feat(event_handler): add custom response validation in OpenAPI utility

[amin-farjadi]

Issue number: #5888

Summary

Add the option to distinguish between payload validation and response validation.

Changes

• Optional has_response_validation_error argument has been added to OpenAPIValidationMiddleware.
• Optional response_validation_error_http_status argument has been added to the ApiGatewayResolver and its subclasses.
• ResponseValidationError exception class has been added to OpenAPI exceptions
• Tests have been added for APIGatewayRestResolver response validation.
• Add Validating responses section in the docs

User experience

Nothing will change. The user will have the option to set a custom response validation http status for Amazon API Gateway REST and HTTP APIs, Application Load Balancer (ALB), Lambda Function URLs, and VPC Lattice.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

• Meet tenets criteria
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented
• PR title follows conventional commit semantics

Is this a breaking change?

RFC issue number:

Checklist:

• Migration process documented
• Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

[boring-cyborg]

Thanks a lot for your first contribution! Please check out our contributing guidelines and don't hesitate to ask whatever you need.
In the meantime, check out the #python channel on our Powertools for AWS Lambda Discord: Invite link

[leandrodamascena]

Hey hey @amin-farjadi! Thanks a lot for this PR! I'm working on fixing something else and will review it by Monday, ok?

[amin-farjadi]

Hey hey @amin-farjadi! Thanks a lot for this PR! I'm working on fixing something else and will review it by Monday, ok?

Hi @leandrodamascena 👋 Absolutely fine, thanks

[leandrodamascena]

Hey hey @amin-farjadi! Thanks a lot for this PR! I'm working on fixing something else and will review it by Monday, ok?

Hi @leandrodamascena 👋 Absolutely fine, thanks

I see that our CI is failing with some importing or type annotation. Can you take a look please?

[amin-farjadi]

Why are the tests checked against python 3.9 when the codebase is not compatible with it? Union operator for typing is used extensively in the codebase (which fails the python 3.9 test).

If I turn int | None to Optional[int], formatter will be unhappy. But, happy to do so if needs be

[leandrodamascena]

Suggested change

	id_: int | None = Field(alias="id", default=None)
	id_: Optional[int] = Field(alias="id", default=None)

[leandrodamascena]

Why are the tests checked against python 3.9 when the codebase is not compatible with it? Union operator for typing is used extensively in the codebase (which fails the python 3.9 test).

If I turn int | None to Optional[int], formatter will be unhappy. But, happy to do so if needs be

There are some inconsistencies when using Pydantic models and Union operations.. Try to make this Optional and remove future annotations. I think this can solve the problem for now. If not, I can take a look during the review.

[amin-farjadi]

I see!

[amin-farjadi]

@leandrodamascena added ruff rule FA102 to be ignored for linting as this project uses python >=3.9 . This resolved the issue I was having in precommit, forcing me to import annotations in the test.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.26%. Comparing base (bf64061) to head (218c666).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #6189   +/-   ##
========================================
  Coverage    96.25%   96.26%           
========================================
  Files          236      236           
  Lines        11407    11429   +22     
  Branches       830      834    +4     
========================================
+ Hits         10980    11002   +22     
  Misses         337      337           
  Partials        90       90           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[leandrodamascena]

I'm starting my review of this PR.

[leandrodamascena]

Hey @amin-farjadi! This is an excellent PR, and I really appreciate your work on this. I've left some comments that I believe we should address before moving to the next round of review.

I'm also curious about potentially enabling this response validation code for individual routes as well. We could have it at both the global level and per route. This isn't a mandatory change, but I'd like to hear your thoughts on this idea.

Let me know what you think, and thanks again for your valuable contribution!

[leandrodamascena]

Suggested change

	response_validation_error_http_status
	Enables response validation and sets returned status code if response is not validated.
	response_validation_error_http_status
	HTTP status code returned when response validation fails.

Response validation is already enabled, we are modifying the customer to inform a specific http status code.

[leandrodamascena]

Suggested change

	response_validation_error_http_status=None,
	response_validation_error_http_code=None,

What do you think about this?

