refactor(s3-validation): merge s3 validation schema with main schema

Author: erezrokah

lib/apiGateway/schema.js

@@ -1,4 +1,18 @@
 'use strict'
+const _ = require('lodash')
+
+const customErrorBuilder = (type, message) => (errors) => {
+  for (const error of errors) {
+    switch (error.type) {
+      case type:
+        error.message = _.isFunction(message) ? message(error) : message
+        break
+      default:
+        break
+    }
+  }
+  return errors
+}
 
 const Joi = require('@hapi/joi')
 
@@ -21,18 +35,7 @@ const cors = Joi.alternatives().try(
     allowCredentials: Joi.boolean()
   })
     .oxor('origin', 'origins') // can have one of them, but not required
-    .error((errors) => {
-      for (const error of errors) {
-        switch (error.type) {
-          case 'object.oxor':
-            error.message = '"cors" can have "origin" or "origins" but not both'
-            break
-          default:
-            break
-        }
-      }
-      return errors
-    })
+    .error(customErrorBuilder('object.oxor', '"cors" can have "origin" or "origins" but not both'))
 )
 
 const authorizerId = Joi.alternatives().try(
@@ -71,18 +74,9 @@ const proxy = Joi.object({
   authorizationScopes
 })
   .oxor('authorizerId', 'authorizationScopes') // can have one of them, but not required
-  .error((errors) => {
-    for (const error of errors) {
-      switch (error.type) {
-        case 'object.oxor':
-          error.message = 'cannot set both "authorizerId" and "authorizationScopes"'
-          break
-        default:
-          break
-      }
-    }
-    return errors
-  })
+  .error(
+    customErrorBuilder('object.oxor', 'cannot set both "authorizerId" and "authorizationScopes"')
+  )
   .required()
 
 const stringOrRef = Joi.alternatives().try([
@@ -92,45 +86,62 @@ const stringOrRef = Joi.alternatives().try([
   })
 ])
 
+const key = Joi.alternatives().try([
+  Joi.string(),
+  Joi.object()
+    .keys({
+      pathParam: Joi.string(),
+      queryStringParam: Joi.string()
+    })
+    .xor('pathParam', 'queryStringParam')
+    .error(
+      customErrorBuilder(
+        'object.xor',
+        'key must contain "pathParam" or "queryStringParam" but not both'
+      )
+    )
+])
+
 const allowedProxies = ['kinesis', 'sqs', 's3', 'sns']
 
 const proxiesSchemas = {
   kinesis: Joi.object({
     kinesis: proxy.append({ streamName: stringOrRef.required() })
   }),
-  s3: Joi.object({ s3: proxy }),
+  s3: Joi.object({
+    s3: proxy.append({
+      action: Joi.string()
+        .valid('GetObject', 'PutObject', 'DeleteObject')
+        .required(),
+      bucket: stringOrRef.required(),
+      key: key.required()
+    })
+  }),
   sns: Joi.object({ sns: proxy }),
   sqs: Joi.object({ sqs: proxy.append({ requestParameters }) })
 }
 
 const schema = Joi.array()
   .items(...allowedProxies.map((proxyKey) => proxiesSchemas[proxyKey]))
-  .error((errors) => {
-    for (const error of errors) {
-      switch (error.type) {
-        case 'array.includes':
-          // get a detailed error why the proxy object failed the schema validation
-          // Joi default message is `"value" at position <i> does not match any of the allowed types`
-          const proxyKey = Object.keys(error.context.value)[0]
-          if (proxiesSchemas[proxyKey]) {
-            // e.g. value is { kinesis: { path: '/kinesis', method: 'xxxx' } }
-            const { error: proxyError } = Joi.validate(
-              error.context.value,
-              proxiesSchemas[proxyKey]
-            )
-            error.message = proxyError.message
-          } else {
-            // e.g. value is { xxxxx: { path: '/kinesis', method: 'post' } }
-            error.message = `Invalid APIG proxy "${proxyKey}". This plugin supported Proxies are: ${allowedProxies.join(
-              ', '
-            )}.`
-          }
-          break
-        default:
-          break
+  .error(
+    customErrorBuilder('array.includes', (error) => {
+      // get a detailed error why the proxy object failed the schema validation
+      // Joi default message is `"value" at position <i> does not match any of the allowed types`
+      const proxyKey = Object.keys(error.context.value)[0]
+
+      let message = ''
+      if (proxiesSchemas[proxyKey]) {
+        // e.g. value is { kinesis: { path: '/kinesis', method: 'xxxx' } }
+        const { error: proxyError } = Joi.validate(error.context.value, proxiesSchemas[proxyKey])
+        message = proxyError.message
+      } else {
+        // e.g. value is { xxxxx: { path: '/kinesis', method: 'post' } }
+        message = `Invalid APIG proxy "${proxyKey}". This plugin supported Proxies are: ${allowedProxies.join(
+          ', '
+        )}.`
       }
-    }
-    return errors
-  })
+      return message
+    })
+  )
 
