Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-15409

Silent failure when non-empty securityDefinions comes with empty security requirement

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • fuse-7.9-GA
    • fuse-7.7-GA
    • Fuse Online
    • None
    • False
    • False
    • % %
    • Undefined
    • Fuse Online
    • Hide

       

      1. Pass the following Swagger:

      swagger: "2.0"
info:
  title: API title
  description: API description
  version: 0.0.0
schemes:
  - https
produces:
  - application/json
securityDefinitions:
  basicToken:
    type: apiKey
    name: Authorization
    in: header
security:
- {}
definitions:
  AccessTokenResponse:
    properties:
      access_token:
        type: string
paths:
  /oauth/token:
    post:
      operationId: getToken
      summary: Obtain an access token
      description: Requests the current access token based on the existing secret
      consumes:
        - application/x-www-form-urlencoded
      parameters:
        - name: grant_type
          in: formData
          type: string
      responses:
        200:
          description: Access token granted
          schema:
            $ref: "#/definitions/AccessTokenResponse"

      as input to create an API Connector. If you open Review/Edit page, you'll see 1 defined security schema for basicToken and one security requirement that states "No security".

      2. On the page to confirm security settings, note that the connector is still configured with the mode picked from "securityDefinitions".

      3. Create a connection on top of the connector; supply some API Key to it.

      4. Make a minimal integration using this connector.

      5. Try to publish the integration.

      6. The created pod gets stuck in a restart cycle. The pod's logs contain:

      Caused by: java.util.NoSuchElementException: null
	at 
java.util.LinkedHashMap$LinkedHashIterator.nextNode(LinkedHashMap.java:721)
 ~[na:1.8.0_272]
	at 
java.util.LinkedHashMap$LinkedKeyIterator.next(LinkedHashMap.java:742) 
~[na:1.8.0_272]
	at 
io.syndesis.connector.rest.swagger.SpecificationResourceCustomizer.updateSecuritySpecification(SpecificationResourceCustomizer.java:84)
 
~[connector-rest-swagger-1.10.0.fuse-770020-redhat-00001.jar!/:1.10.0.fuse-770020-redhat-00001]
	at 
io.syndesis.connector.rest.swagger.SpecificationResourceCustomizer.lambda$customize$0(SpecificationResourceCustomizer.java:47)
 
~[connector-rest-swagger-1.10.0.fuse-770020-redhat-00001.jar!/:1.10.0.fuse-770020-redhat-00001]

      The expected behaviour in that case would be to bypass the unused security definitions and configure the connector with no security as the requirement states.

       

      Show
        1. Pass the following Swagger: swagger: "2.0" info: title: API title description: API description version: 0.0.0 schemes: - https produces: - application/json securityDefinitions: basicToken: type: apiKey name: Authorization in: header security: - {} definitions: AccessTokenResponse: properties: access_token: type: string paths: /oauth/token: post: operationId: getToken summary: Obtain an access token description: Requests the current access token based on the existing secret consumes: - application/x-www-form-urlencoded parameters: - name: grant_type in: formData type: string responses: 200: description: Access token granted schema: $ref: "#/definitions/AccessTokenResponse" as input to create an API Connector. If you open Review/Edit page, you'll see 1 defined security schema for basicToken and one security requirement that states "No security". 2. On the page to confirm security settings, note that the connector is still configured with the mode picked from "securityDefinitions". 3. Create a connection on top of the connector; supply some API Key to it. 4. Make a minimal integration using this connector. 5. Try to publish the integration. 6. The created pod gets stuck in a restart cycle. The pod's logs contain: Caused by: java.util.NoSuchElementException: null at java.util.LinkedHashMap$LinkedHashIterator.nextNode(LinkedHashMap.java:721) ~[na:1.8.0_272] at java.util.LinkedHashMap$LinkedKeyIterator.next(LinkedHashMap.java:742) ~[na:1.8.0_272] at io.syndesis.connector. rest .swagger.SpecificationResourceCustomizer.updateSecuritySpecification(SpecificationResourceCustomizer.java:84) ~[connector- rest -swagger-1.10.0.fuse-770020-redhat-00001.jar!/:1.10.0.fuse-770020-redhat-00001] at io.syndesis.connector. rest .swagger.SpecificationResourceCustomizer.lambda$customize$0(SpecificationResourceCustomizer.java:47) ~[connector- rest -swagger-1.10.0.fuse-770020-redhat-00001.jar!/:1.10.0.fuse-770020-redhat-00001] The expected behaviour in that case would be to bypass the unused security definitions and configure the connector with no security as the requirement states.  

       

      A combination of non-empty "securityDefinitions" section in the Swagger definition for an API connector with a "security" section that contains bare {} (No security) leads to API connector being configured as if the security is set up but then failing to stand up during pod creation. Completely missing or empty "securityDefinitions", or a completely missing or empty "security" does not lead to the problem; the integration is correctly configured and started with no security on the connector.

              zregvart@redhat.com Zoran Regvart
              arusakov Alexey Rusakov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: