[tuist] don't validate security requirements

[fkorotkov]

Since we are running a local server proxy which handles security differently.

[fkorotkov]

@edigaryev please check commits separately. This one is the most interesting 6b273f0.

[edigaryev]

But we already use "no security":

cirrus-cli/internal/agent/http_cache/tuistcache/tuistcache.go

Line 38 in 8006bef

server, err := tuistapi.NewServer(tc, NoSecurity{})

We have a test that doesn't use any security either and it passes. What does this PR this change in this regard? 🤔

[fkorotkov]

It seems it's still failing validations when I try to use it. See Slack for more details. The following thing:

curl https://cloud.tuist.io/api/spec | jq 'del(.security, .components.securitySchemes)' > openapi.json

Removes security requirements from the schema so there are not checks what's so ever.

Will take a look tomorrow why existing test passes.

[fkorotkov]

@edigaryev probably because test is not actually testing no authorization header:

cirrus-cli/internal/agent/http_cache/tuistcache/api/oas_security_gen.go

Lines 83 to 90 in 99d061f

	func (s *Client) securityAuthorization(ctx context.Context, operationName string, req *http.Request) error {
	t, err := s.sec.Authorization(ctx, operationName)
	if err != nil {
	return errors.Wrap(err, "security source \"Authorization\"")
	}
	req.Header.Set("Authorization", "Bearer "+t.Token)
	return nil
	}

[edigaryev]

Will take a look tomorrow why existing test passes.

Thank you.

It feels to me that there's an easier way to get around this, for example, by returning an ogenerrors.ErrSkipClientSecurity from our NoSecurity implementation.

Nope, ogenerrors.ErrSkipClientSecurity is for the client.

[edigaryev]

OK, so this error:

{"error_message":"operation DownloadCacheArtifact: security \"\": security requirement is not satisfied"}

Is coming from this template, from ogenerrors.SecurityError{}.

It seems that there's no way to disable it via ogen.yaml.