fix: Validate API request models (#1757)

Author: prenx4x

samtranslator/model/eventsources/push.py

@@ -218,6 +218,8 @@ class S3(PushEventSource):
     def resources_to_link(self, resources):
         if isinstance(self.Bucket, dict) and "Ref" in self.Bucket:
             bucket_id = self.Bucket["Ref"]
+            if not isinstance(bucket_id, string_types):
+                raise InvalidEventException(self.relative_id, "'Ref' value in S3 events is not a valid string.")
             if bucket_id in resources:
                 return {"bucket": resources[bucket_id], "bucket_id": bucket_id}
         raise InvalidEventException(self.relative_id, "S3 events must reference an S3 bucket in the same template.")
@@ -657,6 +659,15 @@ def _add_swagger_integration(self, api, function, intrinsics_resolver):
                             ),
                         )
 
+                    if not isinstance(method_authorizer, string_types):
+                        raise InvalidEventException(
+                            self.relative_id,
+                            "Unable to set Authorizer [{authorizer}] on API method [{method}] for path [{path}] "
+                            "because it wasn't defined with acceptable values in the API's Authorizers.".format(
+                                authorizer=method_authorizer, method=self.Method, path=self.Path
+                            ),
+                        )
+
                     if method_authorizer != "NONE" and not api_authorizers.get(method_authorizer):
                         raise InvalidEventException(
                             self.relative_id,
@@ -718,6 +729,14 @@ def _add_swagger_integration(self, api, function, intrinsics_resolver):
                             model=method_model, method=self.Method, path=self.Path
                         ),
                     )
+                if not isinstance(method_model, string_types):
+                    raise InvalidEventException(
+                        self.relative_id,
+                        "Unable to set RequestModel [{model}] on API method [{method}] for path [{path}] "
+                        "because the related API does not contain valid Models.".format(
+                            model=method_model, method=self.Method, path=self.Path
+                        ),
+                    )
 
                 if not api_models.get(method_model):
                     raise InvalidEventException(
@@ -1091,7 +1110,7 @@ def _add_auth_to_openapi_integration(self, api, editor):
         :param editor: OpenApiEditor object that contains the OpenApi definition
         """
         method_authorizer = self.Auth.get("Authorizer")
-        api_auth = api.get("Auth")
+        api_auth = api.get("Auth", {})
         if not method_authorizer:
             if api_auth.get("DefaultAuthorizer"):
                 self.Auth["Authorizer"] = method_authorizer = api_auth.get("DefaultAuthorizer")

tests/translator/input/error_api_invalid_request_model.yaml

@@ -79,3 +79,20 @@ Resources:
           properties:
             username:
               type: string
+
+  ModelIsNotString:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/member_portal.zip
+      Handler: index.gethtml
+      Runtime: nodejs12.x
+      Events:
+        GetHtml:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MissingModelApi
+            Path: /
+            Method: get
+            RequestModel:
+              Model:
+                - NotString

tests/translator/input/error_api_with_invalid_auth_scopes_openapi.yaml

@@ -85,3 +85,12 @@ Resources:
             Auth:
               Authorizer: MyCognitoAuthWithDefaultScopes
               AuthorizationScopes: []
+        CognitoAuthorizerNotString:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: get
+            Path: /cognitoauthorizernotstring
+            Auth:
+              Authorizer:
+                - NotString

tests/translator/output/error_api_invalid_request_model.json

@@ -1,3 +1,3 @@
 {
-  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 5. Resource with id [MissingModelFunction] is invalid. Event with id [GetHtml] is invalid. Unable to set RequestModel [UnspecifiedModel] on API method [get] for path [/] because it wasn't defined in the API's Models. Resource with id [ModelsNotDictApi] is invalid. Invalid value for 'Models' property Resource with id [ModelsWithDefinitionUrlApi] is invalid. Models works only with inline Swagger specified in 'DefinitionBody' property. Resource with id [ModelsWithInvalidDefinitionBodyApi] is invalid. Unable to add Models definitions because 'DefinitionBody' does not contain a valid Swagger definition. Resource with id [NoModelFunction] is invalid. Event with id [GetHtml] is invalid. Unable to set RequestModel [User] on API method [get] for path [/] because the related API does not define any Models."
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 6. Resource with id [MissingModelFunction] is invalid. Event with id [GetHtml] is invalid. Unable to set RequestModel [UnspecifiedModel] on API method [get] for path [/] because it wasn't defined in the API's Models. Resource with id [ModelIsNotString] is invalid. Event with id [GetHtml] is invalid. Unable to set RequestModel [['NotString']] on API method [get] for path [/] because the related API does not contain valid Models. Resource with id [ModelsNotDictApi] is invalid. Invalid value for 'Models' property Resource with id [ModelsWithDefinitionUrlApi] is invalid. Models works only with inline Swagger specified in 'DefinitionBody' property. Resource with id [ModelsWithInvalidDefinitionBodyApi] is invalid. Unable to add Models definitions because 'DefinitionBody' does not contain a valid Swagger definition. Resource with id [NoModelFunction] is invalid. Event with id [GetHtml] is invalid. Unable to set RequestModel [User] on API method [get] for path [/] because the related API does not define any Models."
 }

tests/translator/output/error_api_with_invalid_auth_scopes_openapi.json

@@ -4,6 +4,6 @@
         "errorMessage": "Resource with id [MyApiWithCognitoAuth] is invalid. AuthorizationScopes must be a list."
       }
     ], 
-    "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyApiWithCognitoAuth] is invalid. AuthorizationScopes must be a list."
+    "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 2. Resource with id [MyApiWithCognitoAuth] is invalid. AuthorizationScopes must be a list. Resource with id [MyFn] is invalid. Event with id [CognitoAuthorizerNotString] is invalid. Unable to set Authorizer [['NotString']] on API method [get] for path [/cognitoauthorizernotstring] because it wasn't defined with acceptable values in the API's Authorizers."
   }