fix: Append all credentials for OpenAPI security infos #661
Conversation
|
Tried to add tests for this, but the current openApi loading tests don't handle tool linking and wasn't quite sure how to set that up in the test fixture. Got an error like so - |
pkg/loader/openapi.go
Outdated
| for _, cred := range info.GetCredentialToolStrings(operationServerURL.Hostname()) { | ||
| tool.Credentials = append(tool.Credentials, cred) | ||
| } |
There was a problem hiding this comment.
The linter wants to change it to this:
| for _, cred := range info.GetCredentialToolStrings(operationServerURL.Hostname()) { | |
| tool.Credentials = append(tool.Credentials, cred) | |
| } | |
| tool.Credentials = append(tool.Credentials, info.GetCredentialToolStrings(operationServerURL.Hostname())...) |
I tested it and it works the same.
|
Hey @johnrengelman , thanks for the contribution. Sorry it took me so long to get to this. It looks good to me but the linter is failing. If you could apply the suggestion I left, then I can merge this. Thanks! |
johnrengelman
force-pushed
the
openapi-multi-creds
branch
from
24b9599
to
2f70c1e
Compare
|
Pushed this change from the linter. |
Yeah I think we are planning on removing that. That was mostly just an experiment, which is why it is hidden behind an env var. So no worries. Thanks again for your contribution! |
When using an OpenAPI definition with multiple security infos that should be AND'd together (per https://docs.gptscript.ai/tools/openapi#1-security-schemes), the tools credential injection with only include 1 of the environment variables instead of all of them. The result is non-deterministic on which envvar will be included to do Go's behavior with slices.
This changes the behavior to include credential injections for all schemes declared in the 1st security info block in the api definition.