Expand boto auto detection to include sub properties (#3763)

* Add boto subproperty logic

Author: kddejong

scripts/boto/_automated_patches.py

@@ -9,6 +9,8 @@
 
 from _types import AllPatches, Patch, ResourcePatches
 
+from cfnlint.schema.resolver import RefResolver
+
 skip = [
     "account",
     "chime",
@@ -90,12 +92,63 @@ def get_last_date(service_dir: Path) -> str:
     return last_date
 
 
+def _nested_objects(
+    resolver: RefResolver,
+    schema_data: dict[str, Any],
+    boto_data: dict[str, Any],
+    shape_data: dict[str, Any],
+    start_path: str,
+    source: list[str],
+):
+    results = {}
+    for member, member_data in shape_data.get("members", {}).items():
+        for p_name, p_data in schema_data.get("properties", {}).items():
+            if p_name in skip_property_names:
+                continue
+            if p_name.lower() == member.lower():
+
+                path = f"{start_path}/properties/{p_name}"
+
+                while True:
+                    if "$ref" not in p_data:
+                        break
+                    path = p_data["$ref"][1:]
+                    p_data = resolver.resolve_from_url(p_data["$ref"])
+
+                # skip if we already have an enum or pattern
+                if any([p_data.get(field) for field in _fields]):
+                    continue
+
+                member_shape_name = member_data.get("shape")
+                member_shape = boto_data.get("shapes", {}).get(member_shape_name, {})
+
+                if member_shape.get("type") == "structure":
+                    if p_data.get("type") == "object":
+                        results.update(
+                            _nested_objects(
+                                resolver, p_data, boto_data, member_shape, path, source
+                            )
+                        )
+
+                if not any([member_shape.get(field) for field in _fields]):
+                    continue
+
+                results[path] = Patch(
+                    source=source,
+                    shape=member_shape_name,
+                )
+
+    return results
+
+
 def _per_resource_patch(
     schema_data: dict[str, Any], boto_data: dict[str, Any], source: list[str]
 ) -> ResourcePatches:
     results: ResourcePatches = {}
     create_operations = get_schema_create_operations(schema_data)
     shapes = {}
+
+    resolver = RefResolver.from_schema(schema_data)
     for create_operation in create_operations:
         shapes.update(get_shapes(boto_data, create_operation))
         create_shape = (
@@ -105,39 +158,16 @@ def _per_resource_patch(
             .get("shape")
         )
 
-        for member, member_data in (
-            boto_data.get("shapes", {}).get(create_shape, {}).get("members", {}).items()
-        ):
-            for p_name, p_data in schema_data.get("properties", {}).items():
-                if p_name in skip_property_names:
-                    continue
-                if p_name.lower() == member.lower():
-
-                    path = f"/properties/{p_name}"
-
-                    if "$ref" in p_data:
-                        pointer = p_data["$ref"].split("/")
-                        p_data = schema_data.get(pointer[1], {}).get(pointer[2], {})
-                        if not p_data:
-                            continue
-                        path = f"/{'/'.join(pointer[1:])}"
-
-                    # skip if we already have an enum or pattern
-                    if any([p_data.get(field) for field in _fields]):
-                        continue
-
-                    member_shape_name = member_data.get("shape")
-                    member_shape = boto_data.get("shapes", {}).get(
-                        member_shape_name, {}
-                    )
-
-                    if not any([member_shape.get(field) for field in _fields]):
-                        continue
-
-                    results[path] = Patch(
-                        source=source,
-                        shape=member_shape_name,
-                    )
+        results.update(
+            _nested_objects(
+                resolver,
+                schema_data,
+                boto_data,
+                boto_data.get("shapes", {}).get(create_shape, {}),
+                "",
+                source,
+            )
+        )
 
     return results
 

src/cfnlint/data/schemas/patches/extensions/all/aws_acmpca_certificateauthority/boto.json

@@ -1,4 +1,27 @@
 [
+ {
+  "op": "add",
+  "path": "/definitions/CrlConfiguration/properties/CustomCname/pattern",
+  "value": "[-a-zA-Z0-9;/?:@&=+$,%_.!~*()']*"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/CrlConfiguration/properties/S3BucketName/pattern",
+  "value": "[-a-zA-Z0-9._/]+"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/CrlConfiguration/properties/S3ObjectAcl/enum",
+  "value": [
+   "BUCKET_OWNER_FULL_CONTROL",
+   "PUBLIC_READ"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/OcspConfiguration/properties/OcspCustomCname/pattern",
+  "value": "[-a-zA-Z0-9;/?:@&=+$,%_.!~*()']*"
+ },
  {
   "op": "add",
   "path": "/properties/KeyStorageSecurityStandard/enum",

src/cfnlint/data/schemas/patches/extensions/all/aws_amplify_app/boto.json

@@ -3,5 +3,10 @@
   "op": "add",
   "path": "/properties/AccessToken/pattern",
   "value": "(?s).+"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/AutoBranchCreationConfig/properties/BuildSpec/pattern",
+  "value": "(?s).+"
  }
 ]

src/cfnlint/data/schemas/patches/extensions/all/aws_amplify_branch/__init__.py

@@ -0,0 +1,7 @@
+[
+ {
+  "op": "add",
+  "path": "/definitions/Backend/properties/StackArn/pattern",
+  "value": "^arn:aws:cloudformation:[a-z0-9-]+:\\d{12}:stack/.+/.+$"
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_amplify_branch/boto.json

@@ -0,0 +1,12 @@
+[
+ {
+  "op": "add",
+  "path": "/definitions/ConnectorOAuthRequest/properties/AuthCode/pattern",
+  "value": "\\S+"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/ConnectorOAuthRequest/properties/RedirectUri/pattern",
+  "value": "\\S+"
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_appflow_connectorprofile/boto.json

@@ -94,5 +94,34 @@
    "StepScaling",
    "TargetTrackingScaling"
   ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/StepScalingPolicyConfiguration/properties/AdjustmentType/enum",
+  "value": [
+   "ChangeInCapacity",
+   "ExactCapacity",
+   "PercentChangeInCapacity"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/StepScalingPolicyConfiguration/properties/MetricAggregationType/enum",
+  "value": [
+   "Average",
+   "Maximum",
+   "Minimum"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/CustomizedMetricSpecification/properties/Statistic/enum",
+  "value": [
+   "Average",
+   "Maximum",
+   "Minimum",
+   "SampleCount",
+   "Sum"
+  ]
  }
 ]

src/cfnlint/data/schemas/patches/extensions/all/aws_applicationautoscaling_scalingpolicy/boto.json

@@ -0,0 +1,17 @@
+[
+ {
+  "op": "add",
+  "path": "/definitions/CodeConfigurationValues/properties/BuildCommand/pattern",
+  "value": "[^\\x0a\\x0d]+"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/CodeConfigurationValues/properties/StartCommand/pattern",
+  "value": "[^\\x0a\\x0d]+"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/ImageConfiguration/properties/StartCommand/pattern",
+  "value": "[^\\x0a\\x0d]+"
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_apprunner_service/boto.json

@@ -4,6 +4,11 @@
   "path": "/properties/Name/pattern",
   "value": "^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,100}$"
  },
+ {
+  "op": "add",
+  "path": "/definitions/S3Location/properties/S3Bucket/pattern",
+  "value": "^[0-9a-z\\.\\-]*(?<!\\.)$"
+ },
  {
   "op": "add",
   "path": "/definitions/PackagingType/enum",

src/cfnlint/data/schemas/patches/extensions/all/aws_appstream_appblock/boto.json

@@ -4,6 +4,11 @@
   "path": "/properties/Name/pattern",
   "value": "^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,100}$"
  },
+ {
+  "op": "add",
+  "path": "/definitions/S3Location/properties/S3Bucket/pattern",
+  "value": "^[0-9a-z\\.\\-]*(?<!\\.)$"
+ },
  {
   "op": "add",
   "path": "/definitions/Arn/pattern",

src/cfnlint/data/schemas/patches/extensions/all/aws_appstream_application/boto.json

