Merge pull request #2807 from aws/release-v1.58.0

Release 1.58.0 (to main)

.cfnlintrc.yaml

@@ -2,115 +2,47 @@ templates:
   - tests/translator/output/**/*.json
 ignore_templates:
   - tests/translator/output/**/error_*.json # Fail by design
-  - tests/translator/output/**/api_cache.json
-  - tests/translator/output/**/api_description.json
-  - tests/translator/output/**/api_endpoint_configuration.json
-  - tests/translator/output/**/api_endpoint_configuration_with_vpcendpoint.json
   - tests/translator/output/**/api_http_paths_with_if_condition.json
   - tests/translator/output/**/api_http_paths_with_if_condition_no_value_else_case.json
   - tests/translator/output/**/api_http_paths_with_if_condition_no_value_then_case.json
   - tests/translator/output/**/api_http_with_default_iam_authorizer.json
-  - tests/translator/output/**/api_request_model.json
-  - tests/translator/output/**/api_request_model_openapi_3.json
-  - tests/translator/output/**/api_request_model_with_validator.json
-  - tests/translator/output/**/api_request_model_with_validator_openapi_3.json
   - tests/translator/output/**/api_rest_paths_with_if_condition_openapi.json
   - tests/translator/output/**/api_rest_paths_with_if_condition_openapi_no_value_else_case.json
   - tests/translator/output/**/api_rest_paths_with_if_condition_openapi_no_value_then_case.json
   - tests/translator/output/**/api_rest_paths_with_if_condition_swagger.json
   - tests/translator/output/**/api_rest_paths_with_if_condition_swagger_no_value_else_case.json
   - tests/translator/output/**/api_rest_paths_with_if_condition_swagger_no_value_then_case.json
-  - tests/translator/output/**/api_swagger_integration_with_ref_intrinsic_api_id.json
-  - tests/translator/output/**/api_swagger_integration_with_string_api_id.json
-  - tests/translator/output/**/api_with_access_log_setting.json
   - tests/translator/output/**/api_with_any_method_in_swagger.json
-  - tests/translator/output/**/api_with_apikey_default_override.json
-  - tests/translator/output/**/api_with_apikey_required.json
-  - tests/translator/output/**/api_with_apikey_required_openapi_3.json
-  - tests/translator/output/**/api_with_apikey_source.json
-  - tests/translator/output/**/api_with_auth_all_maximum.json
-  - tests/translator/output/**/api_with_auth_all_maximum_openapi_3.json
-  - tests/translator/output/**/api_with_auth_all_minimum.json
-  - tests/translator/output/**/api_with_auth_all_minimum_openapi.json
   - tests/translator/output/**/api_with_auth_and_conditions_all_max.json
-  - tests/translator/output/**/api_with_auth_no_default.json
-  - tests/translator/output/**/api_with_auth_with_default_scopes.json
-  - tests/translator/output/**/api_with_auth_with_default_scopes_openapi.json
-  - tests/translator/output/**/api_with_aws_account_blacklist.json
-  - tests/translator/output/**/api_with_aws_account_whitelist.json
-  - tests/translator/output/**/api_with_aws_iam_auth_overrides.json
   - tests/translator/output/**/api_with_basic_custom_domain.json
   - tests/translator/output/**/api_with_basic_custom_domain_http.json
   - tests/translator/output/**/api_with_basic_custom_domain_intrinsics.json
   - tests/translator/output/**/api_with_basic_custom_domain_intrinsics_http.json
   - tests/translator/output/**/api_with_binary_media_types.json
   - tests/translator/output/**/api_with_binary_media_types_definition_body.json
   - tests/translator/output/**/api_with_canary_setting.json
-  - tests/translator/output/**/api_with_cors.json
-  - tests/translator/output/**/api_with_cors_and_auth_no_preflight_auth.json
-  - tests/translator/output/**/api_with_cors_and_auth_preflight_auth.json
   - tests/translator/output/**/api_with_cors_and_conditions_no_definitionbody.json
-  - tests/translator/output/**/api_with_cors_and_only_credentials_false.json
-  - tests/translator/output/**/api_with_cors_and_only_headers.json
-  - tests/translator/output/**/api_with_cors_and_only_maxage.json
-  - tests/translator/output/**/api_with_cors_and_only_methods.json
