Implement new filter logic

Add test for it
Optimize old filter logic

Author: limentas

modules/openapi-generator/src/main/java/org/openapitools/codegen/OpenAPINormalizer.java

@@ -213,6 +213,7 @@ public OpenAPINormalizer(OpenAPI openAPI, Map<String, String> inputRules) {
         ruleNames.add(NORMALIZE_31SPEC);
         ruleNames.add(REMOVE_X_INTERNAL);
         ruleNames.add(FILTER);
+        ruleNames.add(SECURITY_SCHEMES_FILTER);
         ruleNames.add(SET_CONTAINER_TO_NULLABLE);
         ruleNames.add(SET_PRIMITIVE_TYPES_TO_NULLABLE);
         ruleNames.add(SIMPLIFY_ONEOF_ANYOF_ENUM);
@@ -287,6 +288,11 @@ public void processRules(Map<String, String> inputRules) {
             // actual parsing is delayed to allow customization of the Filter processing
         }
 
+        if (inputRules.get(SECURITY_SCHEMES_FILTER) != null) {
+            rules.put(SECURITY_SCHEMES_FILTER, true);
+            // actual parsing is delayed to allow customization of the Filter processing
+        }
+
         if (inputRules.get(SET_CONTAINER_TO_NULLABLE) != null) {
             rules.put(SET_CONTAINER_TO_NULLABLE, true);
             setContainerToNullable = new HashSet<>(Arrays.asList(inputRules.get(SET_CONTAINER_TO_NULLABLE).split("[|]")));
@@ -403,6 +409,15 @@ protected void normalizePaths() {
             return;
         }
 
+        OperationsFilter filter = null;
+        if (Boolean.TRUE.equals(getRule(FILTER))) {
+            String filters = inputRules.get(FILTER);
+            filter = createOperationsFilter(this.openAPI, filters);
+            if (!filter.parse()) {
+                filter = null;
+            }
+        }
+
         for (Map.Entry<String, PathItem> pathsEntry : paths.entrySet()) {
             PathItem path = pathsEntry.getValue();
             List<Operation> operations = new ArrayList<>(path.readOperations());
@@ -418,14 +433,10 @@ protected void normalizePaths() {
                     "trace", PathItem::getTrace
             );
 
-            if (Boolean.TRUE.equals(getRule(FILTER))) {
-                String filters = inputRules.get(FILTER);
-                OperationsFilter filter = createOperationsFilter(this.openAPI, filters);
-                if (filter.parse()) {
-                    // Iterates over each HTTP method in methodMap, retrieves the corresponding Operations from the PathItem,
-                    // and marks it as internal (`x-internal=true`) if the method/operationId/tag/path is not in the filters.
-                    filter.apply(pathsEntry.getKey(), path, methodMap);
-                }
+            if (filter != null && filter.hasFilter()) {
+                // Iterates over each HTTP method in methodMap, retrieves the corresponding Operations from the PathItem,
+                // and marks it as internal (`x-internal=true`) if the method/operationId/tag/path is not in the filters.
+                filter.apply(pathsEntry.getKey(), path, methodMap);
             }
 
             // Include callback operation as well
@@ -603,15 +614,19 @@ protected void normalizeHeaders(Map<String, Header> headers) {
      * Normalizes securitySchemes in components
      */
     protected void normalizeComponentsSecuritySchemes() {
-        if (StringUtils.isEmpty(bearerAuthSecuritySchemeName)) {
-            return;
-        }
-
         Map<String, SecurityScheme> schemes = openAPI.getComponents().getSecuritySchemes();
         if (schemes == null) {
             return;
         }
 
+        SecuritySchemesFilter filter = null;
+        if (Boolean.TRUE.equals(getRule(SECURITY_SCHEMES_FILTER))) {
+            filter = createSecuritySchemesFilter(openAPI, inputRules.get(SECURITY_SCHEMES_FILTER));
+            if (!filter.parse()) {
+                filter = null;
+            }
+        }
+
         for (String schemeKey : schemes.keySet()) {
             if (schemeKey.equals(bearerAuthSecuritySchemeName)) {
                 SecurityScheme scheme = schemes.get(schemeKey);
@@ -626,6 +641,14 @@ protected void normalizeComponentsSecuritySchemes() {
                 scheme.set$ref(null);
                 schemes.put(schemeKey, scheme);
             }
+
+            // At first we transform a scheme to HTTP bearer and then apply the filter.
+            // It may happen that bearer scheme will be filtered out on this step.
+            // To keep the scheme - change filter input.
+            if (filter != null && filter.hasFilter()) {
+                SecurityScheme scheme = schemes.get(schemeKey);
+                filter.apply(schemeKey, scheme);
+            }
         }
     }
 
@@ -1955,7 +1978,7 @@ private void normalizeExclusiveMinMax31(Schema<?> schema) {
 
