1use super::generator::ConformanceConfig;
7use super::schema_validator::SchemaValidatorGenerator;
8use super::spec::ConformanceFeature;
9use crate::error::Result;
10use crate::request_gen::RequestGenerator;
11use crate::spec_parser::ApiOperation;
12use openapiv3::{
13 OpenAPI, Operation, Parameter, ParameterSchemaOrContent, ReferenceOr, RequestBody, Response,
14 Schema, SchemaKind, SecurityScheme, StringFormat, Type, VariantOrUnknownOrEmpty,
15};
16use std::collections::HashSet;
17
18mod ref_resolver {
20 use super::*;
21
22 pub fn resolve_parameter<'a>(
23 param_ref: &'a ReferenceOr<Parameter>,
24 spec: &'a OpenAPI,
25 ) -> Option<&'a Parameter> {
26 match param_ref {
27 ReferenceOr::Item(param) => Some(param),
28 ReferenceOr::Reference { reference } => {
29 let name = reference.strip_prefix("#/components/parameters/")?;
30 let components = spec.components.as_ref()?;
31 match components.parameters.get(name)? {
32 ReferenceOr::Item(param) => Some(param),
33 ReferenceOr::Reference {
34 reference: inner_ref,
35 } => {
36 let inner_name = inner_ref.strip_prefix("#/components/parameters/")?;
38 match components.parameters.get(inner_name)? {
39 ReferenceOr::Item(param) => Some(param),
40 ReferenceOr::Reference { .. } => None,
41 }
42 }
43 }
44 }
45 }
46 }
47
48 pub fn resolve_request_body<'a>(
49 body_ref: &'a ReferenceOr<RequestBody>,
50 spec: &'a OpenAPI,
51 ) -> Option<&'a RequestBody> {
52 match body_ref {
53 ReferenceOr::Item(body) => Some(body),
54 ReferenceOr::Reference { reference } => {
55 let name = reference.strip_prefix("#/components/requestBodies/")?;
56 let components = spec.components.as_ref()?;
57 match components.request_bodies.get(name)? {
58 ReferenceOr::Item(body) => Some(body),
59 ReferenceOr::Reference {
60 reference: inner_ref,
61 } => {
62 let inner_name = inner_ref.strip_prefix("#/components/requestBodies/")?;
64 match components.request_bodies.get(inner_name)? {
65 ReferenceOr::Item(body) => Some(body),
66 ReferenceOr::Reference { .. } => None,
67 }
68 }
69 }
70 }
71 }
72 }
73
74 pub fn resolve_schema<'a>(
75 schema_ref: &'a ReferenceOr<Schema>,
76 spec: &'a OpenAPI,
77 ) -> Option<&'a Schema> {
78 resolve_schema_with_visited(schema_ref, spec, &mut HashSet::new())
79 }
80
81 fn resolve_schema_with_visited<'a>(
82 schema_ref: &'a ReferenceOr<Schema>,
83 spec: &'a OpenAPI,
84 visited: &mut HashSet<String>,
85 ) -> Option<&'a Schema> {
86 match schema_ref {
87 ReferenceOr::Item(schema) => Some(schema),
88 ReferenceOr::Reference { reference } => {
89 if !visited.insert(reference.clone()) {
90 return None; }
92 let name = reference.strip_prefix("#/components/schemas/")?;
93 let components = spec.components.as_ref()?;
94 let nested = components.schemas.get(name)?;
95 resolve_schema_with_visited(nested, spec, visited)
96 }
97 }
98 }
99
100 pub fn resolve_boxed_schema<'a>(
102 schema_ref: &'a ReferenceOr<Box<Schema>>,
103 spec: &'a OpenAPI,
104 ) -> Option<&'a Schema> {
105 match schema_ref {
106 ReferenceOr::Item(schema) => Some(schema.as_ref()),
107 ReferenceOr::Reference { reference } => {
108 let name = reference.strip_prefix("#/components/schemas/")?;
110 let components = spec.components.as_ref()?;
111 let nested = components.schemas.get(name)?;
112 resolve_schema_with_visited(nested, spec, &mut HashSet::new())
113 }
114 }
115 }
116
117 pub fn resolve_response<'a>(
118 resp_ref: &'a ReferenceOr<Response>,
119 spec: &'a OpenAPI,
120 ) -> Option<&'a Response> {
121 match resp_ref {
122 ReferenceOr::Item(resp) => Some(resp),
123 ReferenceOr::Reference { reference } => {
124 let name = reference.strip_prefix("#/components/responses/")?;
125 let components = spec.components.as_ref()?;
126 match components.responses.get(name)? {
127 ReferenceOr::Item(resp) => Some(resp),
128 ReferenceOr::Reference {
129 reference: inner_ref,
130 } => {
131 let inner_name = inner_ref.strip_prefix("#/components/responses/")?;
133 match components.responses.get(inner_name)? {
134 ReferenceOr::Item(resp) => Some(resp),
135 ReferenceOr::Reference { .. } => None,
136 }
137 }
138 }
139 }
140 }
141 }
142}
143
144#[derive(Debug, Clone)]
146pub enum SecuritySchemeInfo {
147 Bearer,
149 Basic,
151 ApiKey {
153 location: ApiKeyLocation,
154 name: String,
155 },
156}
157
158#[derive(Debug, Clone, PartialEq)]
160pub enum ApiKeyLocation {
161 Header,
162 Query,
163 Cookie,
164}
165
166#[derive(Debug, Clone)]
168pub struct AnnotatedOperation {
169 pub path: String,
170 pub method: String,
171 pub features: Vec<ConformanceFeature>,
172 pub request_body_content_type: Option<String>,
173 pub sample_body: Option<String>,
174 pub query_params: Vec<(String, String)>,
175 pub header_params: Vec<(String, String)>,
176 pub path_params: Vec<(String, String)>,
177 pub response_schema: Option<Schema>,
179 pub response_schemas: std::collections::BTreeMap<u16, serde_json::Value>,
187 pub request_body_schema: Option<Schema>,
193 pub security_schemes: Vec<SecuritySchemeInfo>,
195}
196
197pub struct SpecDrivenConformanceGenerator {
199 config: ConformanceConfig,
200 operations: Vec<AnnotatedOperation>,
201}
202
203impl SpecDrivenConformanceGenerator {
204 pub fn new(config: ConformanceConfig, operations: Vec<AnnotatedOperation>) -> Self {
205 Self { config, operations }
206 }
207
208 pub fn annotate_operations(
210 operations: &[ApiOperation],
211 spec: &OpenAPI,
212 ) -> Vec<AnnotatedOperation> {
213 operations.iter().map(|op| Self::annotate_operation(op, spec)).collect()
214 }
215
216 fn annotate_operation(op: &ApiOperation, spec: &OpenAPI) -> AnnotatedOperation {
218 let mut features = Vec::new();
219 let mut query_params = Vec::new();
220 let mut header_params = Vec::new();
221 let mut path_params = Vec::new();
222
223 match op.method.to_uppercase().as_str() {
225 "GET" => features.push(ConformanceFeature::MethodGet),
226 "POST" => features.push(ConformanceFeature::MethodPost),
227 "PUT" => features.push(ConformanceFeature::MethodPut),
228 "PATCH" => features.push(ConformanceFeature::MethodPatch),
229 "DELETE" => features.push(ConformanceFeature::MethodDelete),
230 "HEAD" => features.push(ConformanceFeature::MethodHead),
231 "OPTIONS" => features.push(ConformanceFeature::MethodOptions),
232 _ => {}
233 }
234
235 for param_ref in &op.operation.parameters {
237 if let Some(param) = ref_resolver::resolve_parameter(param_ref, spec) {
238 Self::annotate_parameter(
239 param,
240 spec,
241 &mut features,
242 &mut query_params,
243 &mut header_params,
244 &mut path_params,
245 );
246 }
247 }
248
249 for segment in op.path.split('/') {
251 if segment.starts_with('{') && segment.ends_with('}') {
252 let name = &segment[1..segment.len() - 1];
253 if !path_params.iter().any(|(n, _)| n == name) {
255 path_params.push((name.to_string(), "test-value".to_string()));
256 if !features.contains(&ConformanceFeature::PathParamString)
258 && !features.contains(&ConformanceFeature::PathParamInteger)
259 {
260 features.push(ConformanceFeature::PathParamString);
261 }
262 }
263 }
264 }
265
266 let mut request_body_content_type = None;
268 let mut sample_body = None;
269 let mut request_body_schema: Option<Schema> = None;
270
271 let resolved_body = op
272 .operation
273 .request_body
274 .as_ref()
275 .and_then(|b| ref_resolver::resolve_request_body(b, spec));
276
