Remove backward compatibility for single policy/thing group parameters

- Remove deprecated IoTPolicy and IoTThingGroup CloudFormation parameters
- Remove POLICY_NAME and THING_GROUP_NAME environment variables
- Simplify product verifier to only use POLICY_NAMES and THING_GROUP_NAMES
- Simplify bulk importer to only process multi-value arrays
- Update sam-integration-full.toml to use new parameter names
- Remove backward compatibility tests and update remaining tests
- Fix bug where old TOML files with single naming convention don't work

Files changed:
- template.yaml: Remove deprecated parameters and env vars
- src/product_verifier/main.py: Remove fallback logic
- src/bulk_importer/bulk_importer/main.py: Remove legacy processing
- configs/sam-integration-full.toml: Use IoTPolicies/IoTThingGroups
- test/: Update tests to use new parameter names only

Net reduction: 162 lines of backward compatibility code removed

Author: rpcme

configs/sam-integration-full.toml

@@ -2,5 +2,5 @@ version = 0.1
 [default.deploy.parameters]
 resolve_s3 = true
 capabilities = "CAPABILITY_IAM"
-parameter_overrides = "IamUserArn=\"None\" IoTPolicy=\"BasicTestPolicy\" IoTThingGroup=\"BasicTestGroup\" IoTThingType=\"BasicTestType\" InfineonCertBundleType=\"E0E0\" ConcurrentExecutions=\"10\" DLQRetentionPeriod=\"1209600\" QueueVisibilityTimeout=\"900\" IdempotencyExpirySeconds=\"3600\" AutoThrottlingEnabled=\"true\" ThrottlingBaseDelay=\"30\" ThrottlingBatchInterval=\"3\" MaxQueueDepth=\"1000\" ProviderConcurrencyLimit=\"5\" LambdaMemorySize=\"2048\" LambdaTimeout=\"300\""
+parameter_overrides = "IamUserArn=\"None\" IoTPolicies=\"BasicTestPolicy\" IoTThingGroups=\"BasicTestGroup\" IoTThingType=\"BasicTestType\" InfineonCertBundleType=\"E0E0\" ConcurrentExecutions=\"10\" DLQRetentionPeriod=\"1209600\" QueueVisibilityTimeout=\"900\" IdempotencyExpirySeconds=\"3600\" AutoThrottlingEnabled=\"true\" ThrottlingBaseDelay=\"30\" ThrottlingBatchInterval=\"3\" MaxQueueDepth=\"1000\" ProviderConcurrencyLimit=\"5\" LambdaMemorySize=\"2048\" LambdaTimeout=\"300\""
 image_repositories = []

src/bulk_importer/bulk_importer/main.py

@@ -115,38 +115,22 @@ def process_sqs(config, session: Session=default_session):
                   certificate_arn=certificate_arn,
                   session=session)
 
-    # Process multiple policies (backward compatible)
+    # Process multiple policies
     policies = config.get('policies', [])
-    if policies:
-        for policy_info in policies:
-            process_policy(policy_name=policy_info['name'],
-                          certificate_arn=certificate_arn,
-                          session=session)
-    else:
-        # Legacy single policy support
-        policy_name = config.get(ImporterMessageKey.POLICY_NAME.value)
-        if policy_name:
-            process_policy(policy_name=policy_name,
-                          certificate_arn=certificate_arn,
-                          session=session)
+    for policy_info in policies:
+        process_policy(policy_name=policy_info['name'],
+                      certificate_arn=certificate_arn,
+                      session=session)
 
     thing_arn = get_thing_arn(config.get(ImporterMessageKey.THING_NAME.value),
                               session=session)
 
-    # Process multiple thing groups (backward compatible)
+    # Process multiple thing groups
     thing_groups = config.get('thing_groups', [])
-    if thing_groups:
-        for thing_group_info in thing_groups:
-            process_thing_group(thing_group_arn=thing_group_info['arn'],
-                               thing_arn=thing_arn,
-                               session=session)
-    else:
-        # Legacy single thing group support
-        thing_group_arn = config.get(ImporterMessageKey.THING_GROUP_ARN.value)
-        if thing_group_arn:
-            process_thing_group(thing_group_arn=thing_group_arn,
-                               thing_arn=thing_arn,
-                               session=session)
+    for thing_group_info in thing_groups:
+        process_thing_group(thing_group_arn=thing_group_info['arn'],
+                           thing_arn=thing_arn,
+                           session=session)
 