     // ===================== end of rules =====================
 
-    // Base class for filters. It provides basic parsing logic and utility functions for filters.
+    // Base class for filters. It provides parsing logic and utility functions for filters.
     // All filters should have the same syntax:
     // `filterName:value1|value2|value3` and multiple filters can be separated by `;`.
     protected static abstract class BaseFilter {
@@ -1987,7 +2010,7 @@ public boolean parse() {
                 return hasFilter();
             } catch (RuntimeException e) {
                 String usage = usageMessage();
-                String message = String.format(Locale.ROOT, "%s Input: `%s` Error: %s", usage, input, e.getMessage());
+                String message = String.format(Locale.ROOT, "%s Input: `%s`. Error: %s", usage, input, e.getMessage());
                 // throw an exception. This is a breaking change compared to pre 7.16.0
                 // Workaround: fix the syntax!
                 throw new IllegalArgumentException(message);
@@ -2200,7 +2223,7 @@ protected boolean hasCustomFilterMatch(String schemeKey, SecurityScheme scheme)
         public void apply(String schemeKey, SecurityScheme scheme) {
             boolean found = false;
             found |= logIfMatch(KEY, schemeKey, hasKey(schemeKey));
-            found |= logIfMatch(TYPE, schemeKey, hasType(scheme.getType()));
+            found |= logIfMatch(TYPE, schemeKey, hasType(scheme.getType().toString()));
             found |= hasCustomFilterMatch(schemeKey, scheme);
 
             scheme.addExtension(X_INTERNAL, !found);

modules/openapi-generator/src/test/java/org/openapitools/codegen/OpenAPINormalizerTest.java

@@ -914,7 +914,7 @@ public void testFilterInvalidSyntaxDoesThrow() {
             new OpenAPINormalizer(openAPI, options).normalize();
             fail("Expected IllegalArgumentException");
         } catch (IllegalArgumentException e) {
-            assertEquals(e.getMessage(), "FILTER rule [tag ; invalid] must be in the form of `operationId:name1|name2|name3` or `method:get|post|put` or `tag:tag1|tag2|tag3` or `path:/v1|/v2`. Error: filter with no value not supported :[tag]");
+            assertEquals(e.getMessage(), "FILTER rule must be in the form of `operationId:name1|name2|name3` or `method:get|post|put` or `tag:tag1|tag2|tag3` or `path:/v1|/v2`. Input: `tag ; invalid`. Error: filter with no value not supported :[tag]");
         }
     }
 
@@ -927,10 +927,36 @@ public void testFilterInvalidFilterDoesThrow() {
             new OpenAPINormalizer(openAPI, options).normalize();
             fail("Expected IllegalArgumentException");
         } catch (IllegalArgumentException e) {
-            assertEquals(e.getMessage(), "FILTER rule [method:get ; unknown:test] must be in the form of `operationId:name1|name2|name3` or `method:get|post|put` or `tag:tag1|tag2|tag3` or `path:/v1|/v2`. Error: filter not supported :[unknown:test]");
+            assertEquals(e.getMessage(), "FILTER rule must be in the form of `operationId:name1|name2|name3` or `method:get|post|put` or `tag:tag1|tag2|tag3` or `path:/v1|/v2`. Input: `method:get ; unknown:test`. Error: filter not supported :[unknown:test]");
         }
     }
 
+    @Test
+    public void testSecuritySchemesFilter() {
+        OpenAPI openAPI = TestUtils.parseSpec("src/test/resources/3_1/all_security_schemes.yaml");
+        Map<String, String> options = Map.of("SECURITY_SCHEMES_FILTER", "key:api_key1 ; type:oauth2");
+
+        new OpenAPINormalizer(openAPI, options).normalize();
+
+        System.err.println("Security schemes after filter3: " + openAPI.getComponents().getSecuritySchemes().get("api_key1").toString());
+        System.err.println("Security schemes after filter4: " + openAPI.getComponents().getSecuritySchemes().get("api_key1").getExtensions().toString());
+
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("api_key1").getExtensions().get(X_INTERNAL),
+                false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("api_key2").getExtensions().get(X_INTERNAL),
+                true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("http1").getExtensions().get(X_INTERNAL), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("http2").getExtensions().get(X_INTERNAL), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("mutualTLS1").getExtensions().get(X_INTERNAL), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("mutualTLS2").getExtensions().get(X_INTERNAL), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("oauth2_1").getExtensions().get(X_INTERNAL),
+                false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("oauth2_2").getExtensions().get(X_INTERNAL),
+                false);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("openIdConnect1").getExtensions().get(X_INTERNAL), true);
+        assertEquals(openAPI.getComponents().getSecuritySchemes().get("openIdConnect2").getExtensions().get(X_INTERNAL), true);
+    }
+
 
     @Test
     public void testComposedSchemaDoesNotThrow() {