Skip to content

Bug: Security schemes are not validated when using operation level #4460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
leandrodamascena opened this issue Jun 6, 2024 · 3 comments · Fixed by #4421
Closed

Bug: Security schemes are not validated when using operation level #4460

leandrodamascena opened this issue Jun 6, 2024 · 3 comments · Fixed by #4421
Assignees
@leandrodamascena
Labels
bug Something isn't working event_handlers openapi-schema

Comments

@leandrodamascena
Copy link
Contributor

Expected Behaviour

The OpenAPI specification expects security schemes to define what type of authentication that API will support and then customers can define the operations that will use that authentication or even whether all operations will use the same authentication.

When using this code, the OpenAPI utility should validate the security defined in operation level and throw an exception as it is a schema validation error. But this is not happening.

from aws_lambda_powertools.event_handler import APIGatewayRestResolver

app = APIGatewayRestResolver(enable_validation=True)

@app.get("/hello", security=[{"apiKey": []}])
def get_schema():
    return app.get_openapi_json_schema()

def lambda_handler(event, context):
    return app.resolve(event, context)

Current Behaviour

This is currently not being validated and customers receive an error when trying to use the OpenAPI specification.

openapischema

{
   "openapi":"3.0.3",
   "info":{
      "title":"Powertools API",
      "version":"1.0.0"
   },
   "servers":[
      {
         "url":"/"
      }
   ],
   "paths":{
      "/hello":{
         "get":{
            "summary":"GET /hello",
            "operationId":"get_schema_hello_get",
            "responses":{
               "200":{
                  "description":"Successful Response",
                  "content":{
                     "application/json":{
                        
                     }
                  }
               },
               "422":{
                  "description":"Validation Error",
                  "content":{
                     "application/json":{
                        "schema":{
                           "$ref":"#/components/schemas/HTTPValidationError"
                        }
                     }
                  }
               }
            },
            "security":[
               {
                  "apiKey":[
                     
                  ]
               }
            ]
         }
      }
   },
   "components":{
      "schemas":{
         "HTTPValidationError":{
            "properties":{
               "detail":{
                  "items":{
                     "$ref":"#/components/schemas/ValidationError"
                  },
                  "type":"array",
                  "title":"Detail"
               }
            },
            "type":"object",
            "title":"HTTPValidationError"
         },
         "ValidationError":{
            "properties":{
               "loc":{
                  "items":{
                     "anyOf":[
                        {
                           "type":"string"
                        },
                        {
                           "type":"integer"
                        }
                     ]
                  },
                  "type":"array",
                  "title":"Location"
               },
               "type":{
                  "type":"string",
                  "title":"Error Type"
               }
            },
            "type":"object",
            "required":[
               "loc",
               "msg",
               "type"
            ],
            "title":"ValidationError"
         }
      }
   }
}

Error:

image

Code snippet

from aws_lambda_powertools.event_handler import APIGatewayRestResolver

app = APIGatewayRestResolver(enable_validation=True)

@app.get("/hello", security=[{"apiKey": []}])
def get_schema():
    return app.get_openapi_json_schema()

def lambda_handler(event, context):
    return app.resolve(event, context)

Possible Solution

No response

Steps to Reproduce

Use this code

from aws_lambda_powertools.event_handler import APIGatewayRestResolver

app = APIGatewayRestResolver(enable_validation=True)

@app.get("/hello", security=[{"apiKey": []}])
def get_schema():
    return app.get_openapi_json_schema()

def lambda_handler(event, context):
    return app.resolve(event, context)

Powertools for AWS Lambda (Python) version

latest

AWS Lambda function runtime

3.11

Packaging format used

PyPi

Debugging logs

No response
@leandrodamascena leandrodamascena added bug Something isn't working triage Pending triage from maintainers labels Jun 6, 2024
@leandrodamascena leandrodamascena self-assigned this Jun 6, 2024
@leandrodamascena leandrodamascena moved this from Triage to Working on it in Powertools for AWS Lambda (Python) Jun 6, 2024
@leandrodamascena leandrodamascena added event_handlers openapi-schema and removed triage Pending triage from maintainers labels Jun 6, 2024
@leandrodamascena
Copy link
Contributor Author

Working on PR #4421

@leandrodamascena leandrodamascena linked a pull request Jun 6, 2024 that will close this issue
fix(event_handler): security scheme unhashable list when working with router #4421
Merged
7 tasks
@github-project-automation github-project-automation bot moved this from Working on it to Coming soon in Powertools for AWS Lambda (Python) Jun 7, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 7, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

@heitorlessa heitorlessa added the pending-release Fix or implementation already in dev waiting to be released label Jun 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

This is now released under 2.39.0 version!

@github-actions github-actions bot removed the pending-release Fix or implementation already in dev waiting to be released label Jun 13, 2024
@leandrodamascena leandrodamascena moved this from Coming soon to Closed in Powertools for AWS Lambda (Python) Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leandrodamascena leandrodamascena

Labels
bug Something isn't working event_handlers openapi-schema
Projects
Powertools for AWS Lambda (Python)
Status: Closed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(event_handler): security scheme unhashable list when working with router
2 participants
@heitorlessa @leandrodamascena