-  - tests/translator/output/**/api_with_cors_and_only_origins.json
-  - tests/translator/output/**/api_with_cors_no_definitionbody.json
-  - tests/translator/output/**/api_with_cors_openapi_3.json
   - tests/translator/output/**/api_with_custom_base_path.json
   - tests/translator/output/**/api_with_custom_domain_route53.json
   - tests/translator/output/**/api_with_custom_domain_route53_hosted_zone_name.json
   - tests/translator/output/**/api_with_custom_domain_route53_hosted_zone_name_http.json
   - tests/translator/output/**/api_with_custom_domain_route53_http.json
   - tests/translator/output/**/api_with_custom_domain_route53_multiple_intrinsic_hostedzoneid.json
-  - tests/translator/output/**/api_with_default_aws_iam_auth.json
-  - tests/translator/output/**/api_with_default_aws_iam_auth_and_no_auth_route.json
-  - tests/translator/output/**/api_with_disable_api_execute_endpoint.json
-  - tests/translator/output/**/api_with_disable_api_execute_endpoint_openapi_3.json
-  - tests/translator/output/**/api_with_fail_on_warnings.json
-  - tests/translator/output/**/api_with_gateway_responses.json
-  - tests/translator/output/**/api_with_gateway_responses_all.json
-  - tests/translator/output/**/api_with_gateway_responses_all_openapi_3.json
-  - tests/translator/output/**/api_with_gateway_responses_implicit.json
-  - tests/translator/output/**/api_with_gateway_responses_minimal.json
-  - tests/translator/output/**/api_with_gateway_responses_string_status_code.json
   - tests/translator/output/**/api_with_identity_intrinsic.json
   - tests/translator/output/**/api_with_if_conditional_with_resource_policy.json
-  - tests/translator/output/**/api_with_incompatible_stage_name.json
-  - tests/translator/output/**/api_with_ip_range_blacklist.json
-  - tests/translator/output/**/api_with_ip_range_whitelist.json
-  - tests/translator/output/**/api_with_method_aws_iam_auth.json
-  - tests/translator/output/**/api_with_method_settings.json
-  - tests/translator/output/**/api_with_minimum_compression_size.json
-  - tests/translator/output/**/api_with_mode.json
-  - tests/translator/output/**/api_with_open_api_version.json
-  - tests/translator/output/**/api_with_open_api_version_2.json
-  - tests/translator/output/**/api_with_openapi_definition_body_no_flag.json
-  - tests/translator/output/**/api_with_path_parameters.json
-  - tests/translator/output/**/api_with_resource_policy.json
   - tests/translator/output/**/api_with_resource_policy_global.json
-  - tests/translator/output/**/api_with_resource_policy_global_implicit.json
-  - tests/translator/output/**/api_with_resource_refs.json
-  - tests/translator/output/**/api_with_security_definition_and_components.json
-  - tests/translator/output/**/api_with_security_definition_and_no_components.json
   - tests/translator/output/**/api_with_security_definition_and_none_components.json
-  - tests/translator/output/**/api_with_source_vpc_blacklist.json
   - tests/translator/output/**/api_with_source_vpc_whitelist.json
-  - tests/translator/output/**/api_with_swagger_and_openapi_with_auth.json
-  - tests/translator/output/**/api_with_swagger_authorizer_none.json
   - tests/translator/output/**/api_with_usageplans.json
   - tests/translator/output/**/api_with_usageplans_intrinsics.json
   - tests/translator/output/**/api_with_usageplans_shared_attributes_three.json
   - tests/translator/output/**/api_with_usageplans_shared_attributes_two.json
   - tests/translator/output/**/api_with_usageplans_shared_no_side_effect_1.json
   - tests/translator/output/**/api_with_usageplans_shared_no_side_effect_2.json
-  - tests/translator/output/**/api_with_xray_tracing.json
   - tests/translator/output/**/application_with_intrinsics.json
   - tests/translator/output/**/basic_function_withimageuri.json
   - tests/translator/output/**/basic_layer.json
-  - tests/translator/output/**/cloudwatch_logs_with_ref.json
   - tests/translator/output/**/cloudwatchevent_intrinsics.json
-  - tests/translator/output/**/cloudwatchlog.json
