Support Request Validator to the method on API Event

[scarlier]

Description: Defining api model to required=true will not add the Request Validator to the method.

with following sam template and sam cli version 0.40

AWSTemplateFormatVersion : "2010-09-09"
Transform: "AWS::Serverless-2016-10-31"

Globals:
  Function:
    AutoPublishAlias: live
    Runtime: python3.8
    Handler: lambda_handler.handler

Resources:

  restGateway:
    Type: "AWS::Serverless::Api"
    Properties:
      StageName: default
      Models:
        SomeModel:
          type: object
          properties:
            keyname:
              type: string
          required:
            - keyname

  byIamcToken:
    Type: "AWS::Serverless::Function"
    Properties:
      CodeUri: src.zip
      Events:
        HttpGet:
          Type: Api
          Properties:
            Path: '/request-path'
            Method: post
            RestApiId: !Ref restGateway
            RequestModel:
              Model: SomeModel
              Required: true

Observed result:
Request Validator in method settings has value "NONE"

Expected result:
Request Validator in method settings has value "Validate body..."

[praneetap]

Thanks for the feature request! We have passed this along to our product team for possible prioritization. Please +1 on the feature to help with prioritization.

[brysontyrrell]

@praneetap this has been raised before. I opened issue #1232 and it was quickly closed in favor of #931

[asyba]

+1

[g-pelletier]

A temporary solution could be to add a partial DefinitionBody in your ApiGateway resource :

   DefinitionBody:
        swagger: 2.0
        x-amazon-apigateway-request-validators:
          basic:
            validateRequestBody: true
            validateRequestParameters: true
        x-amazon-apigateway-request-validator: basic
        paths:
          /request-path:
            post:
              x-amazon-apigateway-integration:
                httpMethod: POST
                type: aws_proxy
                uri:
                  Fn::Sub: 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${byIamcToken.Arn}/invocations'
         parameters:
              - required: true
                in: body
                name: somemodel
                schema:
                  $ref: '#/definitions/somemodel'

This will add a validator named basic and will add it to every function in your apigateway, thus will enforce validation of the body and parameters (tweak it as you need)

[brysontyrrell]

@g-pelletier as I understand you can't do a partial swagger doc. You'll need to define the full API and the links to the Lambda functions as SAM will either generate the swagger doc or it will rely on the one provided if you've set DefinitionBody.

I believe in the case of the new HttpApi resource they have designed that to be able to merge source and auto-generated definitions. @praneetap can you verify?

[g-pelletier]

You can generate partial swagger doc. I just did in our templates that needed request body verification. What I posted is exactly what I used combined with something similiar as what is posted in the original post.

[brysontyrrell]

@g-pelletier disregard that last comment. I wasn't thinking. What you posted is what we've had to do for similar workarounds as well. Though I don't think you could really call that a partial swagger doc.

[g-pelletier]

Sorry, by partial, I meant that you don't need to write the full API code to have it working. SAM will append the other parts, such as Models and Authorizers.

[agostbiro]

@praneetap @keetonian could you provide some info on how this relates to #931 and #1232? Those issues seem to suggest that there is work underway yet this issue seems to be still in triage? I'd avoid the swagger workaround if validation support for AWS::Serverless::Api-Models is in the pipeline.

[paolorechia]

Hi!

I was a little bit annoyed with the lack of this feature, so I started hacking away a possible solution. I ended up with a version that works locally using cloud formation packaging/deploy, but I am not sure if it would be eligible for a Pull Request. I would appreciate if anyone would give me a feedback whether this would be useful to the general development of the specification.

Basically, I've added properties to the SAM specification

• GenerateValidators inside AWS::Serverless::API
• GeneratedValidator inside AWS::Serverless::Function implicit API event source.

The first one basically injects the following on the generated template:

          "x-amazon-apigateway-request-validators": {
            "BODY": {
              "validateRequestParameters": false, 
              "validateRequestBody": true
            }, 
            "FULL": {
              "validateRequestParameters": true, 
              "validateRequestBody": false
            }, 
            "PARAMS": {
              "validateRequestParameters": true, 
              "validateRequestBody": false
            }
          }

Then the second would inject this to the API Method:

                "x-amazon-apigateway-request-validator": "BODY",

A sample template would be:

  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      GenerateValidators: true  # New property
      StageName: Dev
      Models:
        Book:
          required:
          - name
          - author
          type: object
          properties:
            name:
              type: string
            author:
              type: string
              description: author

  CreateBookFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: dynamo/
      Handler: handlers.put_item_handler
      Events:
        HelloWorld:
          Type: Api 
          Properties:
            RestApiId: !Ref MyApi
            Path: /book
            Method: post
            RequestModel:
              Model: Book
              Required: true
            GeneratedValidator: BODY  # New property

[AntonUspishnyi]

Still need "Request Validator" parameter in SAM.

