-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Crash when using an invalid method in open api #2001
Conversation
When customers use auth and define an invalid method in the open api definition, SAM would return a 'server error'. This was actually due to SAM attempting to get the method from the path. If the method was not a supported method and non-lowercase, SAM would attempt to fetch the lower case method and crash with a KeyError. This PR addresses that by checking for the valid methods supported.
DefinitionBody: | ||
swagger: 2.0 | ||
paths: | ||
"/a": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the httpMethod and paths dont line up with the test itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I swear this worked locally. Good catch.
Codecov Report
@@ Coverage Diff @@
## develop #2001 +/- ##
========================================
Coverage 93.84% 93.84%
========================================
Files 90 90
Lines 5976 5994 +18
Branches 1215 1225 +10
========================================
+ Hits 5608 5625 +17
Misses 169 169
- Partials 199 200 +1
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
Coverage is decreasing, I think you need to add 1 test in |
@mgrandis Added. Side note: I don't really understand why we have codecov on this repo. Our builds will fail if code coverage falls below 95%: https://github.com/aws/serverless-application-model/blob/develop/Makefile#L9 which will include coverage from all the "functional" tests in |
When customers use auth and define an invalid method in the open api definition, SAM would return a 'server error'. This was actually due to SAM attempting to get the method from the path. If the method was not a supported method and non-lowercase, SAM would attempt to fetch the lower case method and crash with a KeyError. This PR addresses that by checking for the valid methods supported. Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com>
* chore: don't install integration tests (#1964) * Remove unnecessary use of comprehension (#1805) * fix: Grammatical error in README.md (#1965) * fix: Added SAR Support Check (#1972) * Added SAR Support Check * Added docstring and Removed Instance Initialization for Class Method * update pyyaml version to get the security update (#1974) * Issue 1508 remove check requiring identity to be required if ReauthorizeEvery equals zero (#1577) * remove check requiring identity to be required Check removed to avoid must specify Identity with at least one of Headers, QueryStrings, StageVariables, or Context. error. This is allowed to be removed from aws console. * set identity to empty dictionary Revert back removal of code section and set identity to empty dictionary instead when function_payload_type is "REQUEST" and no identity defined. * use the correct identity variable fix issue catched by unit test. * Update apigateway.py just set the identity to None * undo change. * remove extra spaces * remove some more spaces * Update test_translator.py remove from test case error_api_invalid_auth as this should be valid. * make the Lambda Authorizer is optional if the authorization caching is not enabled (reference https://docs.aws.amazon.com/apigateway/api-reference/resource/authorizer/#identitySource) * add unit testing to cover the InvalidResourceException in case if the identity values are not exist, and not cached * black reformat Co-authored-by: Mohamed Elasmar <melasmar@amazon.com> * fix the request parameter parsing, the value can contain dots (#1975) * fix the request parameter parsing, the value can contain dots * fix the unit test for python 2.7 * use built in split, instead of concatenating the string * refactor: Optimize shared API usage plan handling (#1973) * fix: use instance variables for generating shared api usage plan * add extra log statements * fix: Added SAR Support Check (#1972) * Added SAR Support Check * Added docstring and Removed Instance Initialization for Class Method * set log level explicitly * update pyyaml version to get the security update (#1974) * fix: use instance variables for generating shared api usage plan * add extra log statements * set log level explicitly * black formatting * black formatting Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> * Documentation: fix incorrect header (#1979) Fixed the incorrectly formatted header for HTTP API section * fix: mutable default values in method definitions (#1997) * fix: remove explicit logging level set in single module (#1998) * fix: Crash when using an invalid method in open api (#2001) When customers use auth and define an invalid method in the open api definition, SAM would return a 'server error'. This was actually due to SAM attempting to get the method from the path. If the method was not a supported method and non-lowercase, SAM would attempt to fetch the lower case method and crash with a KeyError. This PR addresses that by checking for the valid methods supported. Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> * feat: Resource level attributes support (#2008) * Fix for invalid MQ event source managed policy * Fix for invalid managed policy for MQ, included support for new MQ event source property, updated test cases * Black reformatting * Test case changes * Changed policy name * Modified test cases with new policy name * Added resource attributes and unit tests * Resource attributes initial work * Passthrough attributes for some resources, updated some tests * Resolve merge conflicts * Fixed a typo * Modified implicit api plugin for resource attributes support * Partial update of the tests * Partially updated test cases, black reformatted * Partially updated test templates * Partially updated test templates * Partially updated test templates * Added event bridge support for passthrough resource attributes * Partially updated test templates (up to function with amq kms) * Partially updated test templates (up to sns) * Partially updated test templates (all the ones left) * Prevented passthrough resource attributes from changing layer version hashes * Added test to verify resource passthrough precedence for implicit api * Modified tests related to lambda layer to revert the hash changes, keeping the hash the same with resource attributes added * fix: mutable default values in method definitions (#1997) * fix: remove explicit logging level set in single module (#1998) * run automated tests for resource level attribute support * Skipping metadata in layer hashing * Refactored the classes for TestTranslatorEndToEnd and TestResourceLevelAttributes to share the same parent class * Added new translator tests for version and layer resources * Added new unit tests * Removed after transform resource plugin * Black reformatting * Refactoring implicit api plugin support for DeletionPolicy and UpdateReplacePolicy * Refactoring to improve code quality * Added simple documentation * Black reformatting * Added input template that was missing * Refactoring: use sets instead of lists for implicit api plugin * Changing import to be compatible with py2.7 * Changing test deployment hashes to their actual values Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com> * fix: Fail when Intrinsics are in SourceVPC list instead of IntrinsicsSourceVPC (#1999) * chore: bump version to 1.36.0 (#2014) Co-authored-by: Chih-Hsuan Yen <yan12125@gmail.com> Co-authored-by: Harsh Mishra <erbeusgriffincasper@gmail.com> Co-authored-by: Pranav <54665036+Pranav016@users.noreply.github.com> Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Co-authored-by: daftster <daftster@yahoo.com> Co-authored-by: Mohamed Elasmar <melasmar@amazon.com> Co-authored-by: Ben <freiberg.ben@gmail.com> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Qingchuan Ma <69653965+qingchm@users.noreply.github.com>
When customers use auth and define an invalid method in the open api definition, SAM would return a 'server error'. This was actually due to SAM attempting to get the method from the path. If the method was not a supported method and non-lowercase, SAM would attempt to fetch the lower case method and crash with a KeyError. This PR addresses that by checking for the valid methods supported. Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com>
* chore: don't install integration tests (#1964) * Remove unnecessary use of comprehension (#1805) * fix: Grammatical error in README.md (#1965) * fix: Added SAR Support Check (#1972) * Added SAR Support Check * Added docstring and Removed Instance Initialization for Class Method * update pyyaml version to get the security update (#1974) * Issue 1508 remove check requiring identity to be required if ReauthorizeEvery equals zero (#1577) * remove check requiring identity to be required Check removed to avoid must specify Identity with at least one of Headers, QueryStrings, StageVariables, or Context. error. This is allowed to be removed from aws console. * set identity to empty dictionary Revert back removal of code section and set identity to empty dictionary instead when function_payload_type is "REQUEST" and no identity defined. * use the correct identity variable fix issue catched by unit test. * Update apigateway.py just set the identity to None * undo change. * remove extra spaces * remove some more spaces * Update test_translator.py remove from test case error_api_invalid_auth as this should be valid. * make the Lambda Authorizer is optional if the authorization caching is not enabled (reference https://docs.aws.amazon.com/apigateway/api-reference/resource/authorizer/#identitySource) * add unit testing to cover the InvalidResourceException in case if the identity values are not exist, and not cached * black reformat Co-authored-by: Mohamed Elasmar <melasmar@amazon.com> * fix the request parameter parsing, the value can contain dots (#1975) * fix the request parameter parsing, the value can contain dots * fix the unit test for python 2.7 * use built in split, instead of concatenating the string * refactor: Optimize shared API usage plan handling (#1973) * fix: use instance variables for generating shared api usage plan * add extra log statements * fix: Added SAR Support Check (#1972) * Added SAR Support Check * Added docstring and Removed Instance Initialization for Class Method * set log level explicitly * update pyyaml version to get the security update (#1974) * fix: use instance variables for generating shared api usage plan * add extra log statements * set log level explicitly * black formatting * black formatting Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> * Documentation: fix incorrect header (#1979) Fixed the incorrectly formatted header for HTTP API section * fix: mutable default values in method definitions (#1997) * fix: remove explicit logging level set in single module (#1998) * fix: Crash when using an invalid method in open api (#2001) When customers use auth and define an invalid method in the open api definition, SAM would return a 'server error'. This was actually due to SAM attempting to get the method from the path. If the method was not a supported method and non-lowercase, SAM would attempt to fetch the lower case method and crash with a KeyError. This PR addresses that by checking for the valid methods supported. Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> * feat: Resource level attributes support (#2008) * Fix for invalid MQ event source managed policy * Fix for invalid managed policy for MQ, included support for new MQ event source property, updated test cases * Black reformatting * Test case changes * Changed policy name * Modified test cases with new policy name * Added resource attributes and unit tests * Resource attributes initial work * Passthrough attributes for some resources, updated some tests * Resolve merge conflicts * Fixed a typo * Modified implicit api plugin for resource attributes support * Partial update of the tests * Partially updated test cases, black reformatted * Partially updated test templates * Partially updated test templates * Partially updated test templates * Added event bridge support for passthrough resource attributes * Partially updated test templates (up to function with amq kms) * Partially updated test templates (up to sns) * Partially updated test templates (all the ones left) * Prevented passthrough resource attributes from changing layer version hashes * Added test to verify resource passthrough precedence for implicit api * Modified tests related to lambda layer to revert the hash changes, keeping the hash the same with resource attributes added * fix: mutable default values in method definitions (#1997) * fix: remove explicit logging level set in single module (#1998) * run automated tests for resource level attribute support * Skipping metadata in layer hashing * Refactored the classes for TestTranslatorEndToEnd and TestResourceLevelAttributes to share the same parent class * Added new translator tests for version and layer resources * Added new unit tests * Removed after transform resource plugin * Black reformatting * Refactoring implicit api plugin support for DeletionPolicy and UpdateReplacePolicy * Refactoring to improve code quality * Added simple documentation * Black reformatting * Added input template that was missing * Refactoring: use sets instead of lists for implicit api plugin * Changing import to be compatible with py2.7 * Changing test deployment hashes to their actual values Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com> * fix: Fail when Intrinsics are in SourceVPC list instead of IntrinsicsSourceVPC (#1999) * chore: bump version to 1.36.0 (#2014) * Revert "fix: Crash when using an invalid method in open api (#2001)" (#2021) This reverts commit d57b132. Co-authored-by: Chih-Hsuan Yen <yan12125@gmail.com> Co-authored-by: Harsh Mishra <erbeusgriffincasper@gmail.com> Co-authored-by: Pranav <54665036+Pranav016@users.noreply.github.com> Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Co-authored-by: daftster <daftster@yahoo.com> Co-authored-by: Mohamed Elasmar <melasmar@amazon.com> Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com> Co-authored-by: Ben <freiberg.ben@gmail.com> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com>
* Revert "fix: Crash when using an invalid method in open api (#2001)" (#2021) This reverts commit d57b132. * fix: Increase PageSize of ListPolicies Paginator (#2033) SAM runs within a Lambda function and loads IAM Managed Policies once per Lambda. Previous to this, SAM would call IAM 9 times which could cause throttling by IAM. With this change, we update the MaxItems from the default of 100 to the max (1000). In local testing, this has shown a 0.6 second reduction in the latency in calling IAM. Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> * Revert "Issue 1508 remove check requiring identity ... (#1577)" (#2038) This reverts commit 0eb3630. This change caused regression, reverting until the bug is fixed. bug: `ReauthorizeEvery` can be a `dict` when intrinsic functions are used. * chore: bump version to 1.37.0 (#2068) Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: _sam <3804518+aahung@users.noreply.github.com>
When customers use auth and define an invalid method in the open api
definition, SAM would return a 'server error'. This was actually
due to SAM attempting to get the method from the path. If the method
was not a supported method and non-lowercase, SAM would attempt to fetch
the lower case method and crash with a KeyError. This PR addresses that
by checking for the valid methods supported.
Issue #, if available:
Description of changes:
Description of how you validated changes:
Checklist:
make pr
passesExamples?
Please reach out in the comments, if you want to add an example. Examples will be
added to
sam init
through https://github.com/awslabs/aws-sam-cli-app-templates/By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.