Fix no allowed origin (#2180)

* Fixing case when no allowed origin is passed. * Adding functional tests to verify proper error message. Co-authored-by: Tarun Mall <tarun@amazon.noreply.github.com>
aws · Nov 8, 2021 · dd9d814 · dd9d814
1 parent 0bc383f
commit dd9d814
Show file tree

Hide file tree

Showing 5 changed files with 102 additions and 11 deletions.
diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py
@@ -603,14 +603,17 @@ def _add_cors(self):
 
         editor = SwaggerEditor(self.definition_body)
         for path in editor.iter_on_path():
-            editor.add_cors(
-                path,
-                properties.AllowOrigin,
-                properties.AllowHeaders,
-                properties.AllowMethods,
-                max_age=properties.MaxAge,
-                allow_credentials=properties.AllowCredentials,
-            )
+            try:
+                editor.add_cors(
+                    path,
+                    properties.AllowOrigin,
+                    properties.AllowHeaders,
+                    properties.AllowMethods,
+                    max_age=properties.MaxAge,
+                    allow_credentials=properties.AllowCredentials,
+                )
+            except InvalidTemplateException as ex:
+                raise InvalidResourceException(self.logical_id, ex.message)
 
         # Assign the Swagger back to template
         self.definition_body = editor.swagger

diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py
@@ -321,7 +321,7 @@ def add_cors(
             return
 
         if not allowed_origins:
-            raise ValueError("Invalid input. Value for AllowedOrigins is required")
+            raise InvalidTemplateException("Invalid input. Value for AllowedOrigins is required")
 
         if not allowed_methods:
             # AllowMethods is not given. Let's try to generate the list from the given Swagger.

diff --git a/tests/swagger/test_swagger.py b/tests/swagger/test_swagger.py
@@ -5,7 +5,7 @@
 from parameterized import parameterized, param
 
 from samtranslator.swagger.swagger import SwaggerEditor
-from samtranslator.model.exceptions import InvalidDocumentException
+from samtranslator.model.exceptions import InvalidDocumentException, InvalidTemplateException
 from tests.translator.test_translator import deep_sort_lists
 
 _X_INTEGRATION = "x-amazon-apigateway-integration"
@@ -352,7 +352,7 @@ def test_must_fail_with_bad_values_for_path(self):
     def test_must_fail_for_invalid_allowed_origin(self):
 
         path = "/foo"
-        with self.assertRaises(ValueError):
+        with self.assertRaises(InvalidTemplateException):
             self.editor.add_cors(path, None, "headers", "methods")
 
     def test_must_work_for_optional_allowed_headers(self):

diff --git a/tests/translator/input/error_api_with_cors_and_empty_allow_origin.yaml b/tests/translator/input/error_api_with_cors_and_empty_allow_origin.yaml
@@ -0,0 +1,80 @@
+Globals:
+  Api:
+    Cors: {
+    "Fn::Join": [",", ["www.amazon.com", "www.google.com"]]
+    }
+
+Resources:
+  ImplicitApiFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/member_portal.zip
+      Handler: index.gethtml
+      Runtime: nodejs12.x
+      Events:
+        GetHtml:
+          Type: Api
+          Properties:
+            Path: /
+            Method: get
+        AnyApi:
+          Type: Api
+          Properties:
+            Path: /foo
+            Method: any
+  RestApiFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/member_portal.zip
+      Handler: index.handler
+      Runtime: nodejs12.x
+  GetHtmlFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/member_portal.zip
+      Handler: index.handler
+      Runtime: nodejs12.x
+  ExplicitApi:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      DefinitionBody:  {
+          "info": {
+            "version": "1.0",
+            "title": {
+              "Ref": "AWS::StackName"
+            }
+          },
+          "paths": {
+            "/add": {
+              "post": {
+                "x-amazon-apigateway-integration": {
+                  "httpMethod": "POST",
+                  "type": "aws_proxy",
+                  "uri": {
+                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${RestApiFunction.Arn}/invocations"
+                  }
+                },
+                "responses": {}
+              }
+            },
+            "/{proxy+}": {
+              "x-amazon-apigateway-any-method": {
+                "x-amazon-apigateway-integration": {
+                  "httpMethod": "POST",
+                  "type": "aws_proxy",
+                  "uri": {
+                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations"
+                  }
+                },
+                "responses": {}
+              }
+            }
+          },
+          "swagger": "2.0"
+        }
+      Cors:
+        AllowMethods: "methods"
+        AllowHeaders: "headers"
+        AllowOrigin: ""
+        AllowCredentials: true
diff --git a/tests/translator/output/error_api_with_cors_and_empty_allow_origin.json b/tests/translator/output/error_api_with_cors_and_empty_allow_origin.json
@@ -0,0 +1,8 @@
+{
+  "errors": [
+    {
+      "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [ExplicitApi] is invalid. Structure of the SAM template is invalid. Invalid input. Value for AllowedOrigins is required"
+    }
+  ],
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [ExplicitApi] is invalid. Structure of the SAM template is invalid. Invalid input. Value for AllowedOrigins is required"
+}