[kbn-api-contracts] Detect request-body additionalProperties:false tightening#267546
Merged
Conversation
Bamieh
added
release_note:skip
oasdiff 1.15.1's --flatten-allof stack-overflows on the full Kibana spec during local manual verification (`oasdiff diff --format json --flatten-allof` on `oas_docs/output/kibana.yaml` exhausts a 1 GiB goroutine stack). Without the flag, oasdiff completes and emits allOf branches the same way it does oneOf and anyOf: `allOf.modified[i].diff.<...>`. The detector already walks oneOf and anyOf, so adding `'allOf'` to the composition list keeps coverage identical and removes the production-blocking flag.
Bamieh
force-pushed
the
oasdiff_detect_additional_props
branch
from
5bbb06f to
a4577fd
Compare
![macroscopeapp[bot]](https://avatars.githubusercontent.com/in/900172?s=60&v=4){kind=small}
- build_request_body_index.ts → build_request_body_index/ folder: - index.ts (entry point + lodash groupBy) - extract_request_body_consumers.ts (paths × HTTP methods → schemas) - collect_reachable_components.ts ($ref / allOf / oneOf / anyOf / properties / items / additionalProperties walker) - types.ts - detect_additional_properties_tightening.ts → detect_additional_properties_tightening/ folder: - index.ts (orchestrator: collect → expand → collect inline) - collect_tightenings_in_schema_diff.ts (root + property + items + composition extractors) - collect_component_tightenings.ts - expand_component_tightenings.ts (fan-out via reverse index) - collect_inline_tightenings.ts (path-side, with skipKey dedup) - types.ts (DetectionResult, buildEntry, makeSkipKey, constants) - New shared is_record.ts wraps lodash isPlainObject as a TS type predicate; replaces the per-file isObject helpers. - run_oasdiff_structural.ts: extracted assertAbsoluteExistingPath, buildArgs, execOasdiff. matchPath now folded into args via spread; no in-place mutation. Style: replaced every `if (!isObject(...)) continue` with named flatMap/filter chains. Each new file is short (≤74 lines including license header). Behaviour, tests, and public exports unchanged.
`types.ts` now holds only TS types (DetectionResult, ComponentTightening, SkipKey). The runtime helpers live with the values they construct: - `build_entry.ts`: REQUEST_ADDITIONAL_PROPERTIES_TIGHTENED_ID, TIGHTENING_TEXT, buildEntry() - `make_skip_key.ts`: makeSkipKey() Also moved detect_additional_properties_tightening.test.ts inside the folder as index.test.ts so the test sits next to the module it covers.
jloleysens
approved these changes
May 5, 2026
Contributor
jloleysens
left a comment
jloleysens
left a comment
There was a problem hiding this comment.
Code only review, looks good to me!
Contributor
💚 Build Succeeded
Metrics [docs]
History
|
Contributor
|
Starting backport for target branches: 8.19, 9.2, 9.3, 9.4 https://github.com/elastic/kibana/actions/runs/25364888890 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
mbondyra
added a commit
to mbondyra/kibana
that referenced
this pull request
May 5, 2026
…ilder_new_vis_attachment * commit '6fd683609eb6dee81f242f8ff6951edbe3bfd66c': (226 commits) Remove Model Author group-by option from external inference endpoints (elastic#264761) [Streams][Streamlang] Align ES|QL condition transpiler with Painless on null propagation (elastic#264751) chore(axios,workflows-eng): remove axios from workflows connector utils (elastic#267512) [failed-test-reporter] avoid opening issues for scout env failures (elastic#267649) [kbn-api-contracts] Detect request-body additionalProperties:false tightening (elastic#267546) [main] Sync bundled packages with Package Storage (elastic#267644) Centralize phase colors and descriptions (elastic#266680) [Unified Waterfall] Add "Scroll to origin" button (elastic#266594) [APM] Add alert and SLO badges to the service map embeddable (elastic#266360) [CI] Speed up telemetry_check by pre-filtering to collector files (elastic#265978) [Discover] Address flaky large CSV test (elastic#266642) avoid passing unrelated props within integration card icon component conditional render (elastic#266569) [Cases][Templates] Extend cases search by template field label (elastic#266414) [Background search] Migrate custom SplitButton to EuiSplitButton (elastic#267447) [i18n] Report translation coverage during integrate (elastic#264124) [api-docs] 2026-05-05 Daily api_docs build (elastic#267639) [Scout] Update test config manifests (elastic#267636) [content list] Add saved object provider services (elastic#266428) [Fleet] Otel UI add health and implement it in OTelComponentDetail (elastic#267292) Update dependency msw to v2.13.4 (main) (elastic#266770) ...
kibanamachine
added
the
backport missing
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
3 similar comments
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
oasdiff breakingdoes not flag request bodies that gainadditionalProperties: false, so clients sending extra keys start getting HTTP 400s without any CI signal. This PR adds a detector that catches the transition.How it works:
oasdiff diff --format json --flatten-allof, which does exposeadditionalPropertiesAllowed: { from: null|true, to: false }.(path, method).OasdiffEntryitems that flow through the existing parse, Terraform-impact, allowlist, and report stages with no other code changes.All work stays inside
packages/kbn-api-contracts/.oas_docs/is untouched.The README also restructures the allowlist guidance: granular entries (
oasdiffId+source) lead, and the coarsepath+methodform is flagged as hiding future breaks on the same endpoint.Closes https://github.com/elastic/kibana-team/issues/3239
Live demo on the real Kibana spec
Edited the
Data_views_create_data_view_request_objectcomponent inoas_docs/output/kibana.yamlto addadditionalProperties: false, then rannode scripts/check_api_contracts.js --distribution stackagainstorigin/main.Before (clean working tree)
After (one-line edit added
additionalProperties: false)The detection lands exactly where designed: the data_views route, mapped to
elasticstack_kibana_data_view, owned by\@\elastic/kibana-data-discovery.