@@ -0,0 +1,16 @@
+[
+ {
+  "op": "add",
+  "path": "/definitions/CertificateBasedAuthProperties/properties/Status/enum",
+  "value": [
+   "DISABLED",
+   "ENABLED",
+   "ENABLED_NO_DIRECTORY_LOGIN_FALLBACK"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/CertificateBasedAuthProperties/properties/CertificateAuthorityArn/pattern",
+  "value": "^arn:aws(?:\\-cn|\\-iso\\-b|\\-iso|\\-us\\-gov)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.\\\\-]{0,1023}$"
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_appstream_directoryconfig/boto.json

@@ -17,5 +17,19 @@
   "op": "add",
   "path": "/properties/Name/pattern",
   "value": "[_A-Za-z][_0-9A-Za-z]*"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/AuthorizationConfig/properties/AuthorizationType/enum",
+  "value": [
+   "AWS_IAM"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/RelationalDatabaseConfig/properties/RelationalDatabaseSourceType/enum",
+  "value": [
+   "RDS_HTTP_ENDPOINT"
+  ]
  }
 ]

src/cfnlint/data/schemas/patches/extensions/all/aws_appsync_datasource/boto.json

@@ -8,5 +8,30 @@
   "op": "add",
   "path": "/properties/DataSourceName/pattern",
   "value": "[_A-Za-z][_0-9A-Za-z]*"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/SyncConfig/properties/ConflictHandler/enum",
+  "value": [
+   "AUTOMERGE",
+   "LAMBDA",
+   "NONE",
+   "OPTIMISTIC_CONCURRENCY"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/SyncConfig/properties/ConflictDetection/enum",
+  "value": [
+   "NONE",
+   "VERSION"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/AppSyncRuntime/properties/Name/enum",
+  "value": [
+   "APPSYNC_JS"
+  ]
  }
 ]

src/cfnlint/data/schemas/patches/extensions/all/aws_appsync_functionconfiguration/boto.json

@@ -21,5 +21,30 @@
    "PIPELINE",
    "UNIT"
   ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/SyncConfig/properties/ConflictHandler/enum",
+  "value": [
+   "AUTOMERGE",
+   "LAMBDA",
+   "NONE",
+   "OPTIMISTIC_CONCURRENCY"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/SyncConfig/properties/ConflictDetection/enum",
+  "value": [
+   "NONE",
+   "VERSION"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/AppSyncRuntime/properties/Name/enum",
+  "value": [
+   "APPSYNC_JS"
+  ]
  }
 ]

src/cfnlint/data/schemas/patches/extensions/all/aws_appsync_resolver/boto.json

@@ -3,5 +3,10 @@
   "op": "add",
   "path": "/definitions/AssessmentDescription/pattern",
   "value": "^[\\w\\W\\s\\S]*$"
+ },
+ {
+  "op": "add",
+  "path": "/definitions/S3Url/pattern",
+  "value": "^(S|s)3:\\/\\/[a-zA-Z0-9\\-\\.\\(\\)\\'\\*\\_\\!\\/]+$"
  }
 ]

src/cfnlint/data/schemas/patches/extensions/all/aws_auditmanager_assessment/boto.json

@@ -0,0 +1,7 @@
+[
+ {
+  "op": "add",
+  "path": "/definitions/LaunchTemplateSpecification/properties/LaunchTemplateName/pattern",
+  "value": "[a-zA-Z0-9\\(\\)\\.\\-/_]+"
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_autoscaling_autoscalinggroup/boto.json

@@ -11,5 +11,21 @@
    "st1",
    "standard"
   ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/MetadataOptions/properties/HttpTokens/enum",
+  "value": [
+   "optional",
+   "required"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/MetadataOptions/properties/HttpEndpoint/enum",
+  "value": [
+   "disabled",
+   "enabled"
+  ]
  }
 ]