Skip to content

CLOUDP-274986: Update OAS security validation for global security #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 11, 2024
Merged

CLOUDP-274986: Update OAS security validation for global security #251

merged 3 commits into from
Oct 11, 2024

Conversation

lovisaberggren
Copy link
Collaborator

@lovisaberggren lovisaberggren commented Oct 10, 2024
edited
Loading

Proposed changes

Changes to the linting for setting the OAS security as a global configuration. Only unauthenticated endpoints will have security set on the endpoint level, as an empty security requirement.

  • New validation that if security is set, it's empty
  • Removed previous validation that all endpoints have security set

Since current OAS will violate the new linting, I'll comment out the v2 lint step for now and reintroduce it after the next release when the new OAS is updated.

Jira ticket: CLOUDP-274986

Checklist

  • I have signed the MongoDB CLA
  • I have added tests that prove my fix is effective or that my feature works

@lovisaberggren lovisaberggren marked this pull request as ready for review October 11, 2024 10:44
@lovisaberggren lovisaberggren requested a review from a team as a code owner October 11, 2024 10:44
@blva
Copy link
Collaborator

blva commented Oct 11, 2024

linting fails since it lints the latest openapi spec

options:

  1. comment linting of the v2 spec until you merge spec updates
  2. merge spec updates first (but will take time until they reach production)

@lovisaberggren
Copy link
Collaborator Author

@blva Thanks! Commented out the v2 step in the workflow for now, will reintroduce after next release

I'll update the README in a separate PR for some more detailed guidance on the process

@lovisaberggren lovisaberggren merged commit 8079776 into main Oct 11, 2024
9 checks passed
@lovisaberggren lovisaberggren deleted the CLOUDP-274986 branch October 11, 2024 16:02
@blva
Copy link
Collaborator

blva commented Oct 11, 2024

just chatted /w @lovisaberggren that even commenting this will still make other release validations fail as we'll use the new spec in this repo so it's best to revert and wait cc @matt-condon who approved

lovisaberggren added a commit that referenced this pull request Oct 11, 2024
@lovisaberggren
Revert "CLOUDP-274986: Update OAS security validation for global secu…
763f867 
…rity (#251)"

This reverts commit 8079776.
@lovisaberggren lovisaberggren mentioned this pull request Oct 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matt-condon matt-condon matt-condon approved these changes

@blva blva blva approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lovisaberggren @blva @matt-condon