oneOf + "additionalProperties: false" broken after 0.8 #124
Comments
diogobaeder
pushed a commit
to diogobaeder/openapi-core
that referenced
this issue
Mar 26, 2019
p1c2u
added a commit
that referenced
this issue
Mar 26, 2019
Fix #124: Checking "additionalProperties" in "oneOf" items.
bjmc
pushed a commit
to bjmc/openapi-core
that referenced
this issue
Jun 12, 2019
…ems. This is important because it does the correct validation over items that are restricted in "oneOf", so that it's possible to use schemas that are superset of one another as items of "oneOf".
bjmc
pushed a commit
to bjmc/openapi-core
that referenced
this issue
Jun 12, 2019
bjmc
pushed a commit
to bjmc/openapi-core
that referenced
this issue
Jun 12, 2019
Fix python-openapi#124: Checking "additionalProperties" in "oneOf" items.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I just updated openapi-core in a project I work on, from 0.8.0 to 0.9.0, and it broke a bunch of objects I had defined in my spec. The reason is, some of my objects are spec'd as having "superset" fields in a
oneOffashion - for example, one of the schemas defines propertiesfooandbarand the other only definesfoo. Previously it worked becauseadditionalPropertieswas set to None by default, hence not allowing additional properties by default, therefore those schemas were unambiguous. However, after a few recent changes (I think after 0.8.1) it seems that the library got updated to OpenAPI 3.0.2, which specifies thatadditionalPropertieshas to betrueby default, and this precise change makes those kinds of schemas ambiguous if they don't defineadditionalProperties.However, I tried defining
additionalProperties: falsein those schemas and it still didn't work, they're being deemed invalid. I checked the code that is on master now, and the reason why that doesn't work is becauseadditionalPropertiesis being checked on the parent object that contains theoneOfitems, and not on each item. So, for example, if oneOf the schemas allows onlyfoo, but the value dict containsfooandbar, the validation passes because the container hasadditionalProperties: trueby default (while this property should be checked in the granular schemas instead).In summary: the recent changes make it impossible to use
oneOfwith schemas where one is a superset of another, even if they're unambiguous by being specified withadditonalProperties: false. Something I haven't tried yet, though, is to setadditionalProperties: falsein the container with theoneOf, maybe this makes the validation pass, but it would make the specification wrong according to OpenAPI 3.I'm trying to implement a fix for it now, but unfortunately they seem to have broken a lot of tests, so it will take me some time; if you have a fix in mind which is easy enough to implement, please let me know. The reason why I broke a bunch of tests (hence the production code) is because I noticed that the validation at
_validate_objectand_validate_propertiesis mixing properties from theoneOfitems with the container itself, which doesn't seem correct to me, so I tried pushing the validation to each item instead but somehow this caused some mayhem.The text was updated successfully, but these errors were encountered: