Feature Request: Add `except` option to skip validation for specific parameters when testing error responses

[sadahiro-ono]

Note: I have already submitted PR #465 with a working implementation. Opening this issue to discuss the feature and gather feedback.

Problem

When testing error responses (401, 400, etc.) with assert_request_schema_confirm, validation fails if required parameters are intentionally omitted.

Example:

paths:
  /resources:
    get:
      parameters:
        - name: Authorization
          in: header
          required: true
        - name: page
          in: query
          required: true

it 'returns 401 when Authorization header is missing' do
  get '/resources', params: { page: 1 }
  # Cannot call assert_request_schema_confirm - fails because Authorization is missing
  assert_response_schema_confirm(401)
end

Current workaround: Skip assert_request_schema_confirm entirely.

Problem with this: Other parameters (like page) are not validated, reducing test reliability.

Proposed Solution

Add an except option to exclude specific parameters from validation:

it 'returns 401 when Authorization header is missing' do
  get '/resources', params: { page: 1 }
  
  # Exclude Authorization header, validate everything else
  assert_request_schema_confirm(except: { header: ['Authorization'] })
  
  assert_response_schema_confirm(401)
end

Supported parameter types:

assert_request_schema_confirm(except: {
  header: ['Authorization'],
  query: ['page'],
  path: ['id'],
  body: ['optional_field']
})

Benefits

• Test error responses while validating non-excepted parameters
• Detect parameter drift from schema in error scenarios
• Maintain test reliability

Implementation

The implementation in PR #465 temporarily injects dummy values for excepted parameters that are missing from the request before validation, then restores the original values afterward via an ensure block.

Would appreciate feedback on whether this aligns with the project's direction.

[geemus]

Thanks for the detailed explanation, and apologies that it's taken me a bit to get to looking into it. Overall the idea and approach sound reasonable to me, I'll look into the specifics of the PR next. Thanks!

[geemus]

@sadahiro-ono Hey, I'm a bit confused between this issue and the PR as they appear to suggest quite different approaches. The issue suggests skipping validation checks for entries in the except list (and explicitly says that dummy values are not injected), whereas the PR automatically adds dummy values to these instead. Could you help me understand the intention and goals here as the two point in very different directions.

[sadahiro-ono]

@geemus
Thank you for pointing out the discrepancy!

You're right — the issue description was inaccurate. The statement "without injecting dummy values into the request" was incorrect.
The actual implementation works as follows:

• For each excepted parameter, if it is missing (nil), a dummy value is temporarily injected before validation
• After validation, the original values are restored via an ensure block

So the approach is "temporary dummy value injection + restore", not "schema filtering". I've updated the issue description to accurately reflect this.