277 if let Some(body) = resolved_body {
278 for (content_type, _media) in &body.content {
279 match content_type.as_str() {
280 "application/json" => {
281 features.push(ConformanceFeature::BodyJson);
282 request_body_content_type = Some("application/json".to_string());
283 if let Ok(template) = RequestGenerator::generate_template(op) {
285 if let Some(body_val) = &template.body {
286 sample_body = Some(body_val.to_string());
287 }
288 }
289 }
290 "application/x-www-form-urlencoded" => {
291 features.push(ConformanceFeature::BodyFormUrlencoded);
292 request_body_content_type =
293 Some("application/x-www-form-urlencoded".to_string());
294 }
295 "multipart/form-data" => {
296 features.push(ConformanceFeature::BodyMultipart);
297 request_body_content_type = Some("multipart/form-data".to_string());
298 }
299 _ => {}
300 }
301 }
302
303 if let Some(media) = body.content.get("application/json") {
305 if let Some(schema_ref) = &media.schema {
306 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
307 Self::annotate_schema(schema, spec, &mut features);
308 request_body_schema = Some(schema.clone());
312 }
313 }
314 }
315 }
316
317 Self::annotate_responses(&op.operation, spec, &mut features);
319
320 let response_schema = Self::extract_response_schema(&op.operation, spec);
322 if response_schema.is_some() {
323 features.push(ConformanceFeature::ResponseValidation);
324 }
325 let response_schemas = Self::extract_response_schemas_per_status(&op.operation, spec);
327
328 Self::annotate_content_negotiation(&op.operation, spec, &mut features);
330
331 let mut security_schemes = Vec::new();
333 Self::annotate_security(&op.operation, spec, &mut features, &mut security_schemes);
334
335 features.sort_by_key(|f| f.check_name());
337 features.dedup_by_key(|f| f.check_name());
338
339 AnnotatedOperation {
340 path: op.path.clone(),
341 method: op.method.to_uppercase(),
342 features,
343 request_body_content_type,
344 sample_body,
345 query_params,
346 header_params,
347 path_params,
348 response_schema,
349 response_schemas,
350 request_body_schema,
351 security_schemes,
352 }
353 }
354
355 fn annotate_parameter(
357 param: &Parameter,
358 spec: &OpenAPI,
359 features: &mut Vec<ConformanceFeature>,
360 query_params: &mut Vec<(String, String)>,
361 header_params: &mut Vec<(String, String)>,
362 path_params: &mut Vec<(String, String)>,
363 ) {
364 let (location, data) = match param {
365 Parameter::Query { parameter_data, .. } => ("query", parameter_data),
366 Parameter::Path { parameter_data, .. } => ("path", parameter_data),
367 Parameter::Header { parameter_data, .. } => ("header", parameter_data),
368 Parameter::Cookie { .. } => {
369 features.push(ConformanceFeature::CookieParam);
370 return;
371 }
372 };
373
374 let is_integer = Self::param_schema_is_integer(data, spec);
376 let is_array = Self::param_schema_is_array(data, spec);
377
378 let sample = if is_integer {
380 "42".to_string()
381 } else if is_array {
382 "a,b".to_string()
383 } else {
384 "test-value".to_string()
385 };
386
387 match location {
388 "path" => {
389 if is_integer {
390 features.push(ConformanceFeature::PathParamInteger);
391 } else {
392 features.push(ConformanceFeature::PathParamString);
393 }
394 path_params.push((data.name.clone(), sample));
395 }
396 "query" => {
397 if is_array {
398 features.push(ConformanceFeature::QueryParamArray);
399 } else if is_integer {
400 features.push(ConformanceFeature::QueryParamInteger);
401 } else {
402 features.push(ConformanceFeature::QueryParamString);
403 }
404 query_params.push((data.name.clone(), sample));
405 }
406 "header" => {
407 features.push(ConformanceFeature::HeaderParam);
408 header_params.push((data.name.clone(), sample));
409 }
410 _ => {}
411 }
412
413 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
415 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
416 Self::annotate_schema(schema, spec, features);
417 }
418 }
419
420 if data.required {
422 features.push(ConformanceFeature::ConstraintRequired);
423 } else {
424 features.push(ConformanceFeature::ConstraintOptional);
425 }
426 }
427
428 fn param_schema_is_integer(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
429 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
430 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
431 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Integer(_)));
432 }
433 }
434 false
435 }
436
437 fn param_schema_is_array(data: &openapiv3::ParameterData, spec: &OpenAPI) -> bool {
438 if let ParameterSchemaOrContent::Schema(schema_ref) = &data.format {
439 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
440 return matches!(&schema.schema_kind, SchemaKind::Type(Type::Array(_)));
441 }
442 }
443 false
444 }
445
446 fn annotate_schema(schema: &Schema, spec: &OpenAPI, features: &mut Vec<ConformanceFeature>) {
448 match &schema.schema_kind {
449 SchemaKind::Type(Type::String(s)) => {
450 features.push(ConformanceFeature::SchemaString);
451 match &s.format {
453 VariantOrUnknownOrEmpty::Item(StringFormat::Date) => {
454 features.push(ConformanceFeature::FormatDate);
455 }
456 VariantOrUnknownOrEmpty::Item(StringFormat::DateTime) => {
457 features.push(ConformanceFeature::FormatDateTime);
458 }
459 VariantOrUnknownOrEmpty::Unknown(fmt) => match fmt.as_str() {
460 "email" => features.push(ConformanceFeature::FormatEmail),
461 "uuid" => features.push(ConformanceFeature::FormatUuid),
462 "uri" | "url" => features.push(ConformanceFeature::FormatUri),
463 "ipv4" => features.push(ConformanceFeature::FormatIpv4),
464 "ipv6" => features.push(ConformanceFeature::FormatIpv6),
465 _ => {}
466 },
467 _ => {}
468 }
469 if s.pattern.is_some() {
471 features.push(ConformanceFeature::ConstraintPattern);
472 }
473 if !s.enumeration.is_empty() {
474 features.push(ConformanceFeature::ConstraintEnum);
475 }
476 if s.min_length.is_some() || s.max_length.is_some() {
477 features.push(ConformanceFeature::ConstraintMinMax);
478 }
479 }
480 SchemaKind::Type(Type::Integer(i)) => {
481 features.push(ConformanceFeature::SchemaInteger);
482 if i.minimum.is_some() || i.maximum.is_some() {
483 features.push(ConformanceFeature::ConstraintMinMax);
484 }
485 if !i.enumeration.is_empty() {
486 features.push(ConformanceFeature::ConstraintEnum);
487 }
488 }
489 SchemaKind::Type(Type::Number(n)) => {
490 features.push(ConformanceFeature::SchemaNumber);
491 if n.minimum.is_some() || n.maximum.is_some() {
492 features.push(ConformanceFeature::ConstraintMinMax);
493 }
494 }
495 SchemaKind::Type(Type::Boolean(_)) => {
496 features.push(ConformanceFeature::SchemaBoolean);
497 }
498 SchemaKind::Type(Type::Array(arr)) => {
499 features.push(ConformanceFeature::SchemaArray);
500 if let Some(item_ref) = &arr.items {
501 if let Some(item_schema) = ref_resolver::resolve_boxed_schema(item_ref, spec) {
502 Self::annotate_schema(item_schema, spec, features);
503 }
504 }
505 }
506 SchemaKind::Type(Type::Object(obj)) => {
507 features.push(ConformanceFeature::SchemaObject);
508 if !obj.required.is_empty() {
510 features.push(ConformanceFeature::ConstraintRequired);
511 }
512 for (_name, prop_ref) in &obj.properties {
514 if let Some(prop_schema) = ref_resolver::resolve_boxed_schema(prop_ref, spec) {
515 Self::annotate_schema(prop_schema, spec, features);
516 }
517 }
518 }
