Global (api level) security ignored when resolving operation#securityDefinitions in OAS3

[wickedest]

Expected outcome

Given an OAS 3.0 spec that defines securitySchemes component (e.g. api-key) and a global security Requirement Object, the operation.securityDefinitions should be {"api-key":{"in":"query","name":"apikey","type":"apiKey"}}".

openapi: 3.0.0
servers:
  - description: Sample API
    url: https://sample.io
info:
  description: My sample service
  version: "1.0.0"
  title: Sample API
security:
  - api-key: []
paths:
  /doit:
    get:
      description: Get something
      operationId: getSomething
      responses:
        default:
          description: Success
components:
  securitySchemes:
    api-key:
      in: query
      name: apikey
      type: apiKey

Actual outcome

The operation.securityDefinitions is empty {}.

The issue may be related to this code in operation.js - securityDefinitions is undefined in OAS3. Instead, they were renamed to components.securitySchemes and the equivalent should be accessible at pathObject.api.definitionFullyResolved.components.securitySchemes.

[whitlockjc]

OASv3 isn't supported yet, I apologize. Please use #128 to keep track of that.