[TT-7523] [OAS Versioning] Gateway CE allows to create version without new_version_name (#7244)

MaciekMis · web-flow · commit 5460a4979c18 · 2025-07-29T14:40:02.000+02:00
### **User description** <details open> <summary><a href="https://tyktech.atlassian.net/browse/TT-7523" title="TT-7523" target="_blank">TT-7523</a></summary> <br /> <table> <tr> <th>Summary</th> <td>[OAS Versioning] Gateway CE allows to create version without `new_version_name`</td> </tr> <tr> <th>Type</th> <td> <img alt="Bug" src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium" /> Bug </td> </tr> <tr> <th>Status</th> <td>In Dev</td> </tr> <tr> <th>Points</th> <td>N/A</td> </tr> <tr> <th>Labels</th> <td><a href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20codilime_refined%20ORDER%20BY%20created%20DESC" title="codilime_refined">codilime_refined</a>, <a href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20version-tyk-oas%20ORDER%20BY%20created%20DESC" title="version-tyk-oas">version-tyk-oas</a></td> </tr> </table> </details>  ---  ## Description Gateway API accepts requests to create new API version even if the new version name parameter is not specified. This PR contains fix for this issue along with example, how a shared library could be used to extract common code. ## Related Issue     ## Motivation and Context  ## How This Has Been Tested     ## Screenshots (if appropriate) ## Types of changes  - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [x] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist    - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why ___ ### **PR Type** Bug fix, Enhancement, Tests ___ ### **Description** - Enforces validation for `new_version_name` when creating API versions - Returns HTTP 422 if `new_version_name` is missing in versioning requests - Refactors versioning logic into a shared library (`lib/apidef/version.go`) - Adds comprehensive unit tests for versioning logic in shared library ___ ### Diagram Walkthrough ```mermaid flowchart LR apiHandler["Gateway API Versioning Handler"] sharedLib["Shared Versioning Library (lib/apidef/version.go)"] validation["Validation for new_version_name"] error422["Returns HTTP 422 on missing new_version_name"] tests["Unit Tests for Versioning Logic"] apiHandler -- "Uses" --> sharedLib sharedLib -- "Performs" --> validation validation -- "On error" --> error422 sharedLib -- "Covered by" --> tests ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table> <tr> <td> <details> <summary><strong>api.go</strong><dd><code>Enforce and refactor API versioning logic using shared library</code></dd></summary> <hr> gateway/api.go <ul><li>Integrates shared versioning library for parameter handling and <br>validation<br> <li> Enforces <code>new_version_name</code> presence, returning HTTP 422 if missing<br> <li> Refactors versioning logic to use new shared library functions<br> <li> Simplifies and clarifies API versioning code path</ul> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/7244/files#diff-644cda3aeb4ac7f325359e85fcddb810f100dd5e6fa480b0d9f9363a743c4e05">+46/-56</a>&nbsp; </td> </tr> <tr> <td> <details> <summary><strong>version.go</strong><dd><code>Add shared library for API versioning logic and validation</code></dd></summary> <hr> lib/apidef/version.go <ul><li>Introduces shared library for API versioning parameter handling and <br>validation<br> <li> Implements strict validation for required parameters (e.g., <br><code>new_version_name</code>)<br> <li> Provides utility functions for configuring version definitions<br> <li> Centralizes versioning logic for reuse and maintainability</ul> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/7244/files#diff-9e698644fcca1a469641d3cd92ad309f640e4f8474b6d4fbe9478123516f180d">+181/-0</a>&nbsp; </td> </tr> </table></td></tr><tr><td><strong>Tests</strong></td><td><table> <tr> <td> <details> <summary><strong>version_test.go</strong><dd><code>Add unit tests for shared versioning library</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </dd></summary> <hr> lib/apidef/version_test.go <ul><li>Adds comprehensive unit tests for versioning parameter logic and <br>validation<br> <li> Tests error handling for missing and invalid parameters<br> <li> Verifies configuration of version definitions via shared library<br> <li> Ensures robustness of new versioning logic</ul> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/7244/files#diff-c67df2864ba1a068ada18f017570b6190f6af0e1f1515f3110a81f59a7da42e6">+181/-0</a>&nbsp; </td> </tr> </table></td></tr></tr></tbody></table> </details> ___
diff --git a/gateway/api.go b/gateway/api.go
@@ -69,6 +69,7 @@ import (
 	"github.com/TykTechnologies/tyk/user"
 
 	gql "github.com/TykTechnologies/graphql-go-tools/pkg/graphql"
+	lib "github.com/TykTechnologies/tyk/lib/apidef"
 )
 
 const (
@@ -1049,14 +1050,32 @@ func (gw *Gateway) handleGetAPIOAS(apiID string, modePublic bool) (interface{},
 
 func (gw *Gateway) handleAddApi(r *http.Request, fs afero.Fs, oasEndpoint bool) (interface{}, int) {
 	var (
-		newDef             apidef.APIDefinition
-		oasObj             oas.OAS
-		baseAPIID          = r.FormValue("base_api_id")
-		baseAPIVersionName = r.FormValue("base_api_version_name")
-		newVersionName     = r.FormValue("new_version_name")
-		setDefault         = r.FormValue("set_default") == "true"
+		newDef apidef.APIDefinition
+		oasObj oas.OAS
 	)
 
+	versionParams := lib.NewVersionQueryParameters(r.URL.Query())
+	err := versionParams.Validate(func() (bool, string) {
+		baseApiID := versionParams.Get(lib.BaseAPIID)
+		baseApi := gw.getApiSpec(baseApiID)
+		if baseApi != nil {
+			return true, baseApi.VersionDefinition.Name
+		}
+
+		return false, ""
+	})
+
+	if err != nil {
+		// https://tyktech.atlassian.net/browse/TT-7523?focusedCommentId=100547
+		// Sadly we are averse to changing (incorrect) HTTP error codes, because these could be considered breaking changes by some of our clients.
+		// Please return HTTP 422 here, because currently the request doesn’t generate an error.
+		if errors.Is(err, lib.ErrNewVersionRequired) {
+			return apiError(err.Error()), http.StatusUnprocessableEntity
+		}
+
+		return apiError(err.Error()), http.StatusBadRequest
+	}
+
 	if oasEndpoint {
 		if err := json.NewDecoder(r.Body).Decode(&oasObj); err != nil {
 			log.Error("Couldn't decode new OAS object: ", err)
@@ -1102,60 +1121,20 @@ func (gw *Gateway) handleAddApi(r *http.Request, fs afero.Fs, oasEndpoint bool)
 		}
 	}
 
-	if baseAPIID != "" {
-		if baseAPIPtr := gw.getApiSpec(baseAPIID); baseAPIPtr == nil {
-			log.Errorf("Couldn't find a base API to bind with the given API id: %s", baseAPIID)
-		} else {
-			apiInBytes, err := json.Marshal(baseAPIPtr)
-			if err != nil {
-				log.WithError(err).Error("Couldn't marshal API spec")
-			}
+	if !versionParams.IsEmpty(lib.BaseAPIID) {
+		baseAPI := gw.getApiSpec(versionParams.Get(lib.BaseAPIID))
+		baseAPI.VersionDefinition = lib.ConfigureVersionDefinition(baseAPI.VersionDefinition, versionParams, newDef.APIID)
 
-			var baseAPI APISpec
-			err = json.Unmarshal(apiInBytes, &baseAPI)
+		if baseAPI.IsOAS {
+			baseAPI.OAS.Fill(*baseAPI.APIDefinition)
+			err, _ := gw.writeOASAndAPIDefToFile(fs, baseAPI.APIDefinition, &baseAPI.OAS)
 			if err != nil {
-				log.WithError(err).Error("Couldn't unmarshal API spec")
-			}
-
-			baseAPI.VersionDefinition.Enabled = true
-			if baseAPIVersionName != "" {
-				baseAPI.VersionDefinition.Name = baseAPIVersionName
-				baseAPI.VersionDefinition.Default = baseAPIVersionName
-			}
-
-			if baseAPI.VersionDefinition.Key == "" {
-				baseAPI.VersionDefinition.Key = apidef.DefaultAPIVersionKey
-			}
-
-			if baseAPI.VersionDefinition.Location == "" {
-				baseAPI.VersionDefinition.Location = apidef.HeaderLocation
-			}
-
-			if baseAPI.VersionDefinition.Default == "" {
-				baseAPI.VersionDefinition.Default = apidef.Self
-			}
-
-			if baseAPI.VersionDefinition.Versions == nil {
-				baseAPI.VersionDefinition.Versions = make(map[string]string)
-			}
-
-			baseAPI.VersionDefinition.Versions[newVersionName] = newDef.APIID
-
-			if setDefault {
-				baseAPI.VersionDefinition.Default = newVersionName
+				log.WithError(err).Errorf("Error occurred while updating base OAS API with id: %s", baseAPI.APIID)
 			}
-
-			if baseAPI.IsOAS {
-				baseAPI.OAS.Fill(*baseAPI.APIDefinition)
-				err, _ := gw.writeOASAndAPIDefToFile(fs, baseAPI.APIDefinition, &baseAPI.OAS)
-				if err != nil {
-					log.WithError(err).Errorf("Error occurred while updating base OAS API with id: %s", baseAPI.APIID)
-				}
-			} else {
-				err, _ := gw.writeToFile(fs, baseAPI.APIDefinition, baseAPI.APIID)
-				if err != nil {
-					log.WithError(err).Errorf("Error occurred while updating base API with id: %s", baseAPI.APIID)
-				}
+		} else {
+			err, _ := gw.writeToFile(fs, baseAPI.APIDefinition, baseAPI.APIID)
+			if err != nil {
+				log.WithError(err).Errorf("Error occurred while updating base API with id: %s", baseAPI.APIID)
 			}
 		}
 	}
diff --git a/gateway/api_test.go b/gateway/api_test.go
@@ -2189,7 +2189,8 @@ func TestHandleAddApi_AddVersionAtomically(t *testing.T) {
 		{AdminAuth: true, Method: http.MethodPost, Data: v2,
 			Path: fmt.Sprintf("/tyk/apis?base_api_id=%s&new_version_name=%s&set_default=true&base_api_version_name=%s", baseAPI.APIID, v2VersionName, baseVersionName),
 			BodyMatchFunc: func(i []byte) bool {
-				assert.Len(t, baseAPI.VersionDefinition.Versions, 0)
+				// Gateway addApi function modifies baseAPI in it's internal storage - gw.apisByID
+				assert.Len(t, baseAPI.VersionDefinition.Versions, 1)
 				ts.Gw.DoReload()
 				return true
 			},
@@ -2267,7 +2268,8 @@ func TestHandleAddOASApi_AddVersionAtomically(t *testing.T) {
 		{AdminAuth: true, Method: http.MethodPost, Data: &v2.OAS,
 			Path: fmt.Sprintf("/tyk/apis/oas?base_api_id=%s&new_version_name=%s&set_default=true&base_api_version_name=%s", baseAPI.APIID, v2VersionName, baseVersionName),
 			BodyMatchFunc: func(i []byte) bool {
-				assert.Len(t, baseAPI.VersionDefinition.Versions, 0)
+				// Gateway addApi function modifies baseAPI in it's internal storage - gw.apisByID
+				assert.Len(t, baseAPI.VersionDefinition.Versions, 1)
 				ts.Gw.DoReload()
 				return true
 			},
diff --git a/lib/apidef/version.go b/lib/apidef/version.go
@@ -0,0 +1,198 @@
+package apidef
+
+import (
+	"errors"
+	"fmt"
+	"github.com/TykTechnologies/tyk/apidef"
+	"github.com/TykTechnologies/tyk/common/option"
+	"net/url"
+)
+
+const (
+	// BaseAPIID represents the parameter for the base API identifier.
+	// This is used to identify the original API that a version is based on.
+	BaseAPIID VersionParameter = iota
+
+	// BaseAPIVersionName represents the parameter for the base API version name.
+	// This is used to specify the name of the version in the base API.
+	BaseAPIVersionName
+
+	// NewVersionName represents the parameter for the new version name.
+	// This is used when creating a new version of an API.
+	NewVersionName
+
+	// SetDefault represents the parameter that determines if a version should be set as default.
+	// When true, the new version will be marked as the default version for the API.
+	SetDefault
+
+	// paramCount is used internally to track the number of version parameters.
+	paramCount
+)
+
+const TrueString = "true"
+
+var (
+	// ErrNewVersionRequired is returned when a new version name is required but not provided.
+	// This error occurs during validation when attempting to create a new API version.
+	ErrNewVersionRequired = errors.New("The new version name is required")
+)
+
+// VersionParameter represents the type of parameter used in API version configuration.
+// It defines the possible parameters that can be used when working with API versions.
+type VersionParameter int
+
+// String returns the string representation of a VersionParameter.
+// It converts the numeric parameter value to its corresponding string identifier.
+func (v VersionParameter) String() string {
+	return []string{"base_api_id", "base_api_version_name", "new_version_name", "set_default"}[v]
+}
+
+// AllVersionParameters returns a slice containing all available version parameters.
+// This is useful for iterating through all possible version parameters.
+func AllVersionParameters() []VersionParameter {
+	params := make([]VersionParameter, paramCount)
+	for i := range params {
+		params[i] = VersionParameter(i)
+	}
+
+	return params
+}
+
+// VersionQueryParameters holds the version-related parameters extracted from HTTP requests.
+// It provides methods to access and validate these parameters.
+type VersionQueryParameters struct {
+	versionParams map[string]string
+}
+
+// Validate checks if the version parameters are valid.
+// It takes a function that checks if the base API exists and returns an error if validation fails.
+// The doesBaseApiExists function should return whether the base API exists and its name.
+func (v *VersionQueryParameters) Validate(doesBaseApiExists func() (bool, string)) error {
+	if v.IsEmpty(BaseAPIID) {
+		return nil
+	}
+	baseID := v.Get(BaseAPIID)
+
+	if v.IsEmpty(NewVersionName) {
+		return ErrNewVersionRequired
+	}
+
+	exists, baseName := doesBaseApiExists()
+	if !exists {
+		return fmt.Errorf("%s is not a valid Base API version", baseID)
+	}
+
+	if v.IsEmpty(BaseAPIVersionName) && baseName == "" {
+		return fmt.Errorf("you need to provide a version name for the new Base API: %s", baseID)
+	}
+
+	return nil
+}
+
+// IsEmpty checks if a specific version parameter is empty or not set.
+// Returns true if the parameter is empty, false otherwise.
+func (v *VersionQueryParameters) IsEmpty(param VersionParameter) bool {
+	return v.versionParams[param.String()] == ""
+}
+
+// Get retrieves the value of a specific version parameter.
+// Returns the string value of the parameter.
+func (v *VersionQueryParameters) Get(param VersionParameter) string {
+	return v.versionParams[param.String()]
+}
+
+// NewVersionQueryParameters creates a new VersionQueryParameters instance from an HTTP request.
+// It extracts all version-related parameters from the request's URL query.
+func NewVersionQueryParameters(query url.Values) *VersionQueryParameters {
+	versionParams := &VersionQueryParameters{
+		versionParams: make(map[string]string, paramCount),
+	}
+
+	for _, param := range AllVersionParameters() {
+		paramName := param.String()
+		versionParams.versionParams[paramName] = query.Get(paramName)
+	}
+
+	return versionParams
+}
+
+// WithVersionName creates an option that sets the version name in a VersionDefinition.
+func WithVersionName(name string) option.Option[apidef.VersionDefinition] {
+	return func(version *apidef.VersionDefinition) {
+		version.Name = name
+	}
+}
+
+// WithBaseID creates an option that sets the version baseID in a VersionDefinition.
+func WithBaseID(id string) option.Option[apidef.VersionDefinition] {
+	return func(version *apidef.VersionDefinition) {
+		version.BaseID = id
+	}
+}
+
+// AddVersion creates an option that adds a version mapping to a VersionDefinition.
+// It associates a version name with an API ID in the Versions map.
+func AddVersion(versionName, apiID string) option.Option[apidef.VersionDefinition] {
+	return func(vd *apidef.VersionDefinition) {
+		vd.Versions[versionName] = apiID
+	}
+}
+
+// SetAsDefault creates an option that marks a specific version as the default.
+// This sets the Default field in the VersionDefinition to the specified version name.
+func SetAsDefault(versionName string) option.Option[apidef.VersionDefinition] {
+	return func(vd *apidef.VersionDefinition) {
+		vd.Default = versionName
+	}
+}
+
+// ConfigureVersionDefinition sets up the version definition with default values if not already set.
+// It applies the provided parameters to configure the version definition and ensures
+// that required fields have appropriate values.
+func ConfigureVersionDefinition(def apidef.VersionDefinition, params *VersionQueryParameters, newApiID string) apidef.VersionDefinition {
+	opts := make([]option.Option[apidef.VersionDefinition], 0)
+
+	if !params.IsEmpty(BaseAPIID) {
+		def.Enabled = true
+
+		if !params.IsEmpty(BaseAPIVersionName) {
+			opts = append(opts, WithVersionName(params.Get(BaseAPIVersionName)))
+		}
+
+		if !params.IsEmpty(SetDefault) {
+			setDefault := params.Get(SetDefault)
+			if setDefault == TrueString {
+				opts = append(opts, SetAsDefault(params.Get(NewVersionName)))
+			}
+		}
+
+		if !params.IsEmpty(BaseAPIID) {
+			opts = append(opts, WithBaseID(params.Get(BaseAPIID)))
+		}
+
+		opts = append(opts, AddVersion(params.Get(NewVersionName), newApiID))
+	}
+
+	// When baseAPIID is missing in the request params, and it's versioning is enabled then set versioning ID as APIID
+	if params.IsEmpty(BaseAPIID) && def.BaseID == "" {
+		def.BaseID = newApiID
+	}
+
+	if def.Key == "" {
+		def.Key = apidef.DefaultAPIVersionKey
+	}
+
+	if def.Location == "" {
+		def.Location = apidef.HeaderLocation
+	}
+
+	if def.Default == "" {
+		def.Default = apidef.Self
+	}
+
+	if def.Versions == nil {
+		def.Versions = make(map[string]string)
+	}
+
+	return *option.New(opts).Build(def)
+}
diff --git a/lib/apidef/version_test.go b/lib/apidef/version_test.go
