: openapi3.NewPaths(), }, } s.SetTykExtension(&XTykAPIGateway{ Middleware: &Middleware{ Operations: make(Operations), }, }) var endpointMetas []apidef.EndPointMeta s.fillAllowance(endpointMetas, allow) assert.Empty(t, s.Paths) }) t.Run("should set allowance disabled when ShouldOmit returns true", func(t *testing.T) { s := &OAS{ T: openapi3.T{ Paths: openapi3.NewPaths(), }, } s.SetTykExtension(&XTykAPIGateway{ Middleware: &Middleware{ Operations: make(Operations), }, }) endpointMetas := []apidef.EndPointMeta{ { Path: "/test", Method: http.MethodGet, Disabled: true, }, } s.fillAllowance(endpointMetas, allow) operationID := s.getOperationID("/test", http.MethodGet) operation := s.GetTykExtension().getOperation(operationID) assert.NotNil(t, operation.Allow) assert.False(t, operation.Allow.Enabled) }) } func TestSplitPath(t *testing.T) { tests := map[string]struct { input string wantParts []pathPart wantRegex bool }{ "simple path": { input: "/test/path", wantParts: []pathPart{ {name: "test", value: "test", isRegex: false}, {name: "path", value: "path", isRegex: false}, }, wantRegex: false, }, "path with regex": { input: "/test/.*/end", wantParts: []pathPart{ {name: "test", value: "test", isRegex: false}, {name: "customRegex1", value: ".*", isRegex: true}, {name: "end", value: "end", isRegex: false}, }, wantRegex: true, }, "path with curly braces": { input: "/users/{id}/profile", wantParts: []pathPart{ {name: "users", value: "users", isRegex: false}, {name: "id", isRegex: true}, {name: "profile", value: "profile", isRegex: false}, }, wantRegex: true, }, "path with named regex": { input: "/users/{userId:[0-9]+}/posts", wantParts: []pathPart{ {name: "users", value: "users", isRegex: false}, {name: "userId", isRegex: true}, {name: "posts", value: "posts", isRegex: false}, }, wantRegex: true, }, "path with named direct regex": { input: "/users/[0-9]+/posts", wantParts: []pathPart{ {name: "users", value: "users", isRegex: false}, {name: "customRegex1", value: "[0-9]+", isRegex: true}, {name: "posts", value: "posts", isRegex: false}, }, wantRegex: true, }, "empty path": { input: "", wantParts: []pathPart{}, wantRegex: false, }, "root path": { input: "/", wantParts: []pathPart{}, wantRegex: false, }, "path with multiple regexes": { input: "/users/{userId:[0-9]+}/posts/{postId:[a-z]+}/[a-z]+/{[0-9]{2}}/[a-z]{10}/abc/{id}/def/[0-9]+", wantParts: []pathPart{ {name: "users", value: "users", isRegex: false}, {name: "userId", isRegex: true}, {name: "posts", value: "posts", isRegex: false}, {name: "postId", isRegex: true}, {name: "customRegex1", value: "[a-z]+", isRegex: true}, {name: "customRegex2", isRegex: true}, {name: "customRegex3", value: "[a-z]{10}", isRegex: true}, {name: "abc", value: "abc", isRegex: false}, {name: "id", isRegex: true}, {name: "def", value: "def", isRegex: false}, {name: "customRegex4", value: "[0-9]+", isRegex: true}, }, wantRegex: true, }, } for name, tc := range tests { t.Run(name, func(t *testing.T) { gotParts, gotRegex := splitPath(tc.input) assert.Equal(t, tc.wantRegex, gotRegex, "regex detection mismatch") assert.Equal(t, tc.wantParts, gotParts, "parts mismatch") }) } } func TestGetOperationID(t *testing.T) { type expectedParam struct { pattern string paramType string } tests := map[string]struct { inPath string method string expectedID string expectedPath string existingParams map[string]expectedParam expectedParams map[string]expectedParam }{ "simple path": { inPath: "/simple", method: "GET", expectedID: "simpleGET", expectedPath: "/simple", existingParams: nil, expectedParams: nil, }, "path with regex": { inPath: "/items/{id}", method: "GET", expectedID: "items/{id}GET", expectedPath: "/items/{id}", existingParams: nil, expectedParams: map[string]expectedParam{ "id": {pattern: "", paramType: "string"}, }, }, "path with trailing slash": { inPath: "/trailing/", method: "POST", expectedID: "trailing/POST", expectedPath: "/trailing/", existingParams: nil, expectedParams: nil, }, "complex regex path": { inPath: "/complex/{id}", method: "PUT", expectedID: "complex/{id}PUT", expectedPath: "/complex/{id}", existingParams: map[string]expectedParam{ "id": {pattern: "", paramType: "integer"}, }, expectedParams: map[string]expectedParam{ "id": {pattern: "", paramType: "integer"}, }, }, "path with existing parameter": { inPath: "/existing/{id}", method: "DELETE", expectedID: "existing/{id}DELETE", expectedPath: "/existing/{id}", existingParams: map[string]expectedParam{ "id": {pattern: "[0-9]+", paramType: "string"}, }, expectedParams: map[string]expectedParam{ "id": {pattern: "[0-9]+", paramType: "string"}, }, }, } for name, tc := range tests { t.Run(name, func(t *testing.T) { oas := &OAS{ T: openapi3.T{ Paths: openapi3.NewPaths(), }, } // Prepopulate existing parameters if any if tc.existingParams != nil { pathItem := &openapi3.PathItem{} for paramName, param := range tc.existingParams { pathItem.Parameters = append(pathItem.Parameters, &openapi3.ParameterRef{ Value: &openapi3.Parameter{ Name: paramName, In: "path", Required: true, Schema: &openapi3.SchemaRef{ Value: &openapi3.Schema{ Type: &openapi3.Types{openapi3.TypeString}, Pattern: param.pattern, }, }, }, }) } oas.Paths.Map()[tc.expectedPath] = pathItem } operationID := oas.getOperationID(tc.inPath, tc.method) if operationID != tc.expectedID { t.Errorf("expected operation ID %s, got %s", tc.expectedID, operationID) } pathItem, ok := oas.Paths.Map()[tc.expectedPath] if !ok { t.Errorf("expected path %s to be created", tc.expectedPath) return } if tc.expectedParams != nil { if pathItem.Parameters == nil { t.Errorf("expected parameters for path %s, but got none", tc.expectedPath) return } for _, paramRef := range pathItem.Parameters { param := paramRef.Value expected, exists := tc.expectedParams[param.Name] if !exists { t.Errorf("unexpected parameter %s found", param.Name) continue } if param.Schema.Value.Pattern != expected.pattern { t.Errorf("expected pattern %s for parameter %s, got %s", expected.pattern, param.Name, param.Schema.Value.Pattern) } if param.Schema.Value.Type == nil || len(*param.Schema.Value.Type) == 0 { t.Errorf("parameter %s has nil or empty type", param.Name) continue } if (*param.Schema.Value.Type)[0] != expected.paramType { t.Errorf("expected type %s for parameter %s, got %s", expected.paramType, param.Name, (*param.Schema.Value.Type)[0]) }

[github-actions]

PR Code Suggestions ✨

No code suggestions found for the PR.

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
92.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud