Open drissamri opened 1 year ago
Do you have an example of a YAML/JSON valid OpenAPI 2.0/3.0 specification? This may be possible to check if the properties are set in a consistent way.
Yes definitely, it's also in my example repository: https://github.com/drissamri/cdk-examples/blob/8948ff410bc0ddff5624ab28a4a8794313bda400/rest-api-public/typescript/openapi.yaml
I use Mustache for templating the specification for the Lambda ARN's but apparently there is also an option to upload it to S3 and use CloudFormation transforms: https://github.com/aws-samples/aws-cdk-examples-proserve/blob/bdbffb9a83a3ef317c82ad66d8f10f9014c21107/typescript/api-swagger-lambda/index.ts#L25
Taking another look at this rule, it also looks like it only checks if a request validator is associated, but doesn't actually check if anything is enabled.
I think there are 2 things to take a look at fixing here
I'm going to assign myself to this issue as I've been looking into it and might be able to fix it.
What is the problem?
When deploying a REST API Gateway based on an OpenAPI specification, AwsSolutions-APIG2 is failing even when request validation is enabled inside the open api specification.
Reproduction Steps
An example can be found here https://github.com/drissamri/cdk-examples/blob/8948ff410bc0ddff5624ab28a4a8794313bda400/rest-api-public/typescript/cdk/lib/api-stack.ts#L30
What did you expect to happen?
The following error AwsSolutions-APIG2 should not pop up:
What actually happened?
cdk-nag version
2.20.2
Language
Typescript
Other information
No response