[amin-farjadi]

Looks good

[leandrodamascena]

Suggested change

	if response_validation_error_http_status and not enable_validation:
	msg = "'response_validation_error_http_status' cannot be set when enable_validation is False."
	raise ValueError(msg)
	if (
	not isinstance(response_validation_error_http_status, HTTPStatus)
	and response_validation_error_http_status is not None
	):
	try:
	response_validation_error_http_status = HTTPStatus(response_validation_error_http_status)
	except ValueError:
	msg = f"'{response_validation_error_http_status}' must be an integer representing an HTTP status code."
	raise ValueError(msg) from None
	self._response_validation_error_http_status = (
	response_validation_error_http_status
	if response_validation_error_http_status
	else HTTPStatus.UNPROCESSABLE_ENTITY
	)
	self._response_validation_error_http_status = self._validate_response_validation_error_status(
	response_validation_error_http_status,
	enable_validation
	)

And then we can simplify the logic and move the code for a specific function:

def _validate_response_validation_error_status(self, response_validation_error_http_status, enable_validation):
	        if response_validation_error_http_status and not enable_validation:
	            raise ValueError("'response_validation_error_http_status' cannot be set when enable_validation is False.")
	
	        if response_validation_error_http_status is None:
	            return HTTPStatus.UNPROCESSABLE_ENTITY
	
	        if isinstance(response_validation_error_http_status, HTTPStatus):
	            return response_validation_error_http_status
	
	        try:
	            return HTTPStatus(response_validation_error_http_status)
	        except ValueError:
	            raise ValueError(f"'{response_validation_error_http_status}' must be an integer representing an HTTP status code.")

[amin-farjadi]

Great idea

[leandrodamascena]

Suggested change

	http_status = (
	self._response_validation_error_http_status
	if self._response_validation_error_http_status
	else HTTPStatus.UNPROCESSABLE_ENTITY
	)
	http_status = self._response_validation_error_http_status

Am I wrong or aren't we testing this condition before setting the HTTP code? Do we need it again here?

[amin-farjadi]

Absolutely right

[leandrodamascena]

I'm not sure I fully understand this. Could you please explain it to me?

[amin-farjadi]

I have no idea where this came from :D. Will remove it and add _has_response_validation_error param to docstring.

[leandrodamascena]

This shouldn't be a unit test; it's more suited as a functional test. I'd like it moved to https://github.com/aws-powertools/powertools-lambda-python/tree/develop/tests/functional/event_handler/_pydantic.

Also, please avoid adding tests inside classes. Please move the tests to plain functions, and utilizes fixtures when needed.

[leandrodamascena]

I'll review this once all other reviews are complete.

[amin-farjadi]

Hi @leandrodamascena, thanks for the review. Will implement suggested changes by the end of the week. Regarding custom http status code on a route-level, I will familiarise myself with the Route implementation and has a crack at it in this PR.

[leandrodamascena]

Hi @leandrodamascena, thanks for the review. Will implement suggested changes by the end of the week. Regarding custom http status code on a route-level, I will familiarise myself with the Route implementation and has a crack at it in this PR.

Thanks @amin-farjadi! It's great that you understand the Route implementation. However, after further consideration, let's keep this PR as is and create a new issue to discuss the implementation of the route-specific functionality. We can then work on that in a separate PR.

[amin-farjadi]

Hi @leandrodamascena, I believe all your points have been addressed in the recent commits. I have drafted an implemented for route-specific custom response validation http status code which I can add in a subsequent PR

[sonarqubecloud]

Quality Gate passed

Issues
5 New issues
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[leandrodamascena]

Hi @leandrodamascena, I believe all your points have been addressed in the recent commits. I have drafted an implemented for route-specific custom response validation http status code which I can add in a subsequent PR

Hi @amin-farjadi! Thanks a lot for addressing all the points! I'll review it again today and I'll probably have some very small changes to make, especially in the documentation part, but nothing critical and I can push a commit before approving it, ok?

I'm very happy to have this new feature, it will give customers more flexibility when working with data validation.

Regarding to the validation code per route, please open an issue with a pseudo code showing the experience, this will be super nice!

[amin-farjadi]

Hi @leandrodamascena, I believe all your points have been addressed in the recent commits. I have drafted an implemented for route-specific custom response validation http status code which I can add in a subsequent PR

Hi @amin-farjadi! Thanks a lot for addressing all the points! I'll review it again today and I'll probably have some very small changes to make, especially in the documentation part, but nothing critical and I can push a commit before approving it, ok?

I'm very happy to have this new feature, it will give customers more flexibility when working with data validation.

Regarding to the validation code per route, please open an issue with a pseudo code showing the experience, this will be super nice!

I'm happy to try and close this PR today. Absolutely fine by me, please do feel free.

I drafted this issue for route-specific custom response validation http status code (that's a mouthful!) #6245

[leandrodamascena]

Hi @amin-farjadi! Just a quick explanation. A while ago you opened this issue and we fixed it in this PR. But this created a regression and I had to revert it while I find the right solution.

So because of this, some tests in the test_openapi_validation_middleware.py file are failing, but this is not caused by you. Can you please disable the those tests? Don't remove, just add the decorator @pytest.mark.skipif(reason="Test temporarily disabled until falsy return is fixed")?

test_validation_error_none_returned_non_optional_type
test_none_returned_for_falsy_return
test_custom_response_validation_error_http_code_invalid_response_none