IPA 106: Create : A Request object must include only input fields

Author: yelizhenden-mdb

tools/spectral/ipa/__tests__/createMethodRequestHasNoReadOnlyFields.test.js renamed to tools/spectral/ipa/__tests__/createMethodRequestHasNoReadonlyFields.test.js

@@ -134,7 +134,7 @@ testRule('xgen-IPA-106-create-method-request-has-no-readonly-fields', [
     errors: [
       {
         code: 'xgen-IPA-106-create-method-request-has-no-readonly-fields',
-        message: 'The create method request object must not include input fields (readOnly properties). Found readOnly property at: id http://go/ipa/106',
+        message: 'The Create method request object must not include input fields (readOnly properties). Found readOnly property at: id http://go/ipa/106',
         path: ['paths', '/invalid-resource', 'post', 'requestBody', 'content', 'application/vnd.atlas.2023-01-01+json'],
         severity: DiagnosticSeverity.Warning,
       }
@@ -163,7 +163,7 @@ testRule('xgen-IPA-106-create-method-request-has-no-readonly-fields', [
     errors: [
       {
         code: 'xgen-IPA-106-create-method-request-has-no-readonly-fields',
-        message: 'The create method request object must not include input fields (readOnly properties). Found readOnly property at: user.userId http://go/ipa/106',
+        message: 'The Create method request object must not include input fields (readOnly properties). Found readOnly property at: user.userId http://go/ipa/106',
         path: ['paths', '/nested-invalid-resource', 'post', 'requestBody', 'content', 'application/vnd.atlas.2023-01-01+json'],
         severity: DiagnosticSeverity.Warning,
       }
@@ -192,7 +192,7 @@ testRule('xgen-IPA-106-create-method-request-has-no-readonly-fields', [
     errors: [
       {
         code: 'xgen-IPA-106-create-method-request-has-no-readonly-fields',
-        message: 'The create method request object must not include input fields (readOnly properties). Found readOnly property at: items.items.itemId http://go/ipa/106',
+        message: 'The Create method request object must not include input fields (readOnly properties). Found readOnly property at: items.items.itemId http://go/ipa/106',
         path: ['paths', '/array-invalid-resource', 'post', 'requestBody', 'content', 'application/vnd.atlas.2023-01-01+json'],
         severity: DiagnosticSeverity.Warning,
       }

tools/spectral/ipa/__tests__/getMethodResponseHasNoInputFields.test.js

@@ -131,7 +131,7 @@ testRule('xgen-IPA-104-get-method-response-has-no-input-fields', [
       {
         code: 'xgen-IPA-104-get-method-response-has-no-input-fields',
         message:
-          'The get method response object must not include output fields (writeOnly properties). http://go/ipa/104',
+          'The get method response object must not include output fields (writeOnly properties). Found writeOnly property at: name http://go/ipa/104',
         path: [
           'paths',
           '/resource/{id}',
@@ -146,7 +146,7 @@ testRule('xgen-IPA-104-get-method-response-has-no-input-fields', [
       {
         code: 'xgen-IPA-104-get-method-response-has-no-input-fields',
         message:
-          'The get method response object must not include output fields (writeOnly properties). http://go/ipa/104',
+          'The get method response object must not include output fields (writeOnly properties). Found writeOnly property at: name http://go/ipa/104',
         path: [
           'paths',
           '/resource/{id}/singleton',

