Unable to Implement Path Parameter Request Validation - aws-lambda

I'm attempting to implement an API that does front-line path parameter validation using AWS SAM that will immediately reject calls whose input does not adhere to the rules defined in a SAM Models block.
Despite re-reading the docs and trying countless implementations, I am unable to reject calls that should be rejected. My GetPetFunction still executes when it shouldn't. Any ideas on what I'm doing wrong, looking at the sample from my template below? I do see the model generated on the APIG console with Request Validator set to params-only.
PetApi:
Type: AWS::Serverless::Api
Properties:
Models:
PetModel:
type: object
required:
- pet
- breed
- color
properties:
pet:
type: string
pattern: (dog|cat)
breed:
type: string
pattern: (poodle|tabby|husky)
color:
type: string
GetPetFunction:
Type: AWS::Serverless::Function
Properties:
Events:
ApiCall:
Type: Api
Properties:
Path: /{pet}/{breed}/{color}
Method: get
RestApiId: !Ref PetApi
RequestParameters:
- method.request.path.pet:
Required: true
- method.request.path.breed:
Required: true
- method.request.path.color:
Required: true
RequestModel:
Model: PetModel
Required: true
ValidateParameters: true

Related

AWS API Gateway schema validation with custom formats

Can I use my own custom formats in my OpenAPI definition and have the AWS API Gateway validate using them? I can't find any reference for this so I assume not?
For example, I would only like to greet guys named Dave:
swagger: "2.0"
info:
version: "1.0"
title: "Hello World API"
paths:
/hello/{user}:
get:
description: Returns a greeting to the user!
parameters:
- name: user
in: path
type: string
required: true
description: The name of the user to greet.
format: "guys-named-dave"
The documentation on this is a bit implicit, indeed. If you combine this
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-validation-set-up.html
with this
https://swagger.io/specification/#schema-object
the following should be a solution, that works (and it does!)
paths:
/hello
get:
x-amazon-apigateway-request-validator: params
parameters:
- name: user
in: path
required: true
schema:
type: string
pattern: ^.*dave.*$
x-amazon-apigateway-request-validators:
params:
validateRequestParameters: true
To allow for case insensitive names like "Dave" and "DAVE", try the pattern /.*dave.*/i. I don't know if this will work.

How to build multimodule gradle project with each module having its own Open API spec and the parent has all spec merge together on build

I am designing one application, the application should merge OpenAPI-3 specification files into a single file.
Consider the following open api v3 schema files color.yaml and book.yaml
color.yaml
openapi: 3.0.1
info:
title: OpenAPI definition
version: v0
servers:
- url: http://localhost:8080
description: Generated server url
paths:
/api/color/{name}:
get:
tags:
- color-controller
operationId: getColor
parameters:
- name: name
in: path
required: true
schema:
type: string
responses:
"200":
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/Color'
components:
schemas:
Color:
type: object
properties:
name:
type: string
red:
type: integer
format: int32
green:
type: integer
format: int32
blue:
type: integer
format: int32
book.yaml
openapi: 3.0.1
info:
title: OpenAPI definition
version: v0
servers:
- url: http://localhost:8080
description: Generated server url
paths:
/api/book/{name}:
get:
tags:
- book-controller
operationId: getBook
parameters:
- name: name
in: path
required: true
schema:
type: string
responses:
"200":
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/Book'
components:
schemas:
Book:
type: object
properties:
name:
type: string
iban:
type: string
</code>
The parent module should merge these files into a single master yaml spec file
**merged.yaml**
openapi: 3.0.1
info:
title: My title
version: 1.0.0-SNAPSHOT
servers:
- url: http://localhost:8080
description: Generated server url
paths:
/api/book/{name}:
get:
tags:
- book-controller
operationId: getBook
parameters:
- name: name
in: path
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/Book'
/api/color/{name}:
get:
tags:
- color-controller
operationId: getColor
parameters:
- name: name
in: path
required: true
style: simple
explode: false
schema:
type: string
responses:
"200":
description: OK
content:
'*/*':
schema:
$ref: '#/components/schemas/Color'
components:
schemas:
Book:
type: object
properties:
name:
type: string
iban:
type: string
Color:
type: object
properties:
name:
type: string
red:
type: integer
format: int32
green:
type: integer
format: int32
blue:
type: integer
format: int32
Also when I do changes to specific sub-module spec file it should reflect in parent spec file and should show in swagger-ui for testing.
Regarding the merging part of your question:
You can use APIMatic's API spec merge feature to first merge your specs and then transform the merged output into OpenAPI's format. Here are the steps:
Structure your directory as follows:
dir\
spec1\
color.yaml
spec2\
book.yaml
APIMATIC-META.json
A minimalistic APIMATIC-META.json can look like this to enable merging:
{
"MergeConfiguration": {
"MergedApiName": "My title",
"MergeApis": true,
"MergeSettings": {
"SkipCodeGenValidation": true
}
}
}
ZIP the directory, upload it and transform it via their website to OpenAPI v3 to get your merged output. Here is a link that provides step by step guide on uploading and performing a transformation: https://docs.apimatic.io/manage-apis/api-merging/#transforming-the-zipped-file
If you are looking to automate the process, APIMatic has an API too: https://www.apimatic.io/docs/api#/http/api-endpoints/transformation/transform-via-file

