Greetings team!
I have an OpenAPI spec with a POST operation that can contain one of three models in the request: Thing1, Thing2, Thing3.
The Thing models “inherit” from ThingBase, which contains a property common to all Things, which all use allOff to include this “base” class.
Thing3 differs from Things1 & 2 in that one of its properties is a object that is a oneOf.
Here is the spec:
openapi: 3.0.0
info:
version: '1.0'
title: Apigee OasValidation POC
servers:
- url: 'http://localhost:3000'
paths:
/things:
post:
summary: Your POST endpoint
operationId: post-things
requestBody:
content:
application/json:
schema:
oneOf:
- $ref: '#/components/schemas/Thing1'
- $ref: '#/components/schemas/Thing2'
- $ref: '#/components/schemas/Thing3'
examples:
Example 1:
value:
ThingId: 0
Thing1Property: string
responses:
'201':
description: Created
content:
application/json:
schema: {}
servers:
- url: 'http://localhost:3000'
components:
schemas:
Thing1:
title: Thing1
allOf:
- $ref: '#/components/schemas/ThingBase'
- type: object
additionalProperties: false
properties:
Thing1Property:
type: string
ThingBase:
type: object
title: ThingBase
additionalProperties: false
properties:
ThingId:
type: number
Thing2:
title: Thing2
allOf:
- $ref: '#/components/schemas/ThingBase'
- type: object
additionalProperties: false
properties:
Thing2Property:
type: string
Thing3:
title: Thing3
allOf:
- $ref: '#/components/schemas/ThingBase'
- $ref: '#/components/schemas/Context'
Context:
type: object
title: Context
oneOf:
- type: object
additionalProperties: false
properties:
Property1:
type: string
- type: object
additionalProperties: false
properties:
Property2:
type: string
I’ve configured an OasValidation policy in my proxy to validate incoming requests against this spec.
Things1 and 2 validate correctly when POSTed in a request, but Thing3 fails when sending this body:
{
"ThingId": 0,
"Property1": "string"
}
The error message:
"OASValidation OAS-Validation with resource "oas://Apigee-OasValidation-oneOf-POC (2).yaml": failed with reason: "[ERROR - Instance failed to match exactly one schema (matched 0 out of 3): [/oneOf/0: Object instance has properties which are not allowed by the schema: ["Property1"], /oneOf/1: Object instance has properties which are not allowed by the schema: ["Property1"], /oneOf/2: Object instance has properties which are not allowed by the schema: ["Property1"]]\n\tERROR - Object instance has properties which are not allowed by the schema: ["Property1"]: []\n\tERROR - Object instance has properties which are not allowed by the schema: ["Property1"]: []\n\tERROR - Object instance has properties which are not allowed by the schema: ["Property1"]: []]"",
I would expect /oneOf/2 would be a match for the request body.
It seems that request should be valid.
Is this a bug, or am I doing something wrong?
If I alter Context to not use a oneOf, validation succeeds, but I really need a oneOf. 
Thanks!