Merge pull request #1819 from microsoft/mk/revert-empty-security-array-fix

Revert: Security array initialization to avoid a breaking change

Author: MaggieKimani1

src/Microsoft.OpenApi/Models/OpenApiDocument.cs

@@ -48,7 +48,7 @@ public class OpenApiDocument : IOpenApiSerializable, IOpenApiExtensible, IOpenAp
         /// <summary>
         /// A declaration of which security mechanisms can be used across the API.
         /// </summary>
-        public IList<OpenApiSecurityRequirement> SecurityRequirements { get; set; }
+        public IList<OpenApiSecurityRequirement> SecurityRequirements { get; set; } = new List<OpenApiSecurityRequirement>();
 
         /// <summary>
         /// A list of tags used by the specification with additional metadata.

src/Microsoft.OpenApi/Models/OpenApiOperation.cs

@@ -91,7 +91,7 @@ public class OpenApiOperation : IOpenApiSerializable, IOpenApiExtensible, IOpenA
         /// This definition overrides any declared top-level security.
         /// To remove a top-level security declaration, an empty array can be used.
         /// </summary>
-        public IList<OpenApiSecurityRequirement> Security { get; set; }
+        public IList<OpenApiSecurityRequirement> Security { get; set; } = new List<OpenApiSecurityRequirement>();
 
         /// <summary>
         /// An alternative server array to service this operation.

test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs

@@ -1433,65 +1433,5 @@ public void ParseBasicDocumentWithServerVariableAndNoDefaultShouldFail()
 
             diagnostic.Errors.Should().NotBeEmpty();
         }
-
-        [Fact]
-        public void ParseDocumentWithMissingSecuritySchemeDefaultsToNull()
-        {
-            // Arrange
-            var input = @"openapi: 3.0.0
-info:
-  title: test
-  version: ""1.0""
-paths:
-  /test:
-    get:
-      description: description for test path
-      responses:
-        '200':
-          description: test
-components:
-  securitySchemes:
-    apiKey0:
-      type: apiKey,
-      name: x-api-key,
-      in: header";
-
-            // Act && Assert
-            var doc = new OpenApiStringReader().Read(input, out var diagnostic);
-
-            doc.Paths["/test"].Operations[OperationType.Get].Security.Should().BeNull();
-            doc.SecurityRequirements.Should().BeNull();
-        }
-
-        [Fact]
-        public void ParseDocumentWithEmptySecuritySchemeDefaultsToEmptyList()
-        {
-            // Arrange
-            var input = @"openapi: 3.0.0
-info:
-  title: test
-  version: ""1.0""
-paths:
-  /test:
-    get:
-      description: description for test path
-      responses:
-        '200':
-          description: test
-      security: []
-security: 
-- apiKey0: []
-components:
-  securitySchemes:
-    apiKey0:
-      type: apiKey,
-      name: x-api-key,
-      in: header";
-
-            // Act && Assert
-            var doc = new OpenApiStringReader().Read(input, out var diagnostic);
-
-            doc.Paths["/test"].Operations[OperationType.Get].Security.Should().BeEmpty();
-        }
     }
 }