Generate Resource Logical Id name using a parameter in Sam template

I am using Sam template to deploy a lambda with a api gateway.
Trying to generate a custom resource Logical Id based on a Timestamp. for eg in example below: ApiDeployment$TIMESTAMP$: which is not working. Any ideas how I may achieve a dynamically configurable resource Logical Id name, using Sam template?
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Setup our API Gateway instances
Parameters:
StageName:
Type: String
Default: 'example_stage'
Description: 'The name of the stage to be created and managed within our API Gateway instance.'
Resources:
Api:
Type: AWS::ApiGateway::RestApi
Properties:
Name: ExampleApi
EndpointConfiguration:
Types:
- REGIONAL
# The body should contain the actual swagger
Body: $SWAGGER_DEFINITION$
# Timestamp is added so that each deployment is unique. Without a new timestamp, the deployment will not actually occur
ApiDeployment$TIMESTAMP$:
Type: AWS::ApiGateway::Deployment
DependsOn: [ Api ]
# we want to retain our deployment history
DeletionPolicy: Retain
Properties:
RestApiId:
Ref: Api
ApiStage:
Type: AWS::ApiGateway::Stage
DependsOn: [ApiDeployment$TIMESTAMP$]
Properties:
RestApiId:
Ref: Api
DeploymentId:
Ref: ApiDeployment$TIMESTAMP$
StageName: {Ref: StageName}
MethodSettings:
- ResourcePath: "/*"
HttpMethod: "*"
LoggingLevel: INFO
MetricsEnabled: true
DataTraceEnabled: true
Outputs:
Endpoint:
Description: Endpoint url
Value:
Fn::Sub: 'https://${Api}.execute-api.${AWS::Region}.amazonaws.com'

Accept only defined parameters for generated Spring-Server

First, I generated a spring-server using https://editor.swagger.io/.
The spring-server works quite well, but ignores these parameters that were not defined by me. So if I send a request to the server with the following JSON,
{
"art": "PK",
"termin": "2019-12-31",
"betrag": 120000,
"test": "test"
}
then I want to get an error, because the parameter "test" is not defined in my swagger.
My swagger code looks like this:
openapi: 3.0.1
info:
...
...
paths:
/vorgang:
post:
tags:
- vorgang
summary: Adds a vorgang
description: Adds a vorgang
operationId: addVorgang
requestBody:
description: procedure object
content:
application/json:
schema:
$ref: '#/components/schemas/Vorgang'
required: true
...
...
components:
schemas:
Vorgang:
type: object
properties:
art:
type: string
enum:
- PK
- FK
termin:
type: string
format: date
betrag:
type: number
format: double
required:
- art
- termin
- betrag

Gets duplicated mapping key error using openapi 3.0

I am trying to define my APIs using openapi version 3.0.0. I've generated following YAML file:
openapi: 3.0.0
info:
title: My YAML
description: My YAML
version: 1.0.0
servers:
- url: http://my.server.url
paths:
/v1/service/uri:
post:
summary: Getting some information.
parameters:
- name: Content-Type
in: header
description: Content type of request body.
required: true
style: simple
explode: false
schema:
type: string
- name: Host
in: header
description: Originate host which returns the response.
required: false
style: simple
explode: false
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/MyPostRequest'
example:
my_name: "zizi"
my_age: 29
required: true
responses:
200:
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/MyPostResponse'
components:
schemas:
MyPostRequest:
type: object
properties:
my_name:
type: string
my_age:
type: integer
format: int32
MyPostResponse:
type: object
properties:
status:
type: integer
format: int32
When I copy/paste these lines into Swagger Editor, it gives me duplicated mapping key error on line 19; it is for section description of parameter Content-Type.
I have studied openapi documentation, but I didn't see anything wrong with my YAML file.
I am not sure why you get that error, I tried to find out in which language Swagger is written, as there are several YAML parsers out there that are known to have problems, but couldn't easily determine that using google or wikipedia.
You don't have any duplicate keys in your file, but it is invalid (i.e. not valid YAML) because of the indentation of the key content (the second occurrence, the one under paths →
/v1/service/uri → post → responses → 200), that should be aligned with
description as that key cannot have a value node that is both a scalar (OK) as well as a mapping node content: ....

Resources