Serverless-application-model: CORS issue when using OAS3 spec for Serverless::Api

Created on 16 Oct 2018  路  19Comments  路  Source: aws/serverless-application-model

Description:

Tried to convert my API over tonight from swagger 2.0 to openapi specification 3.0, and got an error at the Cloudformation Changeset creation and SAM transformation step. This might be due to the use of CORS in our template to modify the openapi file.

Steps to reproduce the issue:

  1. Take a working API, deployed to a stage
  2. goto Stages > Export > Select 'Export as OpenAPI 3'
  3. Delete the extraneous 'options' methods in the file
  4. Validate swagger syntax and format using swagger-cli v2.1.3
  5. In the SAM template.yml, use CORS and DefinitionBody (ex below)
MyApi:
    Type: AWS::Serverless::Api
    Properties:
      ...
      Cors:
        AllowOrigin: "'*'"
        AllowMethods: "'*'"
        AllowHeaders: "'*"
      DefinitionBody:
          'Fn::Transform':
            Name: 'AWS::Include'
            Parameters:
              Location: !Sub 's3://path-to-oas/oas3.yml'
  1. Run command, aws cloudformation package etc
  2. Should fail with the following

Observed result:
Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyApi] is invalid. Unable to add Cors configuration because 'DefinitionBody' does not contain a valid Swagger

Expected result:
Changeset to be created, ready for aws cloudformation deployment.

areserverless-api contributorneed-help priorit2-important
Source
picture xscottx
👍21

Most helpful comment

Thanks! We'll get this scheduled to support OAS3

picture brettstack on 19 Oct 2018
👍14

All 19 comments

Yup, us too. Looks like https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/swagger/swagger.py#L301 needs to be updated (thanks to @johnchapin for finding that)

mikebroberts picture mikebroberts on 19 Oct 2018

Thanks! We'll get this scheduled to support OAS3

brettstack picture brettstack on 19 Oct 2018
👍14

any update on this issue?

scarlier picture scarlier on 14 Dec 2018

Anything new?

hoegertn picture hoegertn on 11 Jan 2019

Adding a priority label to help us get this scheduled soon. Sorry for the wait.

I'm not personally familiar with OAS3; could someone direct me to something that explains the differences between it and Swagger so I can better understand what needs to change to support it? Can I still use swagger syntax and call it OAS3 instead of Swagger 2.0?

keetonian picture keetonian on 11 Jan 2019

@keetonian I'm aware of only two impacts for SAM:

  1. Instead of swagger: '2.0' in the DefinitionBody, it will be openapi: '3.0'. The change for SAM for this should be just allowing openapi: '3.0' when the translator performs validation checks.

  2. For API authorizers, there is a slight difference in what gets added to the DefinitionBody: SecurityDefinitions changes to SecuritySchemas in openapi 3.0 (Example here: https://docs.amazonaws.cn/en_us/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html).

txase picture txase on 11 Jan 2019

Bumping this is this in the pipeline for development? It would seem especially relevant now that API gateway itself supports Open Api 3?

patrickgreenwell picture patrickgreenwell on 21 Feb 2019

To help demonstrate the differences:
https://blog.readme.io/an-example-filled-guide-to-swagger-3-2/
https://blogs.sap.com/2018/01/05/open-api-spec-2.0-vs-3.0/

stephenwil picture stephenwil on 21 Mar 2019

adding a +1 here, was ecstatic to remove some code that converted OAS3 to OAS2, but really sad to run into this issue. For my specific need, I am wanting to utilize OAS3's oneOf feature to indicate that an API endpoint has different responses for a 200 request.

trilom picture trilom on 25 Mar 2019

+1 as well, we are running into the same issue.

zomgbre picture zomgbre on 25 Mar 2019

+1

alatui picture alatui on 25 Mar 2019

+1

lanefelker picture lanefelker on 27 Mar 2019

Other issues about OAS3: https://github.com/awslabs/serverless-application-model/issues/790, https://github.com/awslabs/serverless-application-model/issues/7

keetonian picture keetonian on 2 Apr 2019

+1

mariotoffia picture mariotoffia on 9 Apr 2019

We prioritize a lot based on +1 reactions. Commenting with +1 isn't helpful.

@txase thanks for the comment on what you think are the main (only?) required changes. This is definitely on our radar, however, if someone wants to send a PR it'll go faster. Right now I'm thinking we simply expose an OASVersion property and perform these slight adjustments based on that.

brettstack picture brettstack on 9 Apr 2019

Is there a workaround for now?

indyfin picture indyfin on 25 Jun 2019
👍3

Released with v1.13.0

praneetap picture praneetap on 26 Jul 2019

same issue

bionicles picture bionicles on 26 Oct 2019

This issue is being tracked in #1161

ShreyaGangishetty picture ShreyaGangishetty on 1 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

charsleysa picture charsleysa  路  3Comments
rhboyd picture rhboyd  路  3Comments
voigt picture voigt  路  3Comments
sanjP10 picture sanjP10  路  3Comments
yan12125 picture yan12125  路  3Comments