From b09ce6a488203af3c60469a00d9e46997aa3af13 Mon Sep 17 00:00:00 2001
From: Michael Jared Lumpe <mjlumpe@gmail.com>
Date: Tue, 27 Sep 2016 11:12:33 -0700
Subject: [PATCH] Allow overriding security spec with empty list

---
 bravado_core/operation.py               |  5 +++--
 tests/operation/conftest.py             | 12 ++++++++++++
 tests/operation/security_object_test.py | 15 +++++++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/bravado_core/operation.py b/bravado_core/operation.py
index fbe130e9..4eb58d9a 100644
--- a/bravado_core/operation.py
+++ b/bravado_core/operation.py
@@ -59,8 +59,9 @@ def security_objects(self):
             deref = self.swagger_spec.deref
             op_spec = deref(self.op_spec)
             spec_dict = deref(self.swagger_spec.spec_dict)
-            security_spec = deref(op_spec.get('security', []))
-            if len(security_spec) == 0:
+            if 'security' in op_spec:
+                security_spec = deref(op_spec['security'])
+            else:
                 security_spec = spec_dict.get('security', [])
             security_defs_dict = spec_dict.get('securityDefinitions', {})
 
diff --git a/tests/operation/conftest.py b/tests/operation/conftest.py
index ba81e70f..3c81093c 100644
--- a/tests/operation/conftest.py
+++ b/tests/operation/conftest.py
@@ -146,3 +146,15 @@ def specs_with_security_obj_in_root_and_no_security_specs(
 ):
     del specs_with_security_obj_in_root_and_security_specs['securityDefinitions']  # noqa
     return specs_with_security_obj_in_root_and_security_specs
+
+
+@pytest.fixture
+def specs_with_security_obj_in_root_and_empty_security_spec(
+    specs_with_security_obj_in_root_and_security_specs
+):
+    path_spec = specs_with_security_obj_in_root_and_security_specs['paths']
+    for path, path_item in iteritems(path_spec):
+        for http_method in path_item.keys():
+            path_item[http_method]['security'] = []
+
+    return specs_with_security_obj_in_root_and_security_specs
diff --git a/tests/operation/security_object_test.py b/tests/operation/security_object_test.py
index e8dbd12d..cff4fb2e 100644
--- a/tests/operation/security_object_test.py
+++ b/tests/operation/security_object_test.py
@@ -67,6 +67,21 @@ def test_op_with_security_in_root_with_security_defs(
     )
 
 
+def test_op_with_security_in_root_with_empty_security_spec(
+        specs_with_security_obj_in_root_and_empty_security_spec,
+):
+    resources = build_resources(Spec(
+            specs_with_security_obj_in_root_and_empty_security_spec,
+    ))
+
+    resource = resources.get('pet')
+    assert resource is not None
+
+    operation = getattr(resource, 'findPetsByStatus')
+    assert operation is not None
+    assert len(operation.security_objects) == 0
+
+
 def test_correct_request_with_apiKey_security(petstore_spec):
     request = Mock(
         spec=IncomingRequest,