Serverless Framework Lamba Integration - Request Schema Validation

Question

I've looked at the few answers I could find here on SO but I'm still not having any luck. I'm using Serverless and trying to do validation on the request body for a lambda function using api gateway lambda integration. After running sls offline and making a POST request using postman, no matter what the body is, the request succeeds. Validation doesn't seem to be occurring at all.

Here's what I have...

serverless.yml:

service: onboard

# plugins
plugins:
  - serverless-offline

provider:
  name: aws
  runtime: nodejs12.x
  stage: dev
  region: us-east-1

functions:
  onboard:
    handler: api/onboard.onboard
    events:
      - http:
          path: onboard
          method: post
          integration: lambda
          request:
            passThrough: NEVER
            schema:
              application/json: ${file(models/onboard.schema.json)}
            template:
              application/json: '{ "body" : "$input.body" }'

api/onboard.js

const onboard = async (event) => {
  const response = {
    message: event
  };

  return response;
};

exports.onboard = onboard;

models/onboard.schema.json:

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "id": "https://path.to/onboard",
  "title": "title",
  "description": "description",
  "type": "object",
  "properties": {
    "environment": { "type": "string" },
    "git": { 
      "type": "object",
      "properties": {
        "repo": {
          "type": "string",
          "format": "uri",
          "pattern": ".git$"
        },
        "token": { "type": "string" }
      },
      "required": ["repo", "token"],
      "maxProperties": 2
    },
    "name": {  "type": "string" },
    "team": {
      "type": "string",
      "pattern": "(?i)(^red$|^blue$|^green$|^yellow$|^black$|^white$)"
    }
  },
  "additionalProperties": false,
  "required": ["name", "team"]
}

Answer 1

Serverless-offline doesn't support request validation https://github.com/dherault/serverless-offline/issues/369

Better test it out seperately on apigateway by defining mock response. This will ensure lambda response (in case incorrect based on the integration type) is not causing any misguidance.

Answer 2

There are a few things to look out for here:

1. Your test request must pass the Content-Type that matches what you have configured, otherwise the validation is ignored. The only way to enforce the use of the Content-Type as far as I have seen is to add that minimal validation to your Lambda function.
2. serverless-offline may not take the request validation into account. Its better to test in the cloud. Personally I avoid these types of tests locally and try to test in the cloud as much as possible. With the new feature called Studio being released by the Serverless Framework it makes this a lot easier by providing rapid turn around time for making changes, pushing to the cloud in seconds, and giving you a postman-like interface to send tests to your infrastructure in the cloud making testing a lot easier.