# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
swagger: "2.0"
info:
  version: 1.0.0
  title: openapi Petstore Cors
  license:
    name: MIT
host: petstore.openapi.io
basePath: /v1
schemes:
  - http
consumes:
  - application/json
produces:
  - application/json
x-a127-services:
  add-cors:
    provider: x-cors
    options:
      displayName: Add CORS
      headers:
        Access-Control-Allow-Origin:
          type: string
          default: "*"
          description: >
            Setting this header to `*` allows all origins.
            This is handy for public REST APIs that don't require
            authentication. But, according to the HTTP spec, browsers
            *WILL NOT* send cookies if this header is `*`, regardless
            of what you set `Access-Control-Allow-Credentials` to.
        Access-Control-Allow-Credentials:
          type: boolean
          default: false
          description: >
            Setting this header to `false` means that your API does not
            use authentication cookies.
        Access-Control-Allow-Headers:
          type: array
          collectionFormat: csv
          default: origin, x-requested-with, accept
          description: >
            This shows how you can explicitly specify which HTTP headers
            your API allows.
        Access-Control-Allow-Methods:
          type: array
          collectionFormat: csv
          default: GET, PUT, POST, DELETE
          description: >
            This shows how you can explicitly specify which HTTP methods
            your API allows.
        Access-Control-Max-Age:
          type: integer
          default: 3628800
          description: >
            This allows client browsers to cache the CORS response for
            one day (3628800 seconds).
  quotaAnil:
    provider: volos-quota-memory
    options:
      timeUnit: day
      interval: 2
      allow: 2500
  oauth2:
    provider: volos-oauth-apigee
    options:
      tokenLifetime: 300000
      key: apigeeProxyKey
      uri: apigeeProxyUri
      validGrantTypes:
        - client_credentials
        - authorization_code
        - implicit_grant
        - password
      tokenPaths:  # These will be added to your paths section for you
        authorize: /authorize
        token: /accesstoken
        invalidate: /invalidate
        refresh: /refresh
paths:
  /pets:
    get:
      x-a127-apply:
        quotaAnil:
          pipe: request
          endPoint: proxy
      summary: List all pets
      operationId: listPets
      tags:
        - pets
      parameters:
        - name: limit
          in: query
          description: How many items to return at one time (max 100)
          required: false
          type: integer
          format: int32
      responses:
        200:
          description: An paged array of pets
          headers:
            x-next:
              type: string
              description: A link to the next page of responses
          schema:
            $ref: Pets
        default:
          description: unexpected error
          schema:
            $ref: Error
    post:
      summary: Create a pet
      operationId: createPets
      tags:
        - pets
      responses:
        201:
          description: Null response
        default:
          description: unexpected error
          schema:
            $ref: Error
  /pets/{petId}:
    get:
      summary: Info for a specific pet
      operationId: showPetById
      security:
        - apiKeyHeader: []
        - oauth2: []
      tags:
        - pets
      parameters:
        - name: petId
          in: path
          required: true
          description: The id of the pet to retrieve
          type: string
      responses:
        200:
          description: Expected response to a valid request
          schema:
            $ref: Pets
        default:
          description: unexpected error
          schema:
            $ref: Error
definitions:
  Pet:
    required:
      - id
      - name
    properties:
      id:
        type: integer
        format: int64
      name:
        type: string
      tag:
        type: string
  Pets:
    type: array
    items:
      $ref: Pet
  Error:
    required:
      - code
      - message
    properties:
      code:
        type: integer
        format: int32
      message:
        type: string
