sam validate expects DefinitionBody or DefinitionUri to be set

[keetonian]

Description:

Since the Default Definition Body feature, SAM provides a default DefinitionBody if neither a DefinitionBody or DefinitionUri is set on a AWS::Serverless:Api resource.

SAM CLI still expects DefinitionBody or DefinitionUri to be set in the validation workflow as found here. This assumption should be fixed (check for and replace DefinitionUri with a S3 location if it exists, otherwise do nothing).

Steps to reproduce the issue:

1. run sam validate on https://github.com/awslabs/serverless-application-model/blob/master/examples/2016-10-31/api_cognito_auth/template.yaml

Observed result:

Template provided at '...examples/2016-10-31/api_cognito_auth/template.yaml' was invalid SAM Template.
Error: [InvalidResourceException('MyApi', "Cors works only with inline Swagger specified in 'DefinitionBody' property")] ('MyApi', "Cors works only with inline Swagger specified in 'DefinitionBody' property")

Expected result:
Validation should succeed

Output of sam --version:
0.7.0, 0.8.0, 0.9.0

[aetherical]

Are there any updates? Not being able to run validate and/or cfn-lint really makes automated CI/CD difficult

[jackmcguire1]

please someone, work on this <3

[rudpot]

Still seeing this with sam 0.16.1 please fix

[jfuss]

@jackmcguire1 or @rudpot Either of you want to take a stab at a fix?

[azarboon]

yes I have this problem too and this is annoying. Having Cognito in my template, sam validate becomes useless.

[LennyDuan]

Still have this issue, please fix it!

[jfuss]

Release in v0.21.0.

Closing

[paulsson-cs]

Release in v0.21.0.

Closing

@jfuss 'sam validate' seems to still be broken if using Fn::Transform and AWS::Include to reference and include an OpenAPI definition in a separate file while having a Globals -> Api -> Cors config in the SAM template.

sam --version
SAM CLI, version 0.22.0

SAM template:

Globals:
  Function:
    Runtime: nodejs10.x
    Timeout: 60
  Api:
    Cors:
      AllowOrigin: 
        Fn::Sub: "'${CorsAllowOrigin}'"
      AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
      AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"

...
      DefinitionBody:
        Fn::Transform:
          Name: AWS::Include
          Parameters:
            Location: ./openapi.yaml

sam validate
Template provided at '<my_path>/template.yaml' was invalid SAM Template.
Error: [InvalidResourceException('MyApi', "Unable to add Cors configuration because 'DefinitionBody' does not contain a valid Swagger")] ('MyApi', "Unable to add Cors configuration because 'DefinitionBody' does not contain a valid Swagger")

If I comment out my global cors config in my SAM template then validation works fine.

[afittz]

@jfuss I'm also experiencing the same issue paulsson-cs is reporting. Anyway we can get this one reopened to address this?

[Qamar-Zaman]

You need to add swagger: 2.0 under DefinitionBody for your API

[piersf]

This still seems to be an issue: #1074 (comment)

[topmenu-kl]

I have SAM CLI, version 1.6.2
and I still have this error.

Reopen an fix it please.

[rainabba]

Seems to me that this should not be closed. I'm encountering this very same error, even though my stack deploys and runs fine.

Serverless API

MyApi:
  Type: 'AWS::Serverless::Api'
  Properties:
    Name: !Sub ${ENV}-my-api
    Domain:
      BasePath: !Ref StageName
      DomainName: !Ref CustomDomainName
      CertificateArn: !If [ CreateCert, !Ref AutoGeneratedCert, !Ref CertArn ]
      Route53:
        HostedZoneId: !If [ CreateZone, !Ref HostedZoneId, !Ref ZoneId ]
        EvaluateTargetHealth: true
        IpV6: true
    StageName: !Ref StageName
    EndpointConfiguration: REGIONAL
    DefinitionBody:
      Fn::Transform:
        Name: AWS::Include
        Parameters:
          Location: openapi.yaml
    Auth:
      UsagePlan:
        UsagePlanName: fooUsagePlan
        CreateUsagePlan: SHARED
        Throttle:
          BurstLimit: 1000
          RateLimit: 500
    Tags:
      service: my-service
      env: !Sub ${ENV}
    Variables:
      LOG_LEVEL: "99"
      env: !Sub ${ENV}

Result from sam validate

Template provided at './template.yaml' was invalid SAM Template.
Error: [InvalidResourceException('MyApi', "Unable to add Auth configuration because 'DefinitionBody' does not contain a valid Swagger definition.")] ('MyApi', "Unable to add Auth configuration because 'DefinitionBody' does not contain a valid Swagger definition.")

