fix: fix examples for the new "security at operation level" feature

[sekharbans-ebay]

---

title: "Fix examples for the new "security at operation level" feature"

---

Related issue(s):
#584

Rewords the examples and also introduces the server reference to the channel.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[derberg]

This example introduces below on each channel:

servers:
     - test_oauth 

then what is the point of having test server if non of channels are available on it?
Why in this example we need to link all the channels with test_oauth?

[magicmatatjahu]

Security requirement object should be in the form of array, not object.

[sekharbans-ebay]

Fixed

[magicmatatjahu]

Security requirement object should be in the form of array, not object.

[sekharbans-ebay]

Fixed

[magicmatatjahu]

Security requirement object should be in the form of array, not object.

[sekharbans-ebay]

Fixed.

[magicmatatjahu]

Security requirement object should be in the form of array, not object.

[sekharbans-ebay]

Fixed.

[sekharbans-ebay]

This example introduces below on each channel:

servers:
     - test_oauth 

then what is the point of having test server if non of channels are available on it? Why in this example we need to link all the channels with test_oauth?

Yes. Removed it.

Second thoughts, i acted in haste :). Restored it now. Added reference to 'test' server to smartylighting.streetlights.1.0.event.{streetlightId}.lighting.measured
Havent provided security at the channel/operation level since the test server has only one security method (therefore implied) - and also to point out operation level security is optional.

[sekharbans-ebay]

This example introduces below on each channel:

servers:
     - test_oauth 

then what is the point of having test server if non of channels are available on it? Why in this example we need to link all the channels with test_oauth?

Added reference to 'test' server to smartylighting.streetlights.1.0.event.{streetlightId}.lighting.measured
Havent provided security at the channel/operation level since the test server has only one security method (therefore implied) - and also to point out operation level security is optional.

[derberg]

but now, we have only test_oauth, so why someone would explicitly link to it from each channel?

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sekharbans-ebay]

Added reference to 'test' server to smartylighting.streetlights.1.0.event.{streetlightId}.lighting.measured
Havent provided security at the channel/operation level since the test server has only one security method (therefore implied) - and also to point out operation level security is optional.

Yes! occurred to me as well - so i restored test. This is a better example now.
I added reference to 'test' server to smartylighting.streetlights.1.0.event.{streetlightId}.lighting.measured
Havent provided security at the channel/operation level since the test server has only one security method (therefore implied) - and also to point out operation level security is optional.

[smoya]

Added reference to 'test' server to smartylighting.streetlights.1.0.event.{streetlightId}.lighting.measured
Havent provided security at the channel/operation level since the test server has only one security method (therefore implied) - and also to point out operation level security is optional.

Yes! occurred to me as well - so i restored test. This is a better example now. I added reference to 'test' server to smartylighting.streetlights.1.0.event.{streetlightId}.lighting.measured Havent provided security at the channel/operation level since the test server has only one security method (therefore implied) - and also to point out operation level security is optional.

Feel free to drop: I think it makes more sense now. However, the last changes made me ask myself if security requirements at operation level security should contain only requirements that are declared in the server security. If that's not a requirement, maybe makes sense to add security requirements also in the smartylighting.streetlights.1.0.event.{streetlightId}.lighting.measured channel, so we demystify? I would also like to know the opinion from @derberg

[smoya]

@dalelane @derberg @fmvilas we will need the last review on this. It's just the last pending required work on 2.4.0.

[dalelane]

LGTM

[derberg]

looks much better,

also I do not think adding security on operation related to test make sense in case of saslScram security + it could suggest that security on operation level is always needed, which is not the case

[smoya]

/rtm

[asyncapi-bot]

🎉 This PR is included in version 2.4.0-2022-04-release.4 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

[asyncapi-bot]

🎉 This PR is included in version 2.4.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