-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: AWS API Gateway OpenAPI validators trigger AwsSolutions-APIG2 #1312
Conversation
node, | ||
node.getMetadata('aws:asset:path') | ||
); | ||
console.log(assetOutdir, assetPath); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to remove the log statement
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I must have forgotten to remove that. It should be fixed now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good start! There are quite a few more cases we need to consider there though
const specFile = yamlparse( | ||
readFileSync(assetOutdir + '/' + assetPath, 'utf-8') | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should use the official OpenApi Library/Types for processing the spec
@@ -27,6 +29,36 @@ export default Object.defineProperty( | |||
} | |||
} | |||
} | |||
if (node.bodyS3Location) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't capture the case where a user uses the L1 CfnRestApi
directly and uses the Body property
const specFile = yamlparse( | ||
readFileSync(assetOutdir + '/' + assetPath, 'utf-8') | ||
); | ||
if ('x-amazon-apigateway-request-validators' in specFile) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The docs mentions that this can be done on a per method basis as well instead of just globally.
Each method can also override the global config, that needs to be checked as well
@awsntheule Are you still working on this or can I close the PR? |
Closing due to inactivity |
Fixes #1075
This fix has been implemented by checking if a
CfnRestApi
resource has thebodyS3Location
property defined. The property identifies that an api is being created by importing an api from a YAML or JSON file (note that thebody
property that is used when creating an inline api definition or by adding methods later in code does not get defined when importing an api definition).If the
bodyS3Location
property is defined, the changes proposed here will construct the local path to the asset file that is created for the import so that it can verify the imported api definition uses request validation.An additional dependency was also added (the npm page can be found here). This is a YAML parser that is used to parse a provided api definition file and verify that it uses request validation. Typescript does not include a YAML parser, so this would need to be provided externally so that YAML files can be checked. It also will automatically parse JSON as well with no additional code required.
Adding this dependency could also be useful in the future for checking other services that may import files in a similar way.