     # Process thing type (singular - AWS IoT allows only one thing type per thing)
     thing_type_name = config.get(ImporterMessageKey.THING_TYPE_NAME.value)

src/product_verifier/main.py

@@ -60,25 +60,13 @@ def lambda_handler(event,
     
     Expects the following environment variables to be set:
     QUEUE_TARGET_ESPRESSIF, QUEUE_TARGET_INFINEON, QUEUE_TARGET_MICROCHIP, QUEUE_TARGET_GENERATED
-    
-    Supports both new multi-value and legacy single-value parameters:
-    New: POLICY_NAMES, THING_GROUP_NAMES (comma-delimited)
-    Legacy: POLICY_NAME, THING_GROUP_NAME (single values)
-    Thing Type: THING_TYPE_NAME (always singular - AWS IoT limitation)
+    POLICY_NAMES, THING_GROUP_NAMES (comma-delimited), THING_TYPE_NAME
     """
     config = {}
 
-    # Try new multi-value parameters first, fall back to legacy
+    # Get multi-value parameters
     e_policies = os.environ.get('POLICY_NAMES', '')
     e_thing_groups = os.environ.get('THING_GROUP_NAMES', '')
-    
-    # Backward compatibility: if new params empty, try legacy
-    if not e_policies:
-        e_policies = os.environ.get('POLICY_NAME', '')
-    if not e_thing_groups:
-        e_thing_groups = os.environ.get('THING_GROUP_NAME', '')
-    
-    # Thing type is always singular (AWS IoT limitation: one thing type per thing)
     e_thing_type = os.environ.get('THING_TYPE_NAME', '')
 
     # Handle both raw dict and S3Event object formats

template.yaml

@@ -34,22 +34,12 @@ Parameters:
       manifests.
     Type: String
 
-  IoTPolicy:
-    Default: None
-    Type: String
-    Description: (DEPRECATED - Use IoTPolicies) Single AWS IoT Policy for backward compatibility.
-
   IoTPolicies:
     Default: None
     Type: CommaDelimitedList
     Description: Comma-separated list of AWS IoT Policies to apply to certificates.
       Use 'None' for no policies. Example policy1,policy2,policy3
 
-  IoTThingGroup:
-    Default: None
-    Type: String
-    Description: (DEPRECATED - Use IoTThingGroups) Single Thing Group for backward compatibility.
-
   IoTThingGroups:
     Default: None
     Type: CommaDelimitedList
@@ -388,8 +378,6 @@ Resources:
           QUEUE_TARGET_GENERATED: !Ref ThingpressGeneratedProviderQueue
           POLICY_NAMES: !Join [',', !Ref IoTPolicies]
           THING_GROUP_NAMES: !Join [',', !Ref IoTThingGroups]
-          POLICY_NAME: !Ref IoTPolicy
-          THING_GROUP_NAME: !Ref IoTThingGroup
           THING_TYPE_NAME: !Ref IoTThingType
       Events:
         EV1:

test/integration/end_to_end/e2e_test_framework.py

@@ -613,26 +613,19 @@ def _get_expected_config_from_stack(self) -> dict:
                 param_key = param['ParameterKey']
                 param_value = param['ParameterValue']
 
-                # Handle new multi-value parameters (comma-delimited)
+                # Handle multi-value parameters (comma-delimited)
                 if param_key == 'IoTPolicies' and param_value and param_value != 'None':
                     expected_config['policies'] = [
                         p.strip() for p in param_value.split(',') 
                         if p.strip() and p.strip() != 'None'
                     ]
-                # Handle legacy single-value parameter (backward compatibility)
-                elif param_key == 'IoTPolicy' and param_value and param_value != 'None':
-                    if not expected_config['policies']:  # Only use if multi-value not set
-                        expected_config['policies'] = [param_value]
 