 module.exports = schema

lib/apiGateway/validate.test.js

@@ -580,7 +580,7 @@ describe('#validateServiceProxies()', () => {
 
     const proxiesToTest = [
       { proxy: 'kinesis', props: { streamName: 'streamName' } },
-      { proxy: 's3', props: {} },
+      { proxy: 's3', props: { bucket: 'bucket', action: 'PutObject', key: 'myKey' } },
       { proxy: 'sns', props: {} }
     ]
     proxiesToTest.forEach(({ proxy, props }) => {
@@ -697,6 +697,160 @@ describe('#validateServiceProxies()', () => {
     })
   })
 
+  describe('s3', () => {
+    const getProxy = (key, value, ...missing) => {
+      const proxy = {
+        action: 'GetObject',
+        bucket: 'myBucket',
+        key: 'myKey',
+        path: 's3',
+        method: 'post'
+      }
+
+      if (key) {
+        proxy[key] = value
+      }
+
+      missing.forEach((k) => delete proxy[k])
+      return proxy
+    }
+
+    const shouldError = (message, key, value, ...missing) => {
+      serverlessApigatewayServiceProxy.serverless.service.custom = {
+        apiGatewayServiceProxies: [
+          {
+            s3: getProxy(key, value, ...missing)
+          }
+        ]
+      }
+
+      expect(() => serverlessApigatewayServiceProxy.validateServiceProxies()).to.throw(
+        serverless.classes.Error,
+        message
+      )
+    }
+
+    const shouldSucceed = (key, value) => {
+      serverlessApigatewayServiceProxy.serverless.service.custom = {
+        apiGatewayServiceProxies: [
+          {
+            s3: getProxy(key, value)
+          }
+        ]
+      }
+
+      expect(() => serverlessApigatewayServiceProxy.validateServiceProxies()).to.not.throw(
+        serverless.classes.Error
+      )
+    }
+
+    it('should error if the "bucket" property is missing', () => {
+      shouldError(
+        'child "s3" fails because [child "bucket" fails because ["bucket" is required]]',
+        null,
+        null,
+        'bucket'
+      )
+    })
+
+    it('should succeed if the "bucket" property is string or AWS Ref function', () => {
+      shouldSucceed('bucket', 'x')
+      shouldSucceed('bucket', { Ref: 'x' })
+    })
+
+    it('should error if the "bucket" property if AWS Ref function is invalid', () => {
+      shouldError(
+        'child "s3" fails because [child "bucket" fails because ["bucket" must be a string, child "Ref" fails because ["Ref" is required]]]',
+        'bucket',
+        { xxx: 's3Bucket' }
+      )
+      shouldError(
+        'child "s3" fails because [child "bucket" fails because ["bucket" must be a string, child "Ref" fails because ["Ref" must be a string]]]',
+        'bucket',
+        { Ref: ['s3Bucket', 'Arn'] }
+      )
+      shouldError(
+        'child "s3" fails because [child "bucket" fails because ["bucket" must be a string, "bucket" must be an object]]',
+        'bucket',
+        ['xx', 'yy']
+      )
+      shouldError(
+        'child "s3" fails because [child "bucket" fails because ["bucket" must be a string, child "Ref" fails because ["Ref" is required]]]',
+        'bucket',
+        { 'Fn::GetAtt': ['x', 'Arn'] }
+      )
+    })
+
+    it('should error if the "action" property is missing', () => {
+      shouldError(
+        'child "s3" fails because [child "action" fails because ["action" is required]]',
+        null,
+        null,
+        'action'
+      )
+    })
+