[julianste]

Same issue here, this is my current workaround:

  ApiGatewayHttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
#      DefinitionUri: api/swagger.yaml # this does not work and seems to be a bug in AWS SAM
      DefinitionBody:
          openapi: "3.0.1" # workaround to get `sam validate` to work
          paths: # workaround to get `sam validate` to work
            /foo: bar # workaround to get `sam validate` to work
          Fn::Transform:
            Name: AWS::Include
            Parameters:
              Location: src/api/swagger.yaml

[rainabba]

@julianste I've moved to SAM nightlies (1.21.1) to see if it was resolved there. I tried your 3 workaround lines, but got another error. Seems it's not happy with that incomplete definition.

if definition_body.get("paths").get(path).get("options"):
AttributeError: 'str' object has no attribute 'get'

[julianste]

@julianste I've moved to SAM nightlies (1.21.1) to see if it was resolved there. I tried your 3 workaround lines, but got another error. Seems it's not happy with that incomplete definition.

if definition_body.get("paths").get(path).get("options"):

AttributeError: 'str' object has no attribute 'get'

@rainabba my workaround probably just works for AWS::Serverless::HttpApi. Maybe insert some dummy dict containing options?

EDIT: Something like this seems to satisfy sam validate but I'm not sure about any other implications...

    Type: AWS::Serverless::Api
    Properties:
#      DefinitionUri: api/swagger.yaml # this does not work and seems to be a bug in AWS SAM
      DefinitionBody:
          openapi: "3.0.1" # workaround to get `sam validate` to work
          paths: # workaround to get `sam validate` to work
            /foo:
              options: {} # workaround to get `sam validate` to work
          Fn::Transform:
            Name: AWS::Include
            Parameters:
              Location: src/api/swagger.yaml

[NickHeap2]

@julianste @rainabba I have this working locally. The fix is to get the validator to detect the Transform->Include->Location pattern and replace the DefinitionBody with the contents of the yaml file itself during validation.

[TodorGinchev]

The workaround of copying contents of the api definition swagger file and pasting them exactly as they are under "DefinitionBody:" works. Thank you!

However, this is not a practical solution and a very error-prone one. @jfuss I do not think this ticket should be kept closed, the issue is still there.

[aleguern]

It worked without the definitionBody for couple of AWS SAM versions, and now it does not, possible regression ?

[NickHeap2]

@aleguern I fixed this problem under #3451 but it had to be rolled back due to this issue #3676

[NickHeap2]

@aleguern Turns out the fix for this was easy enough so I'm pushing this through again in a new PR.

[aleguern]

Great news thank you so much

[NickHeap2]

@aleguern PR is here: #3882

[cortexcompiler]

I see this same issue in SAM CLI version 1.61.0, it looks like the PR #3882 was never merged. Are there any plans to fix this?

[NickHeap2]

I see this same issue in SAM CLI version 1.61.0, it looks like the PR #3882 was never merged. Are there any plans to fix this?

@cortexcompiler I ran out of capacity to make all the required changes that came up in the fix PR.
If this is important to you I can try and revive the PR when I have time.

[ansiichan]

problem still persists on version 1.81.0
error message
Error: [InvalidResourceException('Api', "Unable to add Auth configuration because 'DefinitionBody' does not contain a valid Swagger definition.")] ('Api', "Unable to add Auth configuration because 'DefinitionBody' does not contain a valid Swagger definition.")

is still beeing displayed erroneously even after passing correctly

DefinitionBody:
        'Fn::Transform':
          Name: 'AWS::Include'
          Parameters:
            Location: path/to/openapi/spec

stack still deploys and builds fine
workaround is still just to pass contents of .yaml file int the definition body directly

[evin-murphy]

I am getting this error "Unable to add Auth configuration because 'DefinitionBody' does not contain a valid Swagger definition" when using Fn::Transform on my OAS3 file and defining an IP whitelist; looks to be related to this issue and #3041. The deploy is successful if I skip sam validate.

with

Resources:
    ApiGateway:
        Type: AWS::Serverless::Api
        Properties:
            OpenApiVersion: 3.0.0
            DefinitionBody:
                'Fn::Transform':
                    Name: 'AWS::Include'
                    Parameters:
                        Location: 'oas3.yaml'
            StageName: Prod
            Auth:
                ResourcePolicy:
                    IpRangeWhitelist:
                        - !Ref IPWhitelist

I can use the workaround provided in #803 (comment) it would be great if this could be fixed.

@NickHeap2 do you think you would have capacity sometime to re-open your previous PR #3882? No worries if not.