Syndesis: API key is not included in query parameter

@mmuzikar can you provide a bit of detail on the integration you created. Looks like a Timer to custom API client connector (for Petstore). Can you share your OpenAPI document (is it https://petstore.swagger.io/v2/swagger.json ?)

Sure I thought I linked it in #5480 but that doesn't seem to be the case, so you can use this file for reproducing #5480 as well.
petstore-test.txt
I use following integration:
Timer
SQL (for enabling use of datamapper)
Datamapper (mapping constant id and values from SQL)
POST API client connector (create pet)

I am sharing the exported integration as well
API_key_query-export.zip.

Note that I use our application to serve these requests, if you'd like to replicate this behavior 1:1, that will require additional setup

And with regards to #5152 and this, the execution paths for the API client and API provider are different so I don't think these issues are related.

is this done? can we close this?

@paoloantinori I would rather wait for #5615 to get fixed as right now it is not possible to create connector with API key security specified.

a blocker that waits on a non blocker is a definition of deadlock I'm afraid

@zregvart It looks to me like there's still no key included in the query, but I can confirm that it is included in the HTTP headers. Could you please take a look at that?

I just did a bit of manual testing and it indeed seems that the API key is included in the header instead of in the parameter when the security requirement requires it to be in the parameter. I'll have a look and try to fix this.

From what I see the issue is only when the OpenAPI document contains two or more security definitions of the same type. In that case the backend provides on the POST /api/v1/connectors/custom/info properties based on the last security definition of the supported type -- the defaultValue for instance is set to the value generated from the one of the securityDefinitions. These properties are then passed as configuredProperties and are taken in preference of the ones generated from the chosen authentication type.

Hi @zregvart, the same process still doesn't work for me, even when I delete the other security option.
Could you please take a look at it again?
You can reproduce it very easily by using the file I provided above https://github.com/syndesisio/syndesis/files/3231980/petstore-test.txt, you have to edit it to use query though.
Then I run our testing service to validate the incoming parameters, feel free to get in touch on gchat if you'd like to test it on the same service :)

Also if you agree I think we can lower the priority to p1 since at least part of this is working :)

Lowring the prio according to https://github.com/syndesisio/syndesis/issues/5490#issuecomment-508125874

I found the issue, it's in the minimization of the OpenAPI document in order for it to take up less space we throw out the security requirements and security definitions. So at runtime the Camel REST Swagger component doesn't have the information about the API keys, so it doesn't configure the underlying component delegate with the API key query parameter. It works for HTTP headers as those are added by processor regardless, it's this chain of Syndesis -> Camel REST Swagger -> delegate HTTP component that needs to include any query parameter throughout, otherwise it will not be placed in the request.

API key is now included in query, good job @zregvart :)