Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merging to release-5.7.0: Revert "[TT-13422] Do not allow empty string in upstream auth configuration strings" (#6702) #6704

Conversation

buger
Copy link
Member

@buger buger commented Nov 14, 2024

User description

Revert "TT-13422 Do not allow empty string in upstream auth configuration strings" (#6702)

Reverts #6699
temporary revert with common change for AuthSource


PR Type

enhancement, bug fix


Description

  • Reverted changes that enforced non-empty strings in the OpenAPI Specification (OAS) schema, specifically for the name property in X-Tyk-AuthSource.
  • Adjusted references for header properties in various authentication objects to use X-Tyk-UpstreamAuthSource.
  • Reintroduced the X-Tyk-UpstreamAuthSource definition to align with previous configurations.

Changes walkthrough 📝

Relevant files
Bug fix
x-tyk-api-gateway.json
Revert non-empty string enforcement and adjust AuthSource references

apidef/oas/schema/x-tyk-api-gateway.json

  • Reverted the name property in X-Tyk-AuthSource to use type: string
    instead of X-Tyk-NonEmptyString.
  • Changed $ref for header in X-Tyk-UpstreamBasicAuthentication and other
    sections to X-Tyk-UpstreamAuthSource.
  • Reintroduced X-Tyk-UpstreamAuthSource definition with name as a string
    type.
  • +15/-4   

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    …ration strings" (#6702)
    
    Reverts #6699
    temporary revert with common change for AuthSource
    
    (cherry picked from commit f0fcb3f)
    @buger buger added the Sub-task label Nov 14, 2024
    @buger
    Copy link
    Member Author

    buger commented Nov 14, 2024

    💔 The detected issue is not in one of the allowed statuses 💔

    Detected Status DoD Check
    Allowed Statuses In Dev,In Code Review,Ready for Testing,In Test,In Progress,In Review ✔️

    Please ensure your jira story is in one of the allowed statuses

    Copy link
    Contributor

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    🎫 Ticket compliance analysis 🔶

    6699 - Fully compliant

    Fully compliant requirements:

    • Add validation rules on backend to prevent empty strings in upstream auth configuration strings.

    Not compliant requirements:
    []

    6702 - Fully compliant

    Fully compliant requirements:

    Not compliant requirements:
    []

    ⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    Reversion Completeness
    Ensure that all changes from the original PR are correctly reverted, including any potential side effects or dependencies that were not addressed.

    Schema Consistency
    Verify that the reintroduction of 'X-Tyk-UpstreamAuthSource' and other schema changes are consistent with previous configurations and do not introduce discrepancies.

    Copy link
    Contributor

    API Changes

    no api changes detected

    Copy link
    Contributor

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Enhancement
    Add non-empty string validation to the "name" property under "X-Tyk-UpstreamAuthSource"

    Ensure that the "name" property under "X-Tyk-UpstreamAuthSource" also includes a
    non-empty string validation similar to other critical string fields to prevent
    potential issues with empty values.

    apidef/oas/schema/x-tyk-api-gateway.json [2154]

     "name": {
    -  "type": "string"
    +  "type": "string",
    +  "pattern": "\\S+"
     }
    Suggestion importance[1-10]: 8

    Why: Adding a non-empty string validation to the "name" property ensures data integrity and prevents potential issues with empty values, which is crucial for maintaining the robustness of the API schema.

    8

    Copy link

    Quality Gate Failed Quality Gate failed

    Failed conditions
    0.0% Coverage on New Code (required ≥ 80%)

    See analysis details on SonarQube Cloud

    @jeffy-mathew jeffy-mathew merged commit 70fc07b into release-5.7.0 Nov 14, 2024
    25 of 38 checks passed
    @jeffy-mathew jeffy-mathew deleted the merge/release-5.7.0/f0fcb3f59104ce571d24f1e4354c8bbfc8eba9f3 branch November 14, 2024 16:11
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    2 participants