--ignore-security-errors should not ignore all security plugins when enabled#295
Conversation
…nore-security-errors flag, it should only ignore errors
|
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f07a3dda4b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if ignoreSecurityErrors { | ||
| return inherited, nil |
There was a problem hiding this comment.
When a document-level OIDC scheme is valid but an operation overrides security with an unsupported scheme such as apiKey, Convert calls getOIDCdefaults(operation.Security, doc, docOIDCdefaults, true). This branch returns the inherited document OIDC config, so the later string comparison treats the operation as unchanged and leaves the service-level openid-connect plugin applying to that route, even though OpenAPI operation security overrides the document-level requirement and --ignore-security-errors should skip the unsupported operation security rather than reapply the parent.
Useful? React with 👍 / 👎.
|
Holding this PR due to test failures. |
3 participants
currently if the --ignore-security-errors flag is enabled on the deck file openapi2kong command, it will just ignore creating any security plugins instead of what its name and description suggest which is to ignore errors.
Should ideally resolve Kong/deck#1829 as well