This is a repo of attempts at using OpenAPI documentation to automatically validate and test certain aspects of a service.
This service is not to be considered a full-fledged package, but to serve as a reference for how such tasks might be done.
This code supports a basic first-pass at using an Istio Authorization Policy in order to test the correctness of a OpenAPI spec and vice versa.
The idea is to validate that every authorization policy someone writes is successfully documented in an OpenAPI spec, and that everything documented in an OpenAPI spec is supported by a policy.
- The authorization policy was written based off of what was actually in the Petstore example (and I am not an expert).
- Istio supports limited wildcarding only. This means some security schemes could not be fully translated to istio.
- Making the code more generic / extensible for different types of auth policy rules and different types of security schemes
- Automated tests using security schemes
- Automated tests using examples