Validation of OpenAPI Spec?

[jmini]

I think we started a discussion somewhere about this, but I could not find it.

Maybe at API level we could defines an interface to report OpenAPI validation issues.

---

Example of an invalid spec:

 OASFactory.createSchema()
   .ref("#/components/schemas/SomeObj")
   .type(Schema.SchemaType.OBJECT) // Wrong value because "$ref" is present
   .description("The hello type") // Wrong value because "$ref" is present

---

KaiZen:

KaiZen have a ValidationItem to report a severity, a message and a position.

The position is strongly coupled with the source file (JSON), which might be not ideal in our case because the model can be derived from the Annotations or built from scratch using the OASFactory.

But if someone build a parser that uses the Eclipse-MP-OpenAPI model, then having the location in the source file (JSON or YAML) might also be interesting.

[arthurdm]

thanks for starting this thread @jmini

As background, in WebSphere Liberty there are 2 levels of validation support:

• from our Eclipse tools (WDT)
• from the openapi-3.0 feature runtime, (see bullet 5 in this link)

In both cases the error appears in the platform's current logging mechanism - for Eclipse that's via the Errors markers, and for Liberty that's via the log files.

I wonder if there will be a lot of adoption of a new error reporting API / interface, versus what each vendor already has setup today?

[arthurdm]

maybe from a MP OpenAPI spec's perspective we can define a common MP Config key that turns validation on/off (mp.openapi.validation) and the way the errors are actually presented to the user are vendor / platform specific?

[EricWittmann]

Another wrinkle with respect to validation is that with filtering the actual content of the OpenAPI document may change depending on who requests it. That said, I think validation is a nice feature to have, although I also agree that it probably should be vendor specific. However I'm happy to change my mind if we can come up with a standard way to define how validation works and is reported.

[arthurdm]

One of the things we discussed at the hangout today was:

• Configure OpenAPI validation via mp.openapi.validation
• Fetch validation results (array of errors or something like Document is valid) by calling openapi/validation

The validation support would be optional for vendors. Thoughts?