                 # Handle thing groups
                 elif param_key == 'IoTThingGroups' and param_value and param_value != 'None':
                     expected_config['thing_groups'] = [
                         g.strip() for g in param_value.split(',')
                         if g.strip() and g.strip() != 'None'
                     ]
-                elif param_key == 'IoTThingGroup' and param_value and param_value != 'None':
-                    if not expected_config['thing_groups']:
-                        expected_config['thing_groups'] = [param_value]
 
                 # Handle thing type (singular - AWS IoT allows only one thing type per thing)
                 elif param_key == 'IoTThingType' and param_value and param_value != 'None':

test/unit/test_product_verifier.py

@@ -153,8 +153,8 @@ def test_pos_invoke_export(self):
         """ The number of items in the queue should be 7 since there are
             seven certificates in the test file """
 
-        os.environ['POLICY_NAME'] = 'dev_policy'
-        os.environ['THING_GROUP_NAME'] = "None"
+        os.environ['POLICY_NAMES'] = 'dev_policy'
+        os.environ['THING_GROUP_NAMES'] = "None"
         os.environ['THING_TYPE_NAME'] = "None"
         os.environ['QUEUE_TARGET_ESPRESSIF'] = self.env_queue_target_espressif
 
@@ -212,8 +212,8 @@ def test_neg_invoke_export(self):
         """ The number of items in the queue should be 7 since there are
             seven certificates in the test file """
 
-        os.environ['POLICY_NAME'] = 'dev_policy'
-        os.environ['THING_GROUP_NAME'] = "None"
+        os.environ['POLICY_NAMES'] = 'dev_policy'
+        os.environ['THING_GROUP_NAMES'] = "None"
         os.environ['THING_TYPE_NAME'] = "None"
         os.environ['QUEUE_TARGET_ESPRESSIF'] = self.env_queue_target_espressif
         reset_circuit('iot_get_policy')
@@ -265,9 +265,7 @@ def test_neg_invoke_export(self):
     def tearDown(self):
         # Clean up environment variables to prevent test pollution
         env_vars_to_clear = [
-            'POLICY_NAME', 'POLICY_NAMES',
-            'THING_GROUP_NAME', 'THING_GROUP_NAMES',
-            'THING_TYPE_NAME',
+            'POLICY_NAMES', 'THING_GROUP_NAMES', 'THING_TYPE_NAME',
             'QUEUE_TARGET_ESPRESSIF', 'QUEUE_TARGET_INFINEON',
             'QUEUE_TARGET_MICROCHIP', 'QUEUE_TARGET_GENERATED'
         ]
@@ -310,8 +308,8 @@ def tearDown(self):
                 pass
     def test_pos_lambda_handler_generated(self):
         """Test the lambda handler with a generated certificates file"""
-        os.environ['POLICY_NAME'] = self.env_policy_name_pos
-        os.environ['THING_GROUP_NAME'] = self.env_thing_group_name_pos
+        os.environ['POLICY_NAMES'] = self.env_policy_name_pos
+        os.environ['THING_GROUP_NAMES'] = self.env_thing_group_name_pos
         os.environ['THING_TYPE_NAME'] = self.env_thing_type_name_pos
         os.environ['QUEUE_TARGET_GENERATED'] = self.env_queue_target_generated
 