   - tests/translator/output/**/congito_userpool_with_sms_configuration.json
   - tests/translator/output/**/connector_bucket_to_function.json
   - tests/translator/output/**/connector_dependson_replace.json
@@ -125,14 +57,9 @@ ignore_templates:
   - tests/translator/output/**/connector_sfn_to_function.json
   - tests/translator/output/**/connector_sns_to_function.json
   - tests/translator/output/**/connector_table_to_function.json
-  - tests/translator/output/**/depends_on.json
   - tests/translator/output/**/eventbridgerule_with_dlq.json
-  - tests/translator/output/**/explicit_api.json
-  - tests/translator/output/**/explicit_api_openapi_3.json
-  - tests/translator/output/**/explicit_api_with_invalid_events_config.json
   - tests/translator/output/**/function_event_conditions.json
   - tests/translator/output/**/function_with_alias_and_code_sha256.json
-  - tests/translator/output/**/function_with_alias_and_event_sources.json
   - tests/translator/output/**/function_with_alias_intrinsics.json
   - tests/translator/output/**/function_with_condition.json
   - tests/translator/output/**/function_with_conditional_managed_policy.json
@@ -149,7 +76,6 @@ ignore_templates:
   - tests/translator/output/**/function_with_deployment_preference_multiple_combinations_conditions_with_passthrough.json
   - tests/translator/output/**/function_with_deployment_preference_multiple_combinations_conditions_without_passthrough.json
   - tests/translator/output/**/function_with_deployment_preference_passthrough_condition_with_supported_intrinsics.json
-  - tests/translator/output/**/function_with_disabled_traffic_hook.json
   - tests/translator/output/**/function_with_dlq.json
   - tests/translator/output/**/function_with_event_dest.json
   - tests/translator/output/**/function_with_event_dest_basic.json
@@ -160,53 +86,38 @@ ignore_templates:
   - tests/translator/output/**/function_with_globals_role_path.json
   - tests/translator/output/**/function_with_intrinsic_architecture.json
   - tests/translator/output/**/function_with_kmskeyarn.json
-  - tests/translator/output/**/function_with_many_layers.json
-  - tests/translator/output/**/function_with_msk.json
-  - tests/translator/output/**/function_with_request_parameters.json
   - tests/translator/output/**/function_with_resource_refs.json
   - tests/translator/output/**/function_with_role_and_role_path.json
   - tests/translator/output/**/function_with_role_path.json
-  - tests/translator/output/**/global_handle_path_level_parameter.json
-  - tests/translator/output/**/globals_for_api.json
   - tests/translator/output/**/http_api_custom_iam_auth.json
   - tests/translator/output/**/http_api_existing_openapi.json
   - tests/translator/output/**/http_api_existing_openapi_conditions.json
   - tests/translator/output/**/http_api_explicit_stage.json
   - tests/translator/output/**/http_api_global_iam_auth_enabled.json
-  - tests/translator/output/**/http_api_lambda_auth.json
-  - tests/translator/output/**/http_api_lambda_auth_full.json
   - tests/translator/output/**/http_api_local_iam_auth_enabled.json
-  - tests/translator/output/**/http_api_multiple_authorizers.json
   - tests/translator/output/**/http_api_with_cors.json
   - tests/translator/output/**/implicit_and_explicit_api_with_conditions.json
-  - tests/translator/output/**/implicit_api.json
-  - tests/translator/output/**/implicit_api_deletion_policy_precedence.json
   - tests/translator/output/**/implicit_api_with_auth_and_conditions_max.json
   - tests/translator/output/**/implicit_api_with_many_conditions.json
-  - tests/translator/output/**/implicit_api_with_serverless_rest_api_resource.json
   - tests/translator/output/**/implicit_http_api_with_many_conditions.json
   - tests/translator/output/**/intrinsic_functions.json
-  - tests/translator/output/**/iot_rule.json
   - tests/translator/output/**/kinesis_intrinsics.json
   - tests/translator/output/**/layers_all_properties.json
   - tests/translator/output/**/layers_with_intrinsics.json
