[Feature Request] Schema validation on an API Gateway Request

[Hugodby]

I defined a schema to validate API request. It works fine in API Gateway but sam local doesn't execute the request validation. The lambda function is then executed with incorrect payload.

RestApi:
    Type: AWS::Serverless::Api
    Properties:
        StageName: Prod
        Cors: 
          AllowOrigin: "'*'"
          AllowHeaders:
            "'Content-Type'"
        DefinitionBody:
            swagger: "2.0"
            info:
              title:
                Ref: AWS::StackName
            x-amazon-apigateway-request-validators:
              all: 
                validateRequestBody: true
                validateRequestParameters: true
            paths:
              "/object":
                post:
                  x-amazon-apigateway-request-validator: all
                  parameters:
                    - in: body
                      name: Object
                      required: true
                      schema:
                        type: object
                        properties:
                          title:
                            type: string
                            minLength: 10
                            maxLength: 200
                          description:
                            type: string
                            minLength: 10
                            maxLength: 600
                        required:
                          - title
                          - description
                  x-amazon-apigateway-integration:
                    httpMethod: POST
                    type: aws_proxy
                    uri:
                      Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Post.Arn}/invocations
                  responses: {}

Is it the normal behavior ? Will it be implemented ?

[jfuss]

SAM CLI does not do any schema validation on the request like API Gateway does. Marking this as a feature request and will update the title to reflect the request.

[d-smith]

Note that in addition to not supporting schema validation, template mapping for requests and responses are also not supported -- would including request and response mapping be bundled with schema validation?

I can align how I extract payload data between the gateway integration and sam local via a request template of {"body": $input.json('$')}, still working on aligning the response as return {statusCode: 200, body: responseBody}; does not make the output JSON available via curl.

[RyPope]

Would love to see this as a feature. It would be great to be able to use API Gateway with AWS SAM but if even one API needs integration then it feels cleaner to manually manage all of them.

[feelgoodman]

Any update on this? Bit of a gap in my integration tests if I can't test the validation

[azarboon]

Adding RequestParameters to AWS::Serverless::Function, doesn't enforce it. Even though the query string is defined as required, but it's not enforced.

            RequestParameters: 
              - method.request.querystring.myString: 
                  Required: true

And in API GW console, under URL Query String Parameters, it shows this warning:

You have marked some query string parameter as required but thee request validator assigned to this method is not configured to validate parameters. To ensure that incoming HTTP requests include the required query string parameters, select an appropriate request validator.

This makes us to need to updated RequestParameters in template (in order to have updated Swagger specs) and to update Lambda business logic (to perform validation). So it's extra work and can lead to inconsistency.

[teemuniiranen]

This would be nice to be able to run integration tests locally. Without validation included it really keeps you thinking about validation in lambda code.

[dtelaroli]

+1

[joshgoodson]

+1

[alez007]

+1

[ghost]

+1

[edinpark01]

+1

[steviec]

At a minimum, it would be really helpful for this to be flagged in the debug logs. I spent hours tweaking my OpenAPI file assuming that I was doing something wrong in the x-amazon-apigateway-request-validators stanza, only to find out after uploading it to the AWS Gateway that my validations were fine and it was just an SAM CLI issue :(.

[atigm]

You have this bug if you use the console, but if you use CLI you must not have this problem.

aws apigateway import-rest-api --body file://swagger.yaml --region <region>

or for version 2 : aws2 apigateway import-rest-api --cli-binary-format raw-in-base64-out --body file://swagger.yaml --region <region>

[5t33]

+10

[praneetap]

Thanks for your interest in this feature. We are hesitant to merge this today because with the current resources we would not be able to commit to maintaining this feature in the long run - maintain feature parity and fix issues with the implementation in a timely manner. Given the reaction we can see that this is important to the community and we recommend one of the two alternatives -

1. We highly recommend you to use SAM Accelerate to test this in your development environment in the cloud. Here is a helpful video to learn more about it, and here is the installation instructions for the beta version. Please let us know if this helps with your testing needs.
2. If testing in the cloud is not an option for you, we are considering adding plugin support if there is enough interest. Upvote and comment on this tracking issue, if building this as a plugin would be something you would be interested in instead.

[zomgbre]

@praneetap

It's curious that this is advertised heavily in the AWS documentation and by TAMs and solution architects as a solution to test and develop serverless applications yet there aren't enough resources for the project.

In the past, there have been other things of this nature that have completely deterred us from using serverless and SAM specifically. It doesn't feel great to hear, as an AWS customer, that a technology so front and center doesn't have enough resources dedicated to it.

I don't think idea number 1 is an acceptable solution because it is important to be able to emulate this feature locally for development and testing. It also helps to "sell" this technology to developers who are averse to using serverless because of this problem of not being able to troubleshoot and emulate things locally. As an AWS advocate at my company, this has been a main failure point to convince teams to leverage the technology.

I think I could live with the second suggestion, but it doesn't feel super great either.

Looking forward to see movement on this issue in the future.

[CSBatchelor]

+1

[kaushalye]

+1

[jfuss]

Thank you for the interest. To support this today in cloud, you can use sam sync. We are still exploring a Plugin based solution for local development to allow the community to enable/extend features like this. Give that, we are closing this in favor of the Plugins tracking issue: #3265

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[andreikho]

No serious, enterprise-grade company would consider even touching AWS SAM, not with the current features, nor the dismissive attitude, as if this was an optional thing.