OAD schema fix 'parameter object' + in: querystring forbidden fields

[notEthan]

#4590 introduces parameter object with in: querystring, which may not have properties schema, style, explode, or allowReserved. The accompanying schema change only forbids an object with all of those four properties, though. This fixes to forbid any of them.

• schema changes are included in this pull request
• schema changes are needed for this pull request but not done yet
• no schema changes are needed for this pull request

[ralfhandl]

I think this change is unnecessary. Adding this fail test case with the current schema fails as expected:

openapi: 3.2.0
info:
  title: API
  version: 1.0.0
components:
  parameters:
    querystring-with-schema-not-allowed:
      in: querystring
      name: json
      content:
        application/json:
          schema:
            type: object
      explode: true

It also fails with a single one of the other three keywords not allowed with content.

Side note: schema is not necessary in the not-required list because having both content and schema is already forbidden by the oneOf-required construct in lines 367-371.

I prefer the current style as it is shorter.

Independent of this PR I think we should add a "fail" test case for this exclusion:

• #4910

[handrews]

@notEthan @ralfhandl actually the entire not: clause should be removed, and only required: [content] should be kept. Other parts of the schema handle the mutual exclusion of content and the other fields, which is why the test case passes. The not: here is superfluous, so the fact that it is (as @notEthan notes) incorrect doesn't matter.

[notEthan]

That example fails due to unevaluatedProperties: false in /$defs/parameter applying to explode. Which is fine and may be sufficient - if so the not+required subschema this PR changes could instead be removed entirely. But as it is, that part is not doing what it was intended to do, assuming it's intended to forbid any of those four properties. required will pass only if all its listed properties are present, and not+required will only fail if all listed properties are present.

[notEthan]

oh, @handrews beat me to it while I was typing

[notEthan]

updated to remove this subschema

[ralfhandl]

@notEthan Please include the test cases from

• 3.2: Parameter Object with in:querystring cannot have schema #4910

or equivalents to prove that removing these lines does not break the mutual exclusion.

Or let's wait with this one until #4910 is merged.

Thanks in advance!