Skip to content

APIGW: add validation for AWS ARN in PutIntegration #12324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 3, 2025
Merged

APIGW: add validation for AWS ARN in PutIntegration #12324

merged 4 commits into from
Mar 3, 2025

Conversation

bentsku
Copy link
Contributor

@bentsku bentsku commented Mar 3, 2025
edited
Loading

Motivation

We've got a report from a user with an unhandled error in the invocation logic:

localstack | File "/opt/code/localstack/.venv/lib/python3.11/site-packages/localstack/services/apigateway/next_gen/execute_api/helpers.py", line 114, in get_lambda_function_arn_from_invocation_uri
localstack | return uri.split("functions/")[1].removesuffix("/invocations")
localstack | ~~~~~~~~~~~~~~~~~~~~~~~^^^
localstack | IndexError: list index out of range

This is probably because the Integration URI passed was directly a Lambda ARN, and it needs to be an API Gateway invocation ARN:
Correct format:
arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:HelloWorld/invocations
Incorrect format:
arn:aws:lambda:us-east-1:123456789012:function:HelloWorld

This PR implements a bit of validation to avoid this.

Also had to move a bit of validation already done in moto in the provider just to keep proper validation order (with integrationHttpMethod)

Changes

  • add a test around the URI format for AWS/AWS_PROXY integration
  • add a bit of validation for PutIntegration

@bentsku bentsku added aws:apigateway Amazon API Gateway semver: patch Non-breaking changes which can be included in patch releases labels Mar 3, 2025
@bentsku bentsku added this to the 4.3 milestone Mar 3, 2025
@bentsku bentsku self-assigned this Mar 3, 2025
@bentsku bentsku requested a review from cloutierMat as a code owner March 3, 2025 12:56
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 3, 2025
edited
Loading

LocalStack Community integration with Pro

    2 files  ±    0      2 suites  ±0   28m 29s ⏱️ - 1h 23m 29s
1 070 tests  - 3 034  1 005 ✅  - 2 767  65 💤  - 267  0 ❌ ±0 
1 072 runs   - 3 034  1 005 ✅  - 2 767  67 💤  - 267  0 ❌ ±0 

Results for commit db7a330. ± Comparison against base commit 4285fb1.

This pull request removes 3035 and adds 1 tests. Note that renamed tests count towards both. 
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_lambda_dynamodb
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_opensearch_crud
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_search_books
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_setup
tests.aws.scenario.kinesis_firehose.test_kinesis_firehose.TestKinesisFirehoseScenario ‑ test_kinesis_firehose_s3
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_destination_sns
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_infra
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_prefill_dynamodb_table
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input0-SUCCEEDED]
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input1-SUCCEEDED]
…

tests.aws.services.apigateway.test_apigateway_lambda ‑ test_put_integration_aws_proxy_uri

♻️ This comment has been updated with latest results.

cloutierMat
cloutierMat approved these changes Mar 3, 2025
View reviewed changes
Copy link
Contributor

@cloutierMat cloutierMat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great provider validation upgrade, and super clean tests, as usual! 🚀

@bentsku bentsku merged commit c596ce0 into master Mar 3, 2025
31 checks passed
@bentsku bentsku deleted the apigw-lambda-validation branch March 3, 2025 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cloutierMat cloutierMat cloutierMat approved these changes

Assignees

@bentsku bentsku

Labels
aws:apigateway Amazon API Gateway semver: patch Non-breaking changes which can be included in patch releases
Projects
None yet
Milestone
4.3
Development

Successfully merging this pull request may close these issues.
2 participants
@bentsku @cloutierMat