Fix or comment util.ValidateEndpoint explicit method setting

[grayside]

Current Behavior

In looking over util.ValidateEndpoints, it appears that some kind of hard-coding of HTTP requests is being done, and assumptions are made that all the HTTP methods are explicitly supported.

Expected Behavior

Option 1: Configuration-driven approach

For each operation:
  For each HTTP method:
    Send HTTP request

Option 2: Add more inline comments explaining what's happening and why. The current function states it's iterating over all HTTP methods but does not explain why, the "why" is the important part. Also worth mentioning: does this assume every method is defined, or are default definitions of methods such as OPTIONS coming through about being assigned to expect an HTTP 405 response?

---

This issue affects two categories in my review of the repository:

• Experience: Does the project provide a good experience to users?
• Internals: Is the implementation efficient, effective, and maintainable?

[SaketramDurbha]

Sorry, I believe this confusion is due to the logic of the code being in two places. We're not actually making requests for all HTTP methods for each endpoint.

So util.ValidateEndpoints takes a openapi3.Paths argument, which is a map of endpoint strings (like "/", "/hello", "/world") to a pointer to their respective openapi3.PathItem object.

We iterate through each endpoint string and PathItem. Each PathItem contains multiple pointers openapi3.Operations for each HTTP method. With the library we're using, the Operation for a specific HTTP method is nil if either we didn't manually set it (as is the case for the default test we're currently using) or if the openapi v3 file we're reading in doesn't specify an Operation object (support for custom openapi v3 files to specify endpoint tests is planned).

For each HTTP method and endpoint, the corresponding Operation object is passed to util.validateEndpointOperation, which is responsible for making the test HTTP requests for each Operation.

But util.ValidateEndpoints doesn't do nil-checking on Operation objects itself; it leaves that to util.validateEndpointOperation. If a nil Operation is passed to this function, it returns immediately and doesn't perform any tests.

We can either make a PR to add comments here or move the Operation nil-checking to util.ValidateEndpoints.

I hope this makes sense.