[API Gateway] Support Request Body Validation

[ekrengel]

We are tabling this work. It appears to not add much values since passthrough behavior is not configurable for proxy integrations (like lambdas).

An example of how this may look:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

let endpoint = new awsx.apigateway.API("example", {
    routes: [{
        path: "/",
        method: "GET",
        eventHandler: async (event) => {
            return {
                statusCode: 200,
                body: "hello",
            };
        },
        requestBody: {
            modelName: "Example",
            required: true,
            model: {
                type: "object",
                properties: {
                    "key": {
                        type: "string",
                    },
                },
                required: ["key"],
            },
        },
    }],
})

Note that if the requested Content-Type header does not match a model the request will be passed through to your backend. AWS Gateway does not provide the option to modify passthrough behaviors for proxy integrations. For the above example, request validation only works validates the body for requests with "Content-Type: application/json". If the request had a header equal to "Content-Type: application/xml", then API Gateway passes the entire request through to your backend.

[ryanswrt]

One possible value in having body validation is for generation of the swagger specification - currently it seems like you'd have to do it manually and have no way to ensure that it is kept in sync with the implementation.

[sebaaaz]

Hello! Any updates of this issue? Is there a way to perform body validation without using the Swagger specification?

We could achieve this by creating the integration separately with pulumi_aws.apigateway.Integration. However, it would be great if the module supported this feature.

[thetoxicavenger]

no judgment, just curious as to why this hasn't been implemented yet? is there a technical challenge here?

Note that if the requested Content-Type header does not match a model the request will be passed through to your backend. AWS Gateway does not provide the option to modify passthrough behaviors for proxy integrations. For the above example, request validation only works validates the body for requests with "Content-Type: application/json". If the request had a header equal to "Content-Type: application/xml", then API Gateway passes the entire request through to your backend.

I don't think that negates the usefulness of this feature, though, right? Sending the wrong content type header feels like an edge case, and you can configure your integration to just send 500 if the content type is incorrect.