Overview

In #3455975-11: HTTP API: update /xb-component/{component_id} to list possible prop sources for current entity context we discovered the patternProperties was not supported.

I put in a fix that used \Drupal\experience_builder\EventSubscriber\ApiResponseValidator::performXbValidation and \Drupal\experience_builder\EventSubscriber\ApiResponseValidator::validateKeys and an addition to the openapi.yml file

          # Add a custom validation method to enforce the key pattern via an OpenAPI extension which are
          # designated with 'x-' prefix.
          # @see https://swagger.io/docs/specification/openapi-extensions
          # @see \Drupal\experience_builder\EventSubscriber\ApiResponseValidator::performXbValidation
          x-xb-validation:
            method: 'validateKeys'
            arguments:
              # @see \Drupal\Core\Plugin\Component::$machineName
              - '^[a-zA-Z0-9_-]+:[a-zA-Z0-9_-]+$'

but in fixing another problem with the openapi.yml file this addition was removed
here is the version with the fix https://git.drupalcode.org/project/experience_builder/-/blob/f649d4bbaea...

Proposed resolution

  1. Add a test to ensure we don't add more uses of patternProperties
  2. remove the current uses of patternProperties

Basically we want to make sure we can't keep adding parts of the openapi schema that is not actually being enforce, and enforce that parts we can now. We just can't enforce the property keys.

Follow-ups

  1. #3506543: Enforce response keys in openapi if possible - originally this was the scope of this issue, but I think it better to do this is follow-up
  2. #3507427: /components/schemas/Component in openapi.yml is incomplete: add `source` and use it to make the OpenAPI spec more precise - Problems found in this issue. The schema was not being enforced so we didn't notice this

User interface changes

Issue fork experience_builder-3471064

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

tedbow created an issue. See original summary.

tedbow opened merge request !226

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: Unassigned » tedbow
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: tedbow » Unassigned
Status: Active » Needs work

I pushed up a rough start to test.

Putting this down to work on other issues for now

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Issue tags: +openapi
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Component: Page builder » Code

longwave made their first commit to this issue’s fork.

longwave’s picture

longwave
he/him
Primary language English
Location UK
commented

Merged 0.x and pushed some fixes, but there are multiple deprecations that I don't understand yet and a test fail that I am not sure what to do with.

longwave’s picture

longwave
he/him
Primary language English
Location UK
commented

Saving attribution.

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Version: » 0.x-dev

Just merged #3478830: Remove dead `ApiResponseValidator::performXbValidation()` we may have to add this back here if we need it

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Title: Openapi.yml uses patternProperties which is not supported by our dependencies » openapi.yml uses `patternProperties` which is not supported by our dependencies
Related issues: +#3478830: Remove dead `ApiResponseValidator::performXbValidation()`

The removal of x-xb-validation in /openapi.yml seems to have been accidental in this commit: https://git.drupalcode.org/project/experience_builder/-/merge_requests/1... ? 🤔

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Status: Needs work » Postponed (maintainer needs more info)

Following up on non-draft MRs that have been open for a long time. That led me here. What's next here? Is this still relevant?

longwave’s picture

longwave
he/him
Primary language English
Location UK
commented

We should remove patternProperties from openapi.yml if it doesn't work, but otherwise I am not sure we need to strictly validate here, Drupal will do it for us anyway?

traviscarden made their first commit to this issue’s fork.

traviscarden’s picture

traviscarden commented

This MR is quite old and out of sync with 0.x. Let's have a rebase, shall we? 👆

tedbow opened merge request !658

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Status: Postponed (maintainer needs more info) » Needs review

re #12 yes, still relevant. I think any time we have `patternProperties` in openapi that part is not getting validated. example #3505224: XbConfigEntityHttpApiTest missing test coverage for individual GET requests for JavaScriptComponent + AssetLibrary

Although I think my approach in https://git.drupalcode.org/project/experience_builder/-/merge_requests/226 probably could work, I think it is probably overly complicated for what it gets us.

I think addtionalProperties gets us everything except key checking. Although not ideal I don't think we have had actual problems with invalid keys and it seem like an edge case of what we are likely to hit

So added new MR that simply adds a test that make sure we don't add any new uses addtionalProperties, which I think has happened since we first opened this issues. We would have to make a few changes to get the new test to pass

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Status: Needs review » Needs work

Tests are failing I think because the validation is now starting be enforced for sections that were being skipped because of our use of patternProperties

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Title: openapi.yml uses `patternProperties` which is not supported by our dependencies » OpenApi validation is not enforce becasue openapi.yml uses `patternProperties` which is not supported by our dependencies
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Title: OpenApi validation is not enforce becasue openapi.yml uses `patternProperties` which is not supported by our dependencies » OpenApi validation is not enforced because openapi.yml uses `patternProperties` which is not supported by our dependencies

tedbow closed merge request !226

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Issue summary: View changes
Status: Needs work » Needs review
Related issues: +#3472632: Decide on an approach for writing tests for OpenAPI integration, +#3506543: Enforce response keys in openapi if possible

I think we should get this MR in ASAP. We have 3 response that are not being validated but appear to be. People would waste time in other issue updating the response spec thinking it is actually being enforced.

1 of the responses already fails the validation that is there and the other 2 could be broken at any point and no one would know. This is really just to stop the bleeding and #3472632: Decide on an approach for writing tests for OpenAPI integration can figure the way forward

I created #3506543: Enforce response keys in openapi if possible to figure out if we can actually validate keys.

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: Unassigned » traviscarden
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: traviscarden » tedbow
Status: Needs review » Needs work

Need to bring back more changes after merging with 0.x

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Related issues: +#3471064: OpenApi validation is not enforced because openapi.yml uses `patternProperties` which is not supported by our dependencies

another follow-up #3471064: OpenApi validation is not enforced because openapi.yml uses `patternProperties` which is not supported by our dependencies

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Issue summary: View changes
Related issues: -#3471064: OpenApi validation is not enforced because openapi.yml uses `patternProperties` which is not supported by our dependencies +#3507427: /components/schemas/Component in openapi.yml is incomplete: add `source` and use it to make the OpenAPI spec more precise
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: tedbow » wim leers
Status: Needs work » Needs review
longwave’s picture

longwave
he/him
Primary language English
Location UK
commented
Status: Needs review » Reviewed & tested by the community

Agree with the rationale, and the test is helpful until we get an upgrade to the OpenAPI spec validator - which is somewhat outside the scope of this project.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: wim leers » Unassigned
Issue tags: +DX (Developer Experience)

This adds onto #3499703: Make all XB HTTP API routes consistently prefixed, ensure they all have OpenAPI specs, and tests to keep it so, in making XB's use of OpenAPI less brittle! 🚀

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented

Landed #3504494: OpenAPI spec insufficiently precise for `LayoutComponent` while waiting for this to be green.

  • tedbow committed dce53274 on 0.x 
    Issue #3471064 by tedbow, longwave: OpenApi validation is not enforced...
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Status: Reviewed & tested by the community » Fixed

🎉

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented

Well done!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.