519 SchemaKind::OneOf { .. } => {
520 features.push(ConformanceFeature::CompositionOneOf);
521 }
522 SchemaKind::AnyOf { .. } => {
523 features.push(ConformanceFeature::CompositionAnyOf);
524 }
525 SchemaKind::AllOf { .. } => {
526 features.push(ConformanceFeature::CompositionAllOf);
527 }
528 _ => {}
529 }
530 }
531
532 fn annotate_responses(
534 operation: &Operation,
535 spec: &OpenAPI,
536 features: &mut Vec<ConformanceFeature>,
537 ) {
538 for (status_code, resp_ref) in &operation.responses.responses {
539 if ref_resolver::resolve_response(resp_ref, spec).is_some() {
541 match status_code {
542 openapiv3::StatusCode::Code(200) => {
543 features.push(ConformanceFeature::Response200)
544 }
545 openapiv3::StatusCode::Code(201) => {
546 features.push(ConformanceFeature::Response201)
547 }
548 openapiv3::StatusCode::Code(204) => {
549 features.push(ConformanceFeature::Response204)
550 }
551 openapiv3::StatusCode::Code(400) => {
552 features.push(ConformanceFeature::Response400)
553 }
554 openapiv3::StatusCode::Code(404) => {
555 features.push(ConformanceFeature::Response404)
556 }
557 _ => {}
558 }
559 }
560 }
561 }
562
563 fn extract_response_schemas_per_status(
569 operation: &Operation,
570 spec: &OpenAPI,
571 ) -> std::collections::BTreeMap<u16, serde_json::Value> {
572 let mut out = std::collections::BTreeMap::new();
573 for (code, resp_ref) in &operation.responses.responses {
574 let openapiv3::StatusCode::Code(n) = code else {
575 continue; };
577 let Some(response) = ref_resolver::resolve_response(resp_ref, spec) else {
578 continue;
579 };
580 let Some(media) = response.content.get("application/json") else {
581 continue;
582 };
583 let Some(schema_ref) = &media.schema else {
584 continue;
585 };
586 let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) else {
587 continue;
588 };
589 if let Ok(value) = serde_json::to_value(schema) {
592 out.insert(*n, value);
593 }
594 }
595 out
596 }
597
598 fn extract_response_schema(operation: &Operation, spec: &OpenAPI) -> Option<Schema> {
601 for code in [200u16, 201] {
603 if let Some(resp_ref) =
604 operation.responses.responses.get(&openapiv3::StatusCode::Code(code))
605 {
606 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
607 if let Some(media) = response.content.get("application/json") {
608 if let Some(schema_ref) = &media.schema {
609 if let Some(schema) = ref_resolver::resolve_schema(schema_ref, spec) {
610 return Some(schema.clone());
611 }
612 }
613 }
614 }
615 }
616 }
617 None
618 }
619
620 fn annotate_content_negotiation(
622 operation: &Operation,
623 spec: &OpenAPI,
624 features: &mut Vec<ConformanceFeature>,
625 ) {
626 for (_status_code, resp_ref) in &operation.responses.responses {
627 if let Some(response) = ref_resolver::resolve_response(resp_ref, spec) {
628 if response.content.len() > 1 {
629 features.push(ConformanceFeature::ContentNegotiation);
630 return; }
632 }
633 }
634 }
635
636 fn annotate_security(
640 operation: &Operation,
641 spec: &OpenAPI,
642 features: &mut Vec<ConformanceFeature>,
643 security_schemes: &mut Vec<SecuritySchemeInfo>,
644 ) {
645 let security_reqs = operation.security.as_ref().or(spec.security.as_ref());
647
648 if let Some(security) = security_reqs {
649 for security_req in security {
650 for scheme_name in security_req.keys() {
651 if let Some(resolved) = Self::resolve_security_scheme(scheme_name, spec) {
653 match resolved {
654 SecurityScheme::HTTP { ref scheme, .. } => {
655 if scheme.eq_ignore_ascii_case("bearer") {
656 features.push(ConformanceFeature::SecurityBearer);
657 security_schemes.push(SecuritySchemeInfo::Bearer);
658 } else if scheme.eq_ignore_ascii_case("basic") {
659 features.push(ConformanceFeature::SecurityBasic);
660 security_schemes.push(SecuritySchemeInfo::Basic);
661 }
662 }
663 SecurityScheme::APIKey { location, name, .. } => {
664 features.push(ConformanceFeature::SecurityApiKey);
665 let loc = match location {
666 openapiv3::APIKeyLocation::Query => ApiKeyLocation::Query,
667 openapiv3::APIKeyLocation::Header => ApiKeyLocation::Header,
668 openapiv3::APIKeyLocation::Cookie => ApiKeyLocation::Cookie,
669 };
670 security_schemes.push(SecuritySchemeInfo::ApiKey {
671 location: loc,
672 name: name.clone(),
673 });
674 }
675 _ => {}
677 }
678 } else {
679 let name_lower = scheme_name.to_lowercase();
681 if name_lower.contains("bearer") || name_lower.contains("jwt") {
682 features.push(ConformanceFeature::SecurityBearer);
683 security_schemes.push(SecuritySchemeInfo::Bearer);
684 } else if name_lower.contains("api") && name_lower.contains("key") {
685 features.push(ConformanceFeature::SecurityApiKey);
686 security_schemes.push(SecuritySchemeInfo::ApiKey {
687 location: ApiKeyLocation::Header,
688 name: "X-API-Key".to_string(),
689 });
690 } else if name_lower.contains("basic") {
691 features.push(ConformanceFeature::SecurityBasic);
692 security_schemes.push(SecuritySchemeInfo::Basic);
693 }
694 }
695 }
696 }
697 }
698 }
699
700 fn resolve_security_scheme<'a>(name: &str, spec: &'a OpenAPI) -> Option<&'a SecurityScheme> {
702 let components = spec.components.as_ref()?;
703 match components.security_schemes.get(name)? {
704 ReferenceOr::Item(scheme) => Some(scheme),
705 ReferenceOr::Reference { .. } => None,
706 }
707 }
708
709 pub fn operation_count(&self) -> usize {
711 self.operations.len()
712 }
713
714 pub fn generate(&self) -> Result<(String, usize)> {
717 let mut script = String::with_capacity(16384);
718
719 script.push_str("import http from 'k6/http';\n");
721 script.push_str("import { check, group } from 'k6';\n");
722 if self.config.request_delay_ms > 0 {
723 script.push_str("import { sleep } from 'k6';\n");
724 }
725 script.push('\n');
726
727 script.push_str(
731 "http.setResponseCallback(http.expectedStatuses({ min: 100, max: 599 }));\n\n",
732 );
733
734 script.push_str("export const options = {\n");
736 script.push_str(" vus: 1,\n");
737 script.push_str(" iterations: 1,\n");
738 if self.config.skip_tls_verify {
739 script.push_str(" insecureSkipTLSVerify: true,\n");
740 }
741 script.push_str(" thresholds: {\n");
742 script.push_str(" checks: ['rate>0'],\n");
743 script.push_str(" },\n");
744 script.push_str("};\n\n");
745
746 script.push_str(&format!("const BASE_URL = '{}';\n\n", self.config.effective_base_url()));
748 script.push_str("const JSON_HEADERS = { 'Content-Type': 'application/json' };\n\n");
749
750 let custom_emit = self.config.generate_custom_group()?;
754 if let Some(emit) = &custom_emit {
755 if !emit.init_code.is_empty() {
756 script.push_str("// Round 39 (#79) — preloaded upload bytes for custom checks\n");
757 script.push_str(&emit.init_code);
758 script.push('\n');
759 }
760 }
761
762 script
765 .push_str("function __captureFailure(checkName, res, expected, schemaViolations) {\n");
766 script.push_str(" let bodyStr = '';\n");
767 script.push_str(" try { bodyStr = res.body ? res.body.substring(0, 2000) : ''; } catch(e) { bodyStr = '<unreadable>'; }\n");
768 script.push_str(" let reqHeaders = {};\n");
769 script.push_str(
770 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
771 );
772 script.push_str(" let reqBody = '';\n");
773 script.push_str(" if (res.request && res.request.body) { try { reqBody = res.request.body.substring(0, 2000); } catch(e) {} }\n");
774 script.push_str(" let payload = {\n");
775 script.push_str(" check: checkName,\n");
776 script.push_str(" request: {\n");
777 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
778 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
779 script.push_str(" headers: reqHeaders,\n");
780 script.push_str(" body: reqBody,\n");
781 script.push_str(" },\n");
782 script.push_str(" response: {\n");
783 script.push_str(" status: res.status,\n");
784 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 20)) : {},\n");
785 script.push_str(" body: bodyStr,\n");
786 script.push_str(" },\n");
787 script.push_str(" expected: expected,\n");
788 script.push_str(" };\n");
789 script.push_str(" if (schemaViolations && schemaViolations.length > 0) { payload.schema_violations = schemaViolations; }\n");
790 script.push_str(" console.log('MOCKFORGE_FAILURE:' + JSON.stringify(payload));\n");
791 script.push_str("}\n\n");
792
793 if self.config.export_requests {
802 script.push_str("function __captureExchange(checkName, res) {\n");
803 script.push_str(" try {\n");
804 script.push_str(" let bodyStr = '';\n");
805 script.push_str(" try { bodyStr = res.body ? res.body.substring(0, 2000) : ''; } catch(e) { bodyStr = '<unreadable>'; }\n");
806 script.push_str(" let reqHeaders = {};\n");
807 script.push_str(
808 " if (res.request && res.request.headers) { reqHeaders = res.request.headers; }\n",
809 );
810 script.push_str(" let reqBody = '';\n");
811 script.push_str(" if (res.request && res.request.body) { try { reqBody = res.request.body.substring(0, 2000); } catch(e) {} }\n");
812 script.push_str(
817 " if (!reqBody) {\n\
818 \x20\x20\x20\x20\x20\x20const ct = (reqHeaders['Content-Type'] || reqHeaders['content-type'] || '').toString();\n\
819 \x20\x20\x20\x20\x20\x20if (ct.startsWith('multipart/')) reqBody = '<multipart upload; body bytes not surfaced by k6 res.request.body>';\n\
820 \x20\x20\x20\x20}\n",
821 );
822 script.push_str(" console.log('MOCKFORGE_EXCHANGE:' + JSON.stringify({\n");
823 script.push_str(" check: checkName,\n");
824 script.push_str(" request: {\n");
825 script.push_str(" method: res.request ? res.request.method : 'unknown',\n");
826 script.push_str(" url: res.request ? res.request.url : res.url || 'unknown',\n");
827 script.push_str(" headers: reqHeaders,\n");
828 script.push_str(" body: reqBody,\n");
829 script.push_str(" },\n");
830 script.push_str(" response: {\n");
831 script.push_str(" status: res.status,\n");
832 script.push_str(" headers: res.headers ? Object.fromEntries(Object.entries(res.headers).slice(0, 30)) : {},\n");
833 script.push_str(" body: bodyStr,\n");
834 script.push_str(" },\n");
835 script.push_str(" }));\n");
836 script.push_str(" } catch (e) {\n");
837 script.push_str(" try {\n");
838 script.push_str(" console.log('MOCKFORGE_EXCHANGE:' + JSON.stringify({\n");
839 script.push_str(" check: checkName,\n");
840 script.push_str(" request: {\n");
841 script.push_str(
842 " method: (res && res.request) ? res.request.method : 'unknown',\n",
843 );
844 script.push_str(" url: (res && res.request) ? res.request.url : (res && res.url) || 'unknown',\n");
845 script.push_str(" headers: {},\n");
846 script.push_str(" body: '<exchange capture failed: ' + (e && e.message ? e.message : 'unknown error') + '>',\n");
847 script.push_str(" },\n");
848 script.push_str(" response: {\n");
849 script.push_str(" status: (res && res.status) || 0,\n");
850 script.push_str(" headers: {},\n");
851 script.push_str(" body: '',\n");
852 script.push_str(" },\n");
853 script.push_str(" _export_error: (e && e.message) ? e.message : String(e),\n");
854 script.push_str(" }));\n");
855 script.push_str(" } catch (e2) {\n");
856 script.push_str(" console.log('MOCKFORGE_EXCHANGE:{\"check\":\"' + checkName + '\",\"request\":{\"method\":\"unknown\",\"url\":\"unknown\",\"headers\":{},\"body\":\"\"},\"response\":{\"status\":0,\"headers\":{},\"body\":\"\"},\"_export_error\":\"double-fault\"}');\n");
857 script.push_str(" }\n");
858 script.push_str(" }\n");
859 script.push_str("}\n\n");
860 }
861
862 script.push_str("export default function () {\n");
864
865 if self.config.has_cookie_header() {
866 script.push_str(
867 " // Clear cookie jar to prevent server Set-Cookie from duplicating custom Cookie header\n",
868 );
869 script.push_str(" http.cookieJar().clear(BASE_URL);\n\n");
870 }
871
872 let mut category_ops: std::collections::BTreeMap<
874 &'static str,
875 Vec<(&AnnotatedOperation, &ConformanceFeature)>,
876 > = std::collections::BTreeMap::new();
877
878 for op in &self.operations {
879 for feature in &op.features {
880 let category = feature.category();
881 if self.config.should_include_category(category) {
882 category_ops.entry(category).or_default().push((op, feature));
883 }
884 }
885 }
886
887 let mut total_checks = 0usize;
889 for (category, ops) in &category_ops {
890 script.push_str(&format!(" group('{}', function () {{\n", category));
891
892 if self.config.all_operations {
893 let mut emitted_checks: HashSet<String> = HashSet::new();
895 for (op, feature) in ops {
896 let qualified = format!("{}:{}", feature.check_name(), op.path);
897 if emitted_checks.insert(qualified.clone()) {
898 self.emit_check_named(&mut script, op, feature, &qualified);
899 total_checks += 1;
900 }
901 }
902 } else {
903 let mut emitted_features: HashSet<&str> = HashSet::new();
906 for (op, feature) in ops {
907 if emitted_features.insert(feature.check_name()) {
908 let qualified = format!("{}:{}", feature.check_name(), op.path);
909 self.emit_check_named(&mut script, op, feature, &qualified);
910 total_checks += 1;
911 }
912 }
913 }
914
915 script.push_str(" });\n\n");
916 }
917
918 if let Some(emit) = custom_emit {
922 script.push_str(&emit.group_body);
923 }
924
925 script.push_str("}\n\n");
926
927 self.generate_handle_summary(&mut script);
929
930 Ok((script, total_checks))
931 }
932
933 fn emit_check_named(
935 &self,
936 script: &mut String,
937 op: &AnnotatedOperation,
938 feature: &ConformanceFeature,
939 check_name: &str,
940 ) {
941 let check_name = check_name.replace('\'', "\\'");
943 let check_name = check_name.as_str();
944
945 script.push_str(" {\n");
946
947 let mut url_path = op.path.clone();
949 for (name, value) in &op.path_params {
950 url_path = url_path.replace(&format!("{{{}}}", name), value);
951 }
952
953 if !op.query_params.is_empty() {
955 let qs: Vec<String> =
956 op.query_params.iter().map(|(k, v)| format!("{}={}", k, v)).collect();
957 url_path = format!("{}?{}", url_path, qs.join("&"));
958 }
959
960 let full_url = format!("${{BASE_URL}}{}", url_path);
961
962 let mut effective_headers = self.effective_headers(&op.header_params);
965
966 if matches!(feature, ConformanceFeature::Response400 | ConformanceFeature::Response404) {
969 let expected_code = match feature {
970 ConformanceFeature::Response400 => "400",
971 ConformanceFeature::Response404 => "404",
972 _ => unreachable!(),
973 };
974 effective_headers
975 .push(("X-Mockforge-Response-Status".to_string(), expected_code.to_string()));
976 }
977
978 let needs_auth = matches!(
982 feature,
983 ConformanceFeature::SecurityBearer
984 | ConformanceFeature::SecurityBasic
985 | ConformanceFeature::SecurityApiKey
986 ) || !op.security_schemes.is_empty();
987
988 if needs_auth {
989 self.inject_security_headers(&op.security_schemes, &mut effective_headers);
990 }
991
992 let has_headers = !effective_headers.is_empty();
993 let headers_obj = if has_headers {
994 Self::format_headers(&effective_headers)
995 } else {
996 String::new()
997 };
998
999 match op.method.as_str() {
1001 "GET" => {
1002 if has_headers {
1003 script.push_str(&format!(
1004 " let res = http.get(`{}`, {{ headers: {} }});\n",
1005 full_url, headers_obj
1006 ));
1007 } else {
1008 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
1009 }
1010 }
1011 "POST" => {
1012 self.emit_request_with_body(script, "post", &full_url, op, &effective_headers);
1013 }
1014 "PUT" => {
1015 self.emit_request_with_body(script, "put", &full_url, op, &effective_headers);
1016 }
1017 "PATCH" => {
1018 self.emit_request_with_body(script, "patch", &full_url, op, &effective_headers);
1019 }
1020 "DELETE" => {
1021 if has_headers {
1022 script.push_str(&format!(
1023 " let res = http.del(`{}`, null, {{ headers: {} }});\n",
1024 full_url, headers_obj
1025 ));
1026 } else {
1027 script.push_str(&format!(" let res = http.del(`{}`);\n", full_url));
1028 }
1029 }
1030 "HEAD" => {
1031 if has_headers {
1032 script.push_str(&format!(
1033 " let res = http.head(`{}`, {{ headers: {} }});\n",
1034 full_url, headers_obj
1035 ));
1036 } else {
1037 script.push_str(&format!(" let res = http.head(`{}`);\n", full_url));
1038 }
1039 }
1040 "OPTIONS" => {
1041 if has_headers {
1042 script.push_str(&format!(
1043 " let res = http.options(`{}`, null, {{ headers: {} }});\n",
1044 full_url, headers_obj
1045 ));
1046 } else {
1047 script.push_str(&format!(" let res = http.options(`{}`);\n", full_url));
1048 }
1049 }
1050 _ => {
1051 if has_headers {
1052 script.push_str(&format!(
1053 " let res = http.get(`{}`, {{ headers: {} }});\n",
1054 full_url, headers_obj
1055 ));
1056 } else {
1057 script.push_str(&format!(" let res = http.get(`{}`);\n", full_url));
1058 }
1059 }
1060 }
1061
1062 if self.config.export_requests {
1065 script.push_str(&format!(
1066 " if (typeof __captureExchange === 'function') __captureExchange('{}', res);\n",
1067 check_name
1068 ));
1069 }
1070
1071 if matches!(
1073 feature,
1074 ConformanceFeature::Response200
1075 | ConformanceFeature::Response201
1076 | ConformanceFeature::Response204
1077 | ConformanceFeature::Response400
1078 | ConformanceFeature::Response404
1079 ) {
1080 let expected_code = match feature {
1081 ConformanceFeature::Response200 => 200,
1082 ConformanceFeature::Response201 => 201,
1083 ConformanceFeature::Response204 => 204,
1084 ConformanceFeature::Response400 => 400,
1085 ConformanceFeature::Response404 => 404,
1086 _ => 200,
1087 };
1088 script.push_str(&format!(
1089 " {{ let ok = check(res, {{ '{}': (r) => r.status === {} }}); if (!ok) __captureFailure('{}', res, 'status === {}'); }}\n",
1090 check_name, expected_code, check_name, expected_code
1091 ));
1092 } else if matches!(feature, ConformanceFeature::ResponseValidation) {
1093 if let Some(schema) = &op.response_schema {
1098 let validation_js = SchemaValidatorGenerator::generate_validation(schema);
1099 let schema_json = serde_json::to_string(schema).unwrap_or_default();
1100 let schema_json_escaped = schema_json.replace('\\', "\\\\").replace('`', "\\`");
1102 script.push_str(&format!(
1103 concat!(
1104 " try {{\n",
1105 " let body = res.json();\n",
1106 " let ok = check(res, {{ '{check}': (r) => ( {validation} ) }});\n",
1107 " if (!ok) {{\n",
1108 " let __violations = [];\n",
1109 " try {{\n",
1110 " let __schema = JSON.parse(`{schema}`);\n",
1111 " function __collectErrors(schema, data, path) {{\n",
1112 " if (!schema || typeof schema !== 'object') return;\n",
1113 " let st = schema.type || (schema.schema_kind && schema.schema_kind.Type && Object.keys(schema.schema_kind.Type)[0]);\n",
1114 " if (st) {{ st = st.toLowerCase(); }}\n",
1115 " if (st === 'object') {{\n",
1116 " if (typeof data !== 'object' || data === null) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'object', actual: typeof data }}); return; }}\n",
1117 " let props = schema.properties || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.properties) || {{}};\n",
1118 " let req = schema.required || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Object && schema.schema_kind.Type.Object.required) || [];\n",
1119 " for (let f of req) {{ if (!(f in data)) {{ __violations.push({{ field_path: path + '/' + f, violation_type: 'required', expected: 'present', actual: 'missing' }}); }} }}\n",
1120 " for (let [k, v] of Object.entries(props)) {{ if (data[k] !== undefined) {{ let ps = v.Item || v; __collectErrors(ps, data[k], path + '/' + k); }} }}\n",
1121 " }} else if (st === 'array') {{\n",
1122 " if (!Array.isArray(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'array', actual: typeof data }}); return; }}\n",
1123 " let items = schema.items || (schema.schema_kind && schema.schema_kind.Type && schema.schema_kind.Type.Array && schema.schema_kind.Type.Array.items);\n",
1124 " if (items) {{ let is = items.Item || items; for (let i = 0; i < Math.min(data.length, 5); i++) {{ __collectErrors(is, data[i], path + '/' + i); }} }}\n",
1125 " }} else if (st === 'string') {{\n",
1126 " if (typeof data !== 'string') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'string', actual: typeof data }}); }}\n",
1127 " }} else if (st === 'integer') {{\n",
1128 " if (typeof data !== 'number' || !Number.isInteger(data)) {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'integer', actual: typeof data }}); }}\n",
1129 " }} else if (st === 'number') {{\n",
1130 " if (typeof data !== 'number') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'number', actual: typeof data }}); }}\n",
1131 " }} else if (st === 'boolean') {{\n",
1132 " if (typeof data !== 'boolean') {{ __violations.push({{ field_path: path || '/', violation_type: 'type', expected: 'boolean', actual: typeof data }}); }}\n",
1133 " }}\n",
1134 " }}\n",
1135 " __collectErrors(__schema, body, '');\n",
1136 " }} catch(_e) {{}}\n",
1137 " __captureFailure('{check}', res, 'schema validation', __violations);\n",
1138 " }}\n",
1139 " }} catch(e) {{ check(res, {{ '{check}': () => false }}); __captureFailure('{check}', res, 'JSON parse failed: ' + e.message); }}\n",
1140 ),
1141 check = check_name,
1142 validation = validation_js,
1143 schema = schema_json_escaped,
1144 ));
1145 }
1146 } else if matches!(
1147 feature,
1148 ConformanceFeature::SecurityBearer
1149 | ConformanceFeature::SecurityBasic
1150 | ConformanceFeature::SecurityApiKey
1151 ) {
1152 script.push_str(&format!(
1154 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 400 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 400 (auth accepted)'); }}\n",
1155 check_name, check_name
1156 ));
1157 } else {
1158 script.push_str(&format!(
1159 " {{ let ok = check(res, {{ '{}': (r) => r.status >= 200 && r.status < 500 }}); if (!ok) __captureFailure('{}', res, 'status >= 200 && status < 500'); }}\n",
1160 check_name, check_name
1161 ));
1162 }
1163
1164 let has_cookie = self.config.has_cookie_header()
1166 || effective_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case("Cookie"));
1167 if has_cookie {
1168 script.push_str(" http.cookieJar().clear(BASE_URL);\n");
1169 }
1170
1171 script.push_str(" }\n");
1172
1173 if self.config.request_delay_ms > 0 {
1175 script.push_str(&format!(
1176 " sleep({:.3});\n",
1177 self.config.request_delay_ms as f64 / 1000.0
1178 ));
1179 }
1180 }
1181
1182 fn emit_request_with_body(
1184 &self,
1185 script: &mut String,
1186 method: &str,
1187 url: &str,
1188 op: &AnnotatedOperation,
1189 effective_headers: &[(String, String)],
1190 ) {
1191 if let Some(body) = &op.sample_body {
1192 let escaped_body = body.replace('\'', "\\'");
1193 let headers = if !effective_headers.is_empty() {
1194 format!(
1195 "Object.assign({{}}, JSON_HEADERS, {})",
1196 Self::format_headers(effective_headers)
1197 )
1198 } else {
1199 "JSON_HEADERS".to_string()
1200 };
1201 script.push_str(&format!(
1202 " let res = http.{}(`{}`, '{}', {{ headers: {} }});\n",
1203 method, url, escaped_body, headers
1204 ));
1205 } else if !effective_headers.is_empty() {
1206 script.push_str(&format!(
1207 " let res = http.{}(`{}`, null, {{ headers: {} }});\n",
1208 method,
1209 url,
1210 Self::format_headers(effective_headers)
1211 ));
1212 } else {
1213 script.push_str(&format!(" let res = http.{}(`{}`, null);\n", method, url));
1214 }
1215 }
1216
1217 fn effective_headers(&self, spec_headers: &[(String, String)]) -> Vec<(String, String)> {
1221 let custom = &self.config.custom_headers;
1222 if custom.is_empty() {
1223 return spec_headers.to_vec();
1224 }
1225
1226 let mut result: Vec<(String, String)> = Vec::new();
1227
1228 for (name, value) in spec_headers {
1230 if let Some((_, custom_val)) =
1231 custom.iter().find(|(cn, _)| cn.eq_ignore_ascii_case(name))
1232 {
1233 result.push((name.clone(), custom_val.clone()));
1234 } else {
1235 result.push((name.clone(), value.clone()));
1236 }
1237 }
1238
1239 for (name, value) in custom {
1241 if !spec_headers.iter().any(|(sn, _)| sn.eq_ignore_ascii_case(name)) {
1242 result.push((name.clone(), value.clone()));
1243 }
1244 }
1245
1246 result
1247 }
1248
1249 fn inject_security_headers(
1252 &self,
1253 schemes: &[SecuritySchemeInfo],
1254 headers: &mut Vec<(String, String)>,
1255 ) {
1256 let mut to_add: Vec<(String, String)> = Vec::new();
1257
1258 let has_header = |name: &str, headers: &[(String, String)]| {
1259 headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1260 || self.config.custom_headers.iter().any(|(h, _)| h.eq_ignore_ascii_case(name))
1261 };
1262
1263 let has_cookie_auth = has_header("Cookie", headers);
1265
1266 for scheme in schemes {
1267 match scheme {
1268 SecuritySchemeInfo::Bearer => {
1269 if !has_cookie_auth && !has_header("Authorization", headers) {
1270 to_add.push((
1272 "Authorization".to_string(),
1273 "Bearer mockforge-conformance-test-token".to_string(),
1274 ));
1275 }
1276 }
1277 SecuritySchemeInfo::Basic => {
1278 if !has_cookie_auth && !has_header("Authorization", headers) {
1279 let creds = self.config.basic_auth.as_deref().unwrap_or("test:test");
1280 use base64::Engine;
1281 let encoded =
1282 base64::engine::general_purpose::STANDARD.encode(creds.as_bytes());
1283 to_add.push(("Authorization".to_string(), format!("Basic {}", encoded)));
1284 }
1285 }
1286 SecuritySchemeInfo::ApiKey { location, name } => match location {
1287 ApiKeyLocation::Header => {
1288 if !has_header(name, headers) {
1289 let key = self
1290 .config
1291 .api_key
1292 .as_deref()
1293 .unwrap_or("mockforge-conformance-test-key");
1294 to_add.push((name.clone(), key.to_string()));
1295 }
1296 }
1297 ApiKeyLocation::Cookie => {
1298 if !has_header("Cookie", headers) {
1299 to_add.push((
1300 "Cookie".to_string(),
1301 format!("{}=mockforge-conformance-test-session", name),
1302 ));
1303 }
1304 }
1305 ApiKeyLocation::Query => {
1306 }
1308 },
1309 }
1310 }
1311
1312 headers.extend(to_add);
1313 }
1314
1315 fn format_headers(headers: &[(String, String)]) -> String {
1317 let entries: Vec<String> = headers
1318 .iter()
1319 .map(|(k, v)| format!("'{}': '{}'", k, v.replace('\'', "\\'")))
1320 .collect();
1321 format!("{{ {} }}", entries.join(", "))
1322 }
1323
1324 fn generate_handle_summary(&self, script: &mut String) {
1326 let report_path = match &self.config.output_dir {
1328 Some(dir) => {
1329 let abs = std::fs::canonicalize(dir)
1330 .unwrap_or_else(|_| dir.clone())
1331 .join("conformance-report.json");
1332 abs.to_string_lossy().to_string()
1333 }
1334 None => "conformance-report.json".to_string(),
1335 };
1336
1337 script.push_str("export function handleSummary(data) {\n");
1338 script.push_str(" let checks = {};\n");
1339 script.push_str(" if (data.metrics && data.metrics.checks) {\n");
1340 script.push_str(" checks.overall_pass_rate = data.metrics.checks.values.rate;\n");
1341 script.push_str(" }\n");
1342 script.push_str(" let checkResults = {};\n");
1343 script.push_str(" function walkGroups(group) {\n");
1344 script.push_str(" if (group.checks) {\n");
1345 script.push_str(" for (let checkObj of group.checks) {\n");
1346 script.push_str(" checkResults[checkObj.name] = {\n");
1347 script.push_str(" passes: checkObj.passes,\n");
1348 script.push_str(" fails: checkObj.fails,\n");
1349 script.push_str(" };\n");
1350 script.push_str(" }\n");
1351 script.push_str(" }\n");
1352 script.push_str(" if (group.groups) {\n");
1353 script.push_str(" for (let subGroup of group.groups) {\n");
1354 script.push_str(" walkGroups(subGroup);\n");
1355 script.push_str(" }\n");
1356 script.push_str(" }\n");
1357 script.push_str(" }\n");
1358 script.push_str(" if (data.root_group) {\n");
1359 script.push_str(" walkGroups(data.root_group);\n");
1360 script.push_str(" }\n");
1361 script.push_str(" return {\n");
1362 script.push_str(&format!(
1363 " '{}': JSON.stringify({{ checks: checkResults, overall: checks }}, null, 2),\n",
1364 report_path
1365 ));
1366 script.push_str(" 'summary.json': JSON.stringify(data),\n");
1367 script.push_str(" stdout: textSummary(data, { indent: ' ', enableColors: true }),\n");
1368 script.push_str(" };\n");
1369 script.push_str("}\n\n");
1370 script.push_str("function textSummary(data, opts) {\n");
1371 script.push_str(" return JSON.stringify(data, null, 2);\n");
1372 script.push_str("}\n");
1373 }
1374}
1375
1376#[cfg(test)]
1377mod tests {
1378 use super::*;
1379 use openapiv3::{
1380 Operation, ParameterData, ParameterSchemaOrContent, PathStyle, Response, Schema,
1381 SchemaData, SchemaKind, StringType, Type,
1382 };
1383
1384 fn make_op(method: &str, path: &str, operation: Operation) -> ApiOperation {
1385 ApiOperation {
1386 method: method.to_string(),
1387 path: path.to_string(),
1388 operation,
1389 operation_id: None,
1390 }
1391 }
1392
1393 fn empty_spec() -> OpenAPI {
1394 OpenAPI::default()
1395 }
1396
1397 #[test]
1398 fn test_annotate_get_with_path_param() {
1399 let mut op = Operation::default();
1400 op.parameters.push(ReferenceOr::Item(Parameter::Path {
1401 parameter_data: ParameterData {
1402 name: "id".to_string(),
1403 description: None,
1404 required: true,
1405 deprecated: None,
1406 format: ParameterSchemaOrContent::Schema(ReferenceOr::Item(Schema {
1407 schema_data: SchemaData::default(),
1408 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1409 })),
1410 example: None,
1411 examples: Default::default(),
1412 explode: None,
1413 extensions: Default::default(),
1414 },
1415 style: PathStyle::Simple,
1416 }));
1417
1418 let api_op = make_op("get", "/users/{id}", op);
1419 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1420
1421 assert!(annotated.features.contains(&ConformanceFeature::MethodGet));
1422 assert!(annotated.features.contains(&ConformanceFeature::PathParamString));
1423 assert!(annotated.features.contains(&ConformanceFeature::ConstraintRequired));
1424 assert_eq!(annotated.path_params.len(), 1);
1425 assert_eq!(annotated.path_params[0].0, "id");
1426 }
1427
1428 #[test]
1429 fn test_annotate_post_with_json_body() {
1430 let mut op = Operation::default();
1431 let mut body = RequestBody {
1432 required: true,
1433 ..Default::default()
1434 };
1435 body.content
1436 .insert("application/json".to_string(), openapiv3::MediaType::default());
1437 op.request_body = Some(ReferenceOr::Item(body));
1438
1439 let api_op = make_op("post", "/items", op);
1440 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1441
1442 assert!(annotated.features.contains(&ConformanceFeature::MethodPost));
1443 assert!(annotated.features.contains(&ConformanceFeature::BodyJson));
1444 }
1445
1446 #[test]
1447 fn test_annotate_response_codes() {
1448 let mut op = Operation::default();
1449 op.responses
1450 .responses
1451 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(Response::default()));
1452 op.responses
1453 .responses
1454 .insert(openapiv3::StatusCode::Code(404), ReferenceOr::Item(Response::default()));
1455
1456 let api_op = make_op("get", "/items", op);
1457 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1458
1459 assert!(annotated.features.contains(&ConformanceFeature::Response200));
1460 assert!(annotated.features.contains(&ConformanceFeature::Response404));
1461 }
1462
1463 #[test]
1464 fn test_generate_spec_driven_script() {
1465 let config = ConformanceConfig {
1466 target_url: "http://localhost:3000".to_string(),
1467 api_key: None,
1468 basic_auth: None,
1469 skip_tls_verify: false,
1470 categories: None,
1471 base_path: None,
1472 custom_headers: vec![],
1473 output_dir: None,
1474 all_operations: false,
1475 custom_checks_file: None,
1476 request_delay_ms: 0,
1477 custom_filter: None,
1478 export_requests: false,
1479 validate_requests: false,
1480 };
1481
1482 let operations = vec![AnnotatedOperation {
1483 path: "/users/{id}".to_string(),
1484 method: "GET".to_string(),
1485 features: vec![
1486 ConformanceFeature::MethodGet,
1487 ConformanceFeature::PathParamString,
1488 ],
1489 request_body_content_type: None,
1490 sample_body: None,
1491 query_params: vec![],
1492 header_params: vec![],
1493 path_params: vec![("id".to_string(), "test-value".to_string())],
1494 response_schema: None,
1495 response_schemas: std::collections::BTreeMap::new(),
1496 request_body_schema: None,
1497 security_schemes: vec![],
1498 }];
1499
1500 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1501 let (script, _check_count) = gen.generate().unwrap();
1502
1503 assert!(script.contains("import http from 'k6/http'"));
1504 assert!(script.contains("/users/test-value"));
1505 assert!(script.contains("param:path:string"));
1506 assert!(script.contains("method:GET"));
1507 assert!(script.contains("handleSummary"));
1508 }
1509
1510 #[test]
1511 fn test_generate_with_category_filter() {
1512 let config = ConformanceConfig {
1513 target_url: "http://localhost:3000".to_string(),
1514 api_key: None,
1515 basic_auth: None,
1516 skip_tls_verify: false,
1517 categories: Some(vec!["Parameters".to_string()]),
1518 base_path: None,
1519 custom_headers: vec![],
1520 output_dir: None,
1521 all_operations: false,
1522 custom_checks_file: None,
1523 request_delay_ms: 0,
1524 custom_filter: None,
1525 export_requests: false,
1526 validate_requests: false,
1527 };
1528
1529 let operations = vec![AnnotatedOperation {
1530 path: "/users/{id}".to_string(),
1531 method: "GET".to_string(),
1532 features: vec![
1533 ConformanceFeature::MethodGet,
1534 ConformanceFeature::PathParamString,
1535 ],
1536 request_body_content_type: None,
1537 sample_body: None,
1538 query_params: vec![],
1539 header_params: vec![],
1540 path_params: vec![("id".to_string(), "1".to_string())],
1541 response_schema: None,
1542 response_schemas: std::collections::BTreeMap::new(),
1543 request_body_schema: None,
1544 security_schemes: vec![],
1545 }];
1546
1547 let gen = SpecDrivenConformanceGenerator::new(config, operations);
1548 let (script, _check_count) = gen.generate().unwrap();
1549
1550 assert!(script.contains("group('Parameters'"));
1551 assert!(!script.contains("group('HTTP Methods'"));
1552 }
1553
1554 #[test]
1555 fn test_annotate_response_validation() {
1556 use openapiv3::ObjectType;
1557
1558 let mut op = Operation::default();
1560 let mut response = Response::default();
1561 let mut media = openapiv3::MediaType::default();
1562 let mut obj_type = ObjectType::default();
1563 obj_type.properties.insert(
1564 "name".to_string(),
1565 ReferenceOr::Item(Box::new(Schema {
1566 schema_data: SchemaData::default(),
1567 schema_kind: SchemaKind::Type(Type::String(StringType::default())),
1568 })),
1569 );
1570 obj_type.required = vec!["name".to_string()];
1571 media.schema = Some(ReferenceOr::Item(Schema {
1572 schema_data: SchemaData::default(),
1573 schema_kind: SchemaKind::Type(Type::Object(obj_type)),
1574 }));
1575 response.content.insert("application/json".to_string(), media);
1576 op.responses
1577 .responses
1578 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1579
1580 let api_op = make_op("get", "/users", op);
1581 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1582
1583 assert!(
1584 annotated.features.contains(&ConformanceFeature::ResponseValidation),
1585 "Should detect ResponseValidation when response has a JSON schema"
1586 );
1587 assert!(annotated.response_schema.is_some(), "Should extract the response schema");
1588
1589 let config = ConformanceConfig {
1591 target_url: "http://localhost:3000".to_string(),
1592 api_key: None,
1593 basic_auth: None,
1594 skip_tls_verify: false,
1595 categories: None,
1596 base_path: None,
1597 custom_headers: vec![],
1598 output_dir: None,
1599 all_operations: false,
1600 custom_checks_file: None,
1601 request_delay_ms: 0,
1602 custom_filter: None,
1603 export_requests: false,
1604 validate_requests: false,
1605 };
1606 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1607 let (script, _check_count) = gen.generate().unwrap();
1608
1609 assert!(
1610 script.contains("response:schema:validation"),
1611 "Script should contain the validation check name"
1612 );
1613 assert!(script.contains("try {"), "Script should wrap validation in try-catch");
1614 assert!(script.contains("res.json()"), "Script should parse response as JSON");
1615 }
1616
1617 #[test]
1618 fn test_annotate_global_security() {
1619 let op = Operation::default();
1621 let mut spec = OpenAPI::default();
1622 let mut global_req = openapiv3::SecurityRequirement::new();
1623 global_req.insert("bearerAuth".to_string(), vec![]);
1624 spec.security = Some(vec![global_req]);
1625 let mut components = openapiv3::Components::default();
1627 components.security_schemes.insert(
1628 "bearerAuth".to_string(),
1629 ReferenceOr::Item(SecurityScheme::HTTP {
1630 scheme: "bearer".to_string(),
1631 bearer_format: Some("JWT".to_string()),
1632 description: None,
1633 extensions: Default::default(),