-  - tests/translator/output/**/no_implicit_api_with_serverless_rest_api_resource.json
   - tests/translator/output/**/s3_create_remove.json
   - tests/translator/output/**/s3_intrinsics.json
   - tests/translator/output/**/schema_validation_1.json
   - tests/translator/output/**/self_managed_kafka_with_intrinsics.json
-  - tests/translator/output/**/state_machine_with_api_authorizer.json
-  - tests/translator/output/**/state_machine_with_api_authorizer_maximum.json
+  - tests/translator/output/**/sqs_with_scaling_config.json  # Invalid Property Resources/SQSFunctionMySqsQueue/Properties/ScalingConfig
   - tests/translator/output/**/state_machine_with_condition.json
   - tests/translator/output/**/state_machine_with_condition_and_events.json
   - tests/translator/output/**/state_machine_with_eb_dlq_target_id.json
   - tests/translator/output/**/state_machine_with_event_schedule_state.json
   - tests/translator/output/**/state_machine_with_schedule.json
   - tests/translator/output/**/state_machine_with_schedule_dlq_retry_policy.json
+  - tests/translator/output/**/globals_for_function.json  # RuntimeManagementConfig
+  - tests/translator/output/**/function_with_runtime_config.json  # RuntimeManagementConfig
 ignore_checks:
   - E2531 # Deprecated runtime; not relevant for transform tests
   - W2531 # EOL runtime; not relevant for transform tests
   - E3001 # Invalid or unsupported Type; common in transform tests since they focus on SAM resources
-include_checks:
-  # Informational rules not enabled by default: https://github.com/aws-cloudformation/cfn-lint/blob/7219faeabe48063e68e1a3e63f0301c5b337d36e/README.md#info-rules
-  - I3042 # Hardcoded ARN partition/account

DEVELOPMENT_GUIDE.md

@@ -26,7 +26,7 @@ Environment setup
 -----------------
 ### 1. Install Python versions
 
-Our officially supported Python versions are 3.6, 3.7 and 3.8. 
+Our officially supported Python versions are 3.7, 3.8, 3.9 and 3.10. 
 Our CI/CD pipeline is setup to run unit tests against Python 3 versions. Make sure you test it before sending a Pull Request.
 See [Unit testing with multiple Python versions](#unit-testing-with-multiple-python-versions).
 
@@ -40,11 +40,12 @@ easily setup multiple Python versions. For
 1.  Install PyEnv -
     `curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash`
 1. Restart shell so the path changes take effect - `exec $SHELL`
-1.  `pyenv install 3.6.12`
-1.  `pyenv install 3.7.9`
-1.  `pyenv install 3.8.6`
-1.  Make Python versions available in the project:
-    `pyenv local 3.6.12 3.7.9 3.8.6`
+1.  `pyenv install 3.7.16`
+1.  `pyenv install 3.8.16`
+1.  `pyenv install 3.9.16`
+1.  `pyenv install 3.10.9`
+3.  Make Python versions available in the project:
+    `pyenv local 3.7.16 3.8.16 3.9.16 3.10.9`
 
 Note: also make sure the following lines were written into your `.bashrc` (or `.zshrc`, depending on which shell you are using):
 ```
@@ -120,10 +121,10 @@ Run `make test` or `make test-fast`. Once all tests pass make sure to run
 
 ### Unit testing with multiple Python versions
 
-Currently, our officially supported Python versions are 3.6, 3.7 and 3.8. For the most
-part, code that works in Python3.6 will work in Python3.7 and Python3.8. You only run into problems if you are
-trying to use features released in a higher version (for example features introduced into Python3.7
-will not work in Python3.6). If you want to test in many versions, you can create a virtualenv for
+Currently, our officially supported Python versions are 3.7, 3.8, 3.9 and 3.10. For the most
+part, code that works in Python3.7 will work in Pythons 3.8, 3.9 and 3.10. You only run into problems if you are
+trying to use features released in a higher version (for example features introduced into Python3.10
+will not work in Python3.9). If you want to test in many versions, you can create a virtualenv for
 each version and flip between them (sourcing the activate script). Typically, we run all tests in
 one python version locally and then have our ci (appveyor) run all supported versions.