+    it('should error if the "action" property is not one of the allowed values', () => {
+      shouldError(
+        'child "s3" fails because [child "action" fails because ["action" must be a string]]',
+        'action',
+        ['x']
+      ) // arrays
+      shouldError(
+        'child "s3" fails because [child "action" fails because ["action" must be a string]]',
+        'action',
+        { Ref: 'x' }
+      ) // object
+      shouldError(
+        'child "s3" fails because [child "action" fails because ["action" must be one of [GetObject, PutObject, DeleteObject]]]',
+        'action',
+        'ListObjects'
+      ) // invalid actions
+    })
+
+    it('should succeed if the "action" property is one of the allowed values', () => {
+      shouldSucceed('action', 'GetObject')
+      shouldSucceed('action', 'PutObject')
+      shouldSucceed('action', 'DeleteObject')
+    })
+
+    it('should error the "key" property is missing', () => {
+      shouldError(
+        'child "s3" fails because [child "key" fails because ["key" is required]]',
+        null,
+        null,
+        'key'
+      )
+    })
+
+    it('should succeed if the "key" property is string or valid object', () => {
+      shouldSucceed('key', 'myKey')
+      shouldSucceed('key', { pathParam: 'myKey' })
+      shouldSucceed('key', { queryStringParam: 'myKey' })
+    })
+
+    it('should error if the "key" property specifies both pathParam and queryStringParam', () => {
+      shouldError(
+        'child "s3" fails because [child "key" fails because ["key" must be a string, key must contain "pathParam" or "queryStringParam" but not both]]',
+        'key',
+        { pathParam: 'myKey', queryStringParam: 'myKey' }
+      )
+    })
+
+    it('should error if the "key" property is not a string or valid object', () => {
+      shouldError(
+        'child "s3" fails because [child "key" fails because ["key" must be a string, "key" must be an object]]',
+        'key',
+        ['x']
+      )
+      shouldError(
+        'child "s3" fails because [child "key" fails because ["key" must be a string, "param" is not allowed, "key" must contain at least one of [pathParam, queryStringParam]]]',
+        'key',
+        { param: 'myKey' }
+      )
+    })
+  })
+
   describe('sqs', () => {
     it('should throw if requestParameters is not a string to string', () => {
       serverlessApigatewayServiceProxy.serverless.service.custom = {

lib/index.js

@@ -23,7 +23,6 @@ const compileSqsServiceProxy = require('./package/sqs/compileSqsServiceProxy')
 // S3
 const compileMethodsToS3 = require('./package/s3/compileMethodsToS3')
 const compileIamRoleToS3 = require('./package/s3/compileIamRoleToS3')
-const validateS3ServiceProxy = require('./package/s3/validateS3ServiceProxy')
 const compileS3ServiceProxy = require('./package/s3/compileS3ServiceProxy')
 // SNS
 const compileMethodsToSns = require('./package/sns/compileMethodsToSns')
@@ -56,7 +55,6 @@ class ServerlessApigatewayServiceProxy {
       compileMethodsToS3,
       compileIamRoleToS3,
       compileS3ServiceProxy,
-      validateS3ServiceProxy,
       compileMethodsToSns,
       compileIamRoleToSns,
       validateSnsServiceProxy,

lib/package/s3/compileS3ServiceProxy.js

@@ -2,7 +2,6 @@
 
 module.exports = {
   async compileS3ServiceProxy() {
-    this.validateS3ServiceProxy()
     this.compileIamRoleToS3()
     this.compileMethodsToS3()
   }