1634 }),
1635 );
1636 spec.components = Some(components);
1637
1638 let api_op = make_op("get", "/protected", op);
1639 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1640
1641 assert!(
1642 annotated.features.contains(&ConformanceFeature::SecurityBearer),
1643 "Should detect SecurityBearer from global security + components"
1644 );
1645 }
1646
1647 #[test]
1648 fn test_annotate_security_scheme_resolution() {
1649 let mut op = Operation::default();
1651 let mut req = openapiv3::SecurityRequirement::new();
1653 req.insert("myAuth".to_string(), vec![]);
1654 op.security = Some(vec![req]);
1655
1656 let mut spec = OpenAPI::default();
1657 let mut components = openapiv3::Components::default();
1658 components.security_schemes.insert(
1659 "myAuth".to_string(),
1660 ReferenceOr::Item(SecurityScheme::APIKey {
1661 location: openapiv3::APIKeyLocation::Header,
1662 name: "X-API-Key".to_string(),
1663 description: None,
1664 extensions: Default::default(),
1665 }),
1666 );
1667 spec.components = Some(components);
1668
1669 let api_op = make_op("get", "/data", op);
1670 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &spec);
1671
1672 assert!(
1673 annotated.features.contains(&ConformanceFeature::SecurityApiKey),
1674 "Should detect SecurityApiKey from SecurityScheme::APIKey, not name heuristic"
1675 );
1676 }
1677
1678 #[test]
1679 fn test_annotate_content_negotiation() {
1680 let mut op = Operation::default();
1681 let mut response = Response::default();
1682 response
1684 .content
1685 .insert("application/json".to_string(), openapiv3::MediaType::default());
1686 response
1687 .content
1688 .insert("application/xml".to_string(), openapiv3::MediaType::default());
1689 op.responses
1690 .responses
1691 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1692
1693 let api_op = make_op("get", "/items", op);
1694 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1695
1696 assert!(
1697 annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1698 "Should detect ContentNegotiation when response has multiple content types"
1699 );
1700 }
1701
1702 #[test]
1703 fn test_no_content_negotiation_for_single_type() {
1704 let mut op = Operation::default();
1705 let mut response = Response::default();
1706 response
1707 .content
1708 .insert("application/json".to_string(), openapiv3::MediaType::default());
1709 op.responses
1710 .responses
1711 .insert(openapiv3::StatusCode::Code(200), ReferenceOr::Item(response));
1712
1713 let api_op = make_op("get", "/items", op);
1714 let annotated = SpecDrivenConformanceGenerator::annotate_operation(&api_op, &empty_spec());
1715
1716 assert!(
1717 !annotated.features.contains(&ConformanceFeature::ContentNegotiation),
1718 "Should NOT detect ContentNegotiation for a single content type"
1719 );
1720 }
1721
1722 #[test]
1723 fn test_spec_driven_with_base_path() {
1724 let annotated = AnnotatedOperation {
1725 path: "/users".to_string(),
1726 method: "GET".to_string(),
1727 features: vec![ConformanceFeature::MethodGet],
1728 path_params: vec![],
1729 query_params: vec![],
1730 header_params: vec![],
1731 request_body_content_type: None,
1732 sample_body: None,
1733 response_schema: None,
1734 response_schemas: std::collections::BTreeMap::new(),
1735 request_body_schema: None,
1736 security_schemes: vec![],
1737 };
1738 let config = ConformanceConfig {
1739 target_url: "https://192.168.2.86/".to_string(),
1740 api_key: None,
1741 basic_auth: None,
1742 skip_tls_verify: true,
1743 categories: None,
1744 base_path: Some("/api".to_string()),
1745 custom_headers: vec![],
1746 output_dir: None,
1747 all_operations: false,
1748 custom_checks_file: None,
1749 request_delay_ms: 0,
1750 custom_filter: None,
1751 export_requests: false,
1752 validate_requests: false,
1753 };
1754 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1755 let (script, _check_count) = gen.generate().unwrap();
1756
1757 assert!(
1758 script.contains("const BASE_URL = 'https://192.168.2.86/api'"),
1759 "BASE_URL should include the base_path. Got: {}",
1760 script.lines().find(|l| l.contains("BASE_URL")).unwrap_or("not found")
1761 );
1762 }
1763
1764 #[test]
1765 fn test_spec_driven_with_custom_headers() {
1766 let annotated = AnnotatedOperation {
1767 path: "/users".to_string(),
1768 method: "GET".to_string(),
1769 features: vec![ConformanceFeature::MethodGet],
1770 path_params: vec![],
1771 query_params: vec![],
1772 header_params: vec![
1773 ("X-Avi-Tenant".to_string(), "test-value".to_string()),
1774 ("X-CSRFToken".to_string(), "test-value".to_string()),
1775 ],
1776 request_body_content_type: None,
1777 sample_body: None,
1778 response_schema: None,
1779 response_schemas: std::collections::BTreeMap::new(),
1780 request_body_schema: None,
1781 security_schemes: vec![],
1782 };
1783 let config = ConformanceConfig {
1784 target_url: "https://192.168.2.86/".to_string(),
1785 api_key: None,
1786 basic_auth: None,
1787 skip_tls_verify: true,
1788 categories: None,
1789 base_path: Some("/api".to_string()),
1790 custom_headers: vec![
1791 ("X-Avi-Tenant".to_string(), "admin".to_string()),
1792 ("X-CSRFToken".to_string(), "real-csrf-token".to_string()),
1793 ("Cookie".to_string(), "sessionid=abc123".to_string()),
1794 ],
1795 output_dir: None,
1796 all_operations: false,
1797 custom_checks_file: None,
1798 request_delay_ms: 0,
1799 custom_filter: None,
1800 export_requests: false,
1801 validate_requests: false,
1802 };
1803 let gen = SpecDrivenConformanceGenerator::new(config, vec![annotated]);
1804 let (script, _check_count) = gen.generate().unwrap();
1805
1806 assert!(
1808 script.contains("'X-Avi-Tenant': 'admin'"),
1809 "Should use custom value for X-Avi-Tenant, not test-value"
1810 );
1811 assert!(
1812 script.contains("'X-CSRFToken': 'real-csrf-token'"),
1813 "Should use custom value for X-CSRFToken, not test-value"
1814 );
1815 assert!(
1817 script.contains("'Cookie': 'sessionid=abc123'"),
1818 "Should include Cookie header from custom_headers"
1819 );
1820 assert!(
1822 !script.contains("'test-value'"),
1823 "test-value placeholders should be replaced by custom values"
1824 );
1825 }
1826
1827 #[test]
1828 fn test_effective_headers_merging() {
1829 let config = ConformanceConfig {
1830 target_url: "http://localhost".to_string(),
1831 api_key: None,
1832 basic_auth: None,
1833 skip_tls_verify: false,
1834 categories: None,
1835 base_path: None,
1836 custom_headers: vec![
1837 ("X-Auth".to_string(), "real-token".to_string()),
1838 ("Cookie".to_string(), "session=abc".to_string()),
1839 ],
1840 output_dir: None,
1841 all_operations: false,
1842 custom_checks_file: None,
1843 request_delay_ms: 0,
1844 custom_filter: None,
1845 export_requests: false,
1846 validate_requests: false,
1847 };
1848 let gen = SpecDrivenConformanceGenerator::new(config, vec![]);
1849
1850 let spec_headers = vec![
1852 ("X-Auth".to_string(), "test-value".to_string()),
1853 ("X-Other".to_string(), "keep-this".to_string()),
1854 ];
1855 let effective = gen.effective_headers(&spec_headers);
1856
1857 assert_eq!(effective[0], ("X-Auth".to_string(), "real-token".to_string()));
1859 assert_eq!(effective[1], ("X-Other".to_string(), "keep-this".to_string()));
1861 assert_eq!(effective[2], ("Cookie".to_string(), "session=abc".to_string()));
1863 }
1864}