 
@@ -158,7 +159,7 @@ Integration tests are covered in detail in the [INTEGRATION_TESTS.md file](INTEG
 ## Development guidelines
 
 1. **Do not resolve [intrinsic functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html).** Adding [`AWS::LanguageExtensions`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-languageextension-transform.html) before the `AWS::Serverless-2016-10-31` transform resolves most of them (see https://github.com/aws/serverless-application-model/issues/2533). For new properties, use [`Property`](https://github.com/aws/serverless-application-model/blob/c5830b63857f52e540fec13b29f029458edc539a/samtranslator/model/__init__.py#L36-L45) or [`PassThroughProperty`](https://github.com/aws/serverless-application-model/blob/dd79f535500158baa8e367f081d6a12113497e45/samtranslator/model/__init__.py#L48-L56) instead of [`PropertyType`](https://github.com/aws/serverless-application-model/blob/c39c2807bbf327255de8abed8b8150b18c60f053/samtranslator/model/__init__.py#L13-L33).
-2. **Do not break backward compatibility.** As rule of thumb, a specific SAM template should always transform into the same CloudFormation template. Do not change logical IDs. Add opt-in properties for breaking changes. There are some exceptions, such as changes that do not impact resources (e.g. [`Metadata`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html)) or abstractions that can by design change over time.
+2. **Do not break backward compatibility.** A specific SAM template should always transform into the same CloudFormation template. A template that has previously deployed successfully should continue to do so. Do not change logical IDs. Add opt-in properties for breaking changes. There are some exceptions, such as changes that do not impact resources (e.g. [`Metadata`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html)) or abstractions that can by design change over time.
 3. **Stick as close as possible to the underlying CloudFormation properties.** This includes both property names and values. This ensures we can pass values to CloudFormation and let it handle any intrinsic functions. In some cases, it also allows us to pass all properties as-is to a resource, which means customers can always use the newest properties, and we don’t spend effort maintaining a duplicate set of properties.
 4. **Only validate what’s necessary.** Do not validate properties if they’re passed directly to the underlying CloudFormation resource.
 5. **Add [type hints](https://peps.python.org/pep-0484/) to new code.** Strict typing was enabled in https://github.com/aws/serverless-application-model/pull/2558 by sprinkling [`# type: ignore`](https://peps.python.org/pep-0484/#compatibility-with-other-uses-of-function-annotations) across the existing code. Don't do that for new code. Avoid `# type: ignore`s at all cost. Instead, add types to new functions, and ideally add types to existing code it uses as well.

Makefile

@@ -19,7 +19,7 @@ integ-test:
 
 black:
 	black setup.py samtranslator/* tests/* integration/* bin/*.py
-	bin/json-format.py --write tests integration
+	bin/json-format.py --write tests integration samtranslator/policy_templates_data
 	bin/yaml-format.py --write tests
 	bin/yaml-format.py --write integration --add-test-metadata
 
@@ -29,7 +29,7 @@ black-check:
 	diff -u samtranslator/schema/schema.json .tmp_schema.json
 	rm .tmp_schema.json
 	black --check setup.py samtranslator/* tests/* integration/* bin/*.py
-	bin/json-format.py --check tests integration
+	bin/json-format.py --check tests integration samtranslator/policy_templates_data
 	bin/yaml-format.py --check tests
 	bin/yaml-format.py --check integration --add-test-metadata
 
@@ -38,6 +38,8 @@ lint:
 	mypy --strict samtranslator bin
 	# Linter performs static analysis to catch latent bugs
 	pylint --rcfile .pylintrc samtranslator
+	# cfn-lint to make sure generated CloudFormation makes sense
+	bin/run_cfn_lint.sh
 
 prepare-companion-stack:
 	pytest -v --no-cov integration/setup -m setup