[ifurs]

+1 for "Request Validator"

[Bigsamovar]

Still need "Request Validator" parameter in SAM.

+1

[Doroschuk]

Still need "Request Validator" parameter in SAM.

+++

[Lifeformwp]

Still need "Request Validator" parameter in SAM.

+1

[ShytN1k]

Still need "Request Validator" parameter in SAM.

+1

[AlexOliinyk]

++

[PashaKoval]

+1

[wgfilho]

+1

[AntonUspishnyi]

Hi!
Is there any ETA?

[yuryks]

+1

[johangu]

+1

[revolutionisme]

This is really needed.

[AntonUspishnyi]

Up

[MaiKaY]

+1

[YegresOm]

[Bigsamovar]

+1

[jetchopper]

+1

[edreanernst]

+1

[karthikvadla]

++++++1

[codepay4999]

+1

[huiliuPaf]

+1

[drwxmrrs]

+1

[hirro]

+1

[mixalis-ombashis]

+1

[nicodewet]

+1 (and it's somewhat annoying to have to waste time on this topic)

[Rondineli]

I have added a PR to try fix this: #2026
I also need when deploy a model set the validation to the route/method.

If someone could review and give a +1.

[jdonboch]

+1, we need this!

[dominicfarr]

Ok, so I'm not going mad: I've spent several days trying to get SAM to add a Request Validator. Looks like the PR above will make this simple to do.
+1

[claranetpetecocoon]

+1

[AllanOricil]

Now that the solution was implemented. Can somebody explain to me what is the main advantage of having validation as a Request Validator instead of validating in the code?

My guess it that AWS won't even charge me if the request validation failed, while if I do the validation in the code AWS will charge me for the seconds the code spent validating. Is this guess accurate?

[AntonUspishnyi]

@AllanOricil I mean, why do something by yourself when you can outsource it to AWS? :)
Also, it's a win-win for overall request latency.

[petecocoon]

Has this feature been released?

[AllanOricil]

@AllanOricil I mean, why do something by yourself when you can outsource it to AWS? :)
Also, it's a win-win for overall request latency.

@AntonUspehov but does AWS charge me for the time the Request Validator validation takes or per validation/request?

[AntonUspishnyi]

@AllanOricil I mean, why do something by yourself when you can outsource it to AWS? :)
Also, it's a win-win for overall request latency.

@AntonUspehov, but does AWS charge me for the time the Request Validator validation takes or per validation/request?

@AllanOricil No, only for the API Gateway request, as I know. Lambda won't even be trigger.

[AllanOricil]

@AllanOricil I mean, why do something by yourself when you can outsource it to AWS? :)
Also, it's a win-win for overall request latency.

@AntonUspehov, but does AWS charge me for the time the Request Validator validation takes or per validation/request?

@AllanOricil No, only for the API Gateway request, as I know. Lambda won't even be trigger.

Cool. I will start testing it :D
Amazing job guys.
If anybody here needs a serverless app developer, you can count on me as well.

[moelasmar]

This feature has been released.

[santiperone]

I have a question regarding this feature @moelasmar. Typically, one would want to validate for request parametes only. But in order to do this you need to define a RequestModel, would it be better being able to enable parameterValidation from requestParameters instead?

[Rondineli]

@santiperone I created another PR for this scenario: #2450

A thumbs up at the PR would be appreciated!

[antoineaws]

Team, currently there seems to be a missing piece, when adding request parameters to the SAM template as below, the request parameters get added properly, however the "Request validator" flag doesn't get set and remain None. Our SAM docs for EventSource doesn't seem to have a property to set the Request Validator. Am I missing something?

      Events:
        ServerlessRestApiGETMethod:
          Type: Api
          Properties:
            RestApiId: !Ref Api
            Path: /my-path
            Method: GET
            RequestParameters:
              - method.request.querystring.param1:
                  Required: true
              - method.request.querystring.param2:
                  Required: true

cc @moelasmar

Cheers

[Rondineli]

I had created this PR to address it, but it was not accepted, it is something I would like really implemented, but never got clear directive of better implementation of it. I would be happy to cut a new PR to do it if I have clear direction on it. cc: @moelasmar
My PR: #2450

[AllanOricil]

Just switch to cdk or pollumi. Use SAM for testing your lambdas locally. Much easier than write these templates by hand

[jasonterando]

Is this topic dead?