tools/spectral/ipa/__tests__/utils/schemaUtils.test.js

@@ -0,0 +1,247 @@
+// schemaUtils.test.js
+import { findPropertiesByAttribute } from '../../rulesets/functions/utils/schemaUtils';
+import { describe, expect, it } from '@jest/globals';
+
+describe('findPropertiesByAttribute', () => {
+  const mockPath = ['paths', '/resources', 'get', 'responses', '200', 'content', 'application/json'];
+  const errorMessage = 'Test error message';
+
+  it('handles primitive values', () => {
+    expect(findPropertiesByAttribute(null, 'readOnly', mockPath, [], errorMessage)).toEqual([]);
+    expect(findPropertiesByAttribute(undefined, 'readOnly', mockPath, [], errorMessage)).toEqual([]);
+    expect(findPropertiesByAttribute('string', 'readOnly', mockPath, [], errorMessage)).toEqual([]);
+    expect(findPropertiesByAttribute(123, 'readOnly', mockPath, [], errorMessage)).toEqual([]);
+    expect(findPropertiesByAttribute(true, 'readOnly', mockPath, [], errorMessage)).toEqual([]);
+  });
+
+  it('detects direct attribute match', () => {
+    const schema = {
+      type: 'string',
+      readOnly: true
+    };
+    
+    const errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    
+    expect(errors).toHaveLength(1);
+    expect(errors[0]).toEqual({
+      path: mockPath,
+      message: `${errorMessage} Found readOnly property at: `
+    });
+  });
+
+  it('detects properties with the specified attribute', () => {
+    const schema = {
+      type: 'object',
+      properties: {
+        id: {
+          type: 'string',
+          readOnly: true
+        },
+        name: {
+          type: 'string'
+        },
+        password: {
+          type: 'string',
+          writeOnly: true
+        }
+      }
+    };
+    
+    // Testing readOnly detection
+    let errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(1);
+    expect(errors[0].message).toContain('Found readOnly property at: id');
+    
+    // Testing writeOnly detection
+    errors = findPropertiesByAttribute(schema, 'writeOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(1);
+    expect(errors[0].message).toContain('Found writeOnly property at: password');
+  });
+
+  it('detects nested properties with the specified attribute', () => {
+    const schema = {
+      type: 'object',
+      properties: {
+        user: {
+          type: 'object',
+          properties: {
+            id: {
+              type: 'string', 
+              readOnly: true
+            },
+            credentials: {
+              type: 'object',
+              properties: {
+                password: {
+                  type: 'string',
+                  writeOnly: true
+                }
+              }
+            }
+          }
+        }
+      }
+    };
+    
+    // Testing deep readOnly detection
+    let errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(1);
+    expect(errors[0].message).toContain('Found readOnly property at: user.id');
+    
+    // Testing deep writeOnly detection
+    errors = findPropertiesByAttribute(schema, 'writeOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(1);
+    expect(errors[0].message).toContain('Found writeOnly property at: user.credentials.password');
+  });
+
+  it('detects properties in array items', () => {
+    const schema = {
+      type: 'object',
+      properties: {
+        items: {
+          type: 'array',
+          items: {
+            type: 'object',
+            properties: {
+              id: {
+                type: 'string',
+                readOnly: true
+              },
+              secret: {
+                type: 'string',
+                writeOnly: true
+              }
+            }
+          }
+        }
+      }
+    };
+    
+    // Testing readOnly in array items
+    let errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(1);
+    expect(errors[0].message).toContain('Found readOnly property at: items.items.id');
+    
+    // Testing writeOnly in array items
+    errors = findPropertiesByAttribute(schema, 'writeOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(1);
+    expect(errors[0].message).toContain('Found writeOnly property at: items.items.secret');
+  });
+
+  it('detects properties in schema combiners', () => {
+    const schema = {
+      allOf: [
+        {
+          type: 'object',
+          properties: {
+            id: {
+              type: 'string',
+              readOnly: true
+            }
+          }
+        }
+      ],
+      anyOf: [
+        {
+          type: 'object',
+          properties: {
+            key: {
+              type: 'string',
+              writeOnly: true
+            }
+          }
+        }
+      ],
+      oneOf: [
+        {
+          type: 'object'
+        },
+        {
+          type: 'object',
+          properties: {
+            token: {
+              type: 'string',
+              readOnly: true
+            }
+          }
+        }
+      ]
+    };
+    
+    // Testing readOnly in combiners
+    let errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(2);
+    expect(errors[0].message).toContain('Found readOnly property at: allOf.0.id');
+    expect(errors[1].message).toContain('Found readOnly property at: oneOf.1.token');
+    
+    // Testing writeOnly in combiners
+    errors = findPropertiesByAttribute(schema, 'writeOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(1);
+    expect(errors[0].message).toContain('Found writeOnly property at: anyOf.0.key');
+  });
+
+  it('correctly accumulates multiple errors', () => {
+    const schema = {
+      type: 'object',
+      properties: {
+        id: {
+          type: 'string',
+          readOnly: true
+        },
+        nested: {
+          type: 'object',
+          properties: {
+            innerId: {
+              type: 'string',
+              readOnly: true
+            }
+          }
+        },
+        items: {
+          type: 'array',
+          items: {
+            readOnly: true
+          }
+        }
+      }
+    };
+    
+    const errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    
+    expect(errors).toHaveLength(3);
+    expect(errors[0].message).toContain('Found readOnly property at: id');
+    expect(errors[1].message).toContain('Found readOnly property at: nested.innerId');
+    expect(errors[2].message).toContain('Found readOnly property at: items.items');
+  });
+
+  it('handles empty objects', () => {
+    const schema = {};
+    const errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(0);
+  });
+
+  it('handles schemas with no matching attributes', () => {
+    const schema = {
+      type: 'object',
+      properties: {
+        id: { type: 'string' },
+        name: { type: 'string' },
+        nested: {
+          type: 'object',
+          properties: {
+            value: { type: 'number' }
+          }
+        },
+        items: {
+          type: 'array',
+          items: {
+            type: 'string'
+          }
+        }
+      }
+    };
+    
+    const errors = findPropertiesByAttribute(schema, 'readOnly', mockPath, [], errorMessage);
+    expect(errors).toHaveLength(0);
+  });
+});

tools/spectral/ipa/rulesets/IPA-106.yaml

@@ -5,7 +5,7 @@ functions:
   - createMethodRequestBodyIsRequestSuffixedObject
   - createMethodShouldNotHaveQueryParameters
   - createMethodRequestBodyIsGetResponse
-  - createMethodRequestHasNoReadOnlyFields
+  - createMethodRequestHasNoReadonlyFields
 
 rules:
   xgen-IPA-106-create-method-request-body-is-request-suffixed-object:

tools/spectral/ipa/rulesets/README.md

@@ -60,6 +60,7 @@ For rule definitions, see [IPA-106.yaml](https://github.com/mongodb/openapi/blob
 | xgen-IPA-106-create-method-request-body-is-get-method-response     | Request body content of the Create method and response content of the Get method should refer to the same resource.
 readOnly/writeOnly properties will be ignored.  http://go/ipa/106
  | warn     |
+| xgen-IPA-106-create-method-request-has-no-readonly-fields          | Create method Request object must not include fields with readOnly:true. http://go/ipa/106                                                                                             | warn     |
 
 ### IPA-108