This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

OAS validation policy throwing error

Posted on 04-01-2021 01:31 AM
saptarshimandal
New Member
Reply posted on --/--/---- --:-- AM

I have an OAS3.0 document that is valid and swagger.io validates it. However, when I try validating it using OAS policy it throws the below error: OASValidation with resource "oas://oas3_v1.json": failed with reason: "[ERROR - [Path '/Individual/0'] Object has missing required properties (["Email"]): []]"

Also, when there is a validation error in the request, a 500 Internal Server Error response is returned.

This seems a little odd, since a malformed request should return a 400 Bad Request

What is the reason for Apigee to behave like this? Is there a fix for this?

0 8 1,435
Topic Labels
0 Likes
8 REPLIES 8

Posted on --/--/---- --:-- AM
saptarshimandal
New Member
Reply posted on --/--/---- --:-- AM

@dino-at-Google and @Kurt Googler Kanaskie

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I think your view that 500 is inappropriate, and that a status code of 400 or something in the 4xx range would be more appropriate, is valid. I agree with you.

To set the correct status and response that Apigee sends back to the client, you can use FaultRules to intercept this fault, and then within the FaultRule, use AssignMessage to set the status code, the error message, and so on. This all fits under the general topic of "fault handling".

ok, aside from that, I think you have a separate question regarding why Apigee is rejecting a message. The message is pretty clear - Apigee is saying there's a required property (Email) that is missing. In order to assess whether we think this is a valid result, you'd need to show us:

  • the request you're sending in
  • the OpenAPI Spec you are validating against.

I can't say why there's a difference between the results swagger.io gives you, and the result you're seeing from Apigee. I'd rather focus on determining whether the result you're seeing from Apigee is correct.

0 Likes

Posted on --/--/---- --:-- AM
saptarshimandal
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks @Dino-at-Google

I have used the same process as you mentioned. However, I was thinking if we can upgrade the policy to throw 400 error in case of a validation error.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to saptarshimandal
Reply posted on --/--/---- --:-- AM

I agree. I have filed a change request. ref: b/184389140

In the meantime you must use FaultRules to handle this.

Posted on --/--/---- --:-- AM
saptarshimandal
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks Dino.

0 Likes

Posted on --/--/---- --:-- AM
vijayakumarm
Staff
Reply posted on --/--/---- --:-- AM

Release https://docs.apigee.com/release/notes/220314-apigee-edge-public-cloud-release-notes addresses this issue for cloud customers.

Refer : "OAS validation errors now throw HTTP 400 status; previously, 500 status was thrown."

Posted on --/--/---- --:-- AM
soosmarci
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

@vijayakumarm I can see that 400 is returned, however the documentation still refers to 500.

https://cloud.google.com/apigee/docs/api-platform/reference/policies/oas-validation-policy#runtime-e...

 

Fault codeHTTP status
steps.oasvalidation.Failed500Request message body cannot be validated against the provided OpenAPI Specification.

 

Is the documentation is not up2date, or am I missing something?
Thank you in advance,

Br,
Marcello

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to soosmarci
Reply posted on --/--/---- --:-- AM

The documentation is not (as of 2023 Oct 16) up to date. I'll get that corrected, Marcello.  Thanks for pointing it out.