@@ -569,116 +567,3 @@ def test_lambda_handler_multiple_thing_groups(self):
         group_names = [g['name'] for g in message_body['thing_groups']]
         self.assertIn('test-group-1', group_names)
         self.assertIn('test-group-2', group_names)
-
-    def test_lambda_handler_backward_compatibility(self):
-        """Test backward compatibility with legacy single-value parameters"""
-        reset_circuit('iot_get_policy')
-        reset_circuit('iot_get_thing_group')
-        
-        # Setup
-        iot_client = self.session.client('iot')
-        sqs_client = self.session.client('sqs')
-        s3_client = self.session.client('s3')
-        
-        # Create single policy and thing group
-        iot_client.create_policy(policyName='legacy-policy', policyDocument=json.dumps(self.IOT_POLICY))
-        iot_client.create_thing_group(thingGroupName='legacy-group')
-        
-        # Set ONLY legacy environment variables (new ones empty)
-        os.environ['POLICY_NAMES'] = ''
-        os.environ['THING_GROUP_NAMES'] = ''
-        os.environ['POLICY_NAME'] = 'legacy-policy'
-        os.environ['THING_GROUP_NAME'] = 'legacy-group'
-        os.environ['THING_TYPE_NAME'] = 'None'
-        os.environ['QUEUE_TARGET_GENERATED'] = self.env_queue_target_generated
-        
-        # Create S3 bucket and upload object
-        s3_client.create_bucket(Bucket=self.bucket_generated_pos)
-        s3_client.put_object(Bucket=self.bucket_generated_pos, Key=self.obj_generated, Body=b'test')
-        
-        # Create SQS queue
-        sqs_client.create_queue(QueueName=self.env_queue_target_generated)
-        
-        # Create S3 event
-        s3_event = {
-            "Records": [{
-                "eventSource": "aws:s3",
-                "s3": {
-                    "bucket": {"name": self.bucket_generated_pos},
-                    "object": {"key": self.obj_generated}
-                }
-            }]
-        }
-        
-        # Execute
-        result = lambda_handler(S3Event(s3_event), LambdaContext())
-        
-        # Verify message sent to SQS
-        queue_url = sqs_client.get_queue_url(QueueName=self.env_queue_target_generated)['QueueUrl']
-        messages = sqs_client.receive_message(QueueUrl=queue_url, MaxNumberOfMessages=10)
-        
-        self.assertIn('Messages', messages)
-        message_body = json.loads(messages['Messages'][0]['Body'])
-        
-        # Verify legacy format works - should have policies list with one item
-        self.assertIn('policies', message_body)
-        self.assertEqual(len(message_body['policies']), 1)
-        self.assertEqual(message_body['policies'][0]['name'], 'legacy-policy')
-
-    def test_lambda_handler_mixed_parameters(self):
-        """Test mixing new multi-value and legacy single-value parameters"""
-        reset_circuit('iot_get_policy')
-        reset_circuit('iot_get_thing_group')
-        
-        # Setup
-        iot_client = self.session.client('iot')
-        sqs_client = self.session.client('sqs')
-        s3_client = self.session.client('s3')
-        
-        # Create policies and thing group
-        iot_client.create_policy(policyName='policy-1', policyDocument=json.dumps(self.IOT_POLICY))
-        iot_client.create_policy(policyName='policy-2', policyDocument=json.dumps(self.IOT_POLICY))
-        iot_client.create_thing_group(thingGroupName='legacy-group')
-        
-        # New multi-value for policies, legacy for thing group
-        os.environ['POLICY_NAMES'] = 'policy-1,policy-2'
-        os.environ['THING_GROUP_NAMES'] = ''
-        os.environ['THING_GROUP_NAME'] = 'legacy-group'
-        os.environ['QUEUE_TARGET_GENERATED'] = self.env_queue_target_generated
-        
-        # Create S3 bucket and upload object
-        s3_client.create_bucket(Bucket=self.bucket_generated_pos)
-        s3_client.put_object(Bucket=self.bucket_generated_pos, Key=self.obj_generated, Body=b'test')
-        
-        # Create SQS queue
-        sqs_client.create_queue(QueueName=self.env_queue_target_generated)
-        
-        # Create S3 event
-        s3_event = {
-            "Records": [{
-                "eventSource": "aws:s3",
-                "s3": {
-                    "bucket": {"name": self.bucket_generated_pos},
-                    "object": {"key": self.obj_generated}
-                }
-            }]
-        }
-        
-        # Execute
-        result = lambda_handler(S3Event(s3_event), LambdaContext())
-        
-        # Verify message sent to SQS
-        queue_url = sqs_client.get_queue_url(QueueName=self.env_queue_target_generated)['QueueUrl']
-        messages = sqs_client.receive_message(QueueUrl=queue_url, MaxNumberOfMessages=10)
-        
-        self.assertIn('Messages', messages)
-        message_body = json.loads(messages['Messages'][0]['Body'])
-        
-        # Verify new policies used
-        self.assertIn('policies', message_body)
-        self.assertEqual(len(message_body['policies']), 2)
-        
-        # Verify legacy thing group used
-        self.assertIn('thing_groups', message_body)
-        self.assertEqual(len(message_body['thing_groups']), 1)
-        self.assertEqual(message_body['thing_groups'][0]['name'], 'legacy-group')