feat: add --serverless-rules to sam validate --lint #7950
Conversation
github-actions
bot
added
area/validate
shashax42
force-pushed
the
feature/serverless-rules-lint
branch
from
26e31e0 to
b524fb7
Compare
| @@ -57,20 +57,27 @@ class SamTemplate: | |||
| "Create a cfnlintrc config file to specify additional parameters. " | |||
| "For more information, see: https://github.com/aws-cloudformation/cfn-lint", | |||
| ) | |||
| @click.option( | |||
| "--serverless-rules", | |||
| is_flag=True, | |||
There was a problem hiding this comment.
Any particular region to enable this flag by default?
There was a problem hiding this comment.
@vicheey No, there's no particular region requirement. You can enable this flag by default in all regions.
vicheey
added
need-customer-response
|
Two comments.
sam validate --lint --extra-lint-rules "cfn_lint_serverless.rules"(I don't know if that's the best name for the parameter, but that's the idea) We would then keep this part of the code linter_config["append_rules"] = extra_cfn_lint_configbut we won't do any special checks specifically for |
- Mark existing --serverless-rules option as deprecated - Add more flexible --extra-lint-rules option - Implement support for comma-separated multiple rule modules - Design to work regardless of installation environment - Update documentation and schema accordingly
| help="[DEPRECATED] Enable Serverless Rules for linting validation. " | ||
| "Requires the cfn-lint-serverless package to be installed. " | ||
| "Use --extra-lint-rules=\"cfn_lint_serverless.rules\" instead. " | ||
| "For more information, see: https://github.com/awslabs/serverless-rules", | ||
| ) |
There was a problem hiding this comment.
But this was never released in any official version of SAM CLI, so it doesn't make sense to add it as "DEPRECATED", since it never really existed.
| @save_params_option | ||
| @pass_context | ||
| @track_command | ||
| @check_newer_version | ||
| @print_cmdline_args | ||
| @unsupported_command_cdk(alternative_command="cdk doctor") | ||
| @command_exception_handler | ||
| def cli(ctx, template_file, config_file, config_env, lint, save_params): | ||
| def cli(ctx, template_file, config_file, config_env, lint, save_params, serverless_rules, extra_lint_rules): |
There was a problem hiding this comment.
Please, remove all references to --serverless-rules, since it doesn't really exist and it never existed officially. (Not only in this section but further down below too)
| @@ -170,20 +199,97 @@ def _lint(ctx: Context, template: str, template_path: str) -> None: | |||
| cfn_lint_logger.propagate = True | |||
| cfn_lint_logger.setLevel(logging.DEBUG) | |||
|
|
|||
| print(f"Debug info: initial linter_config = {linter_config}") | |||
There was a problem hiding this comment.
Don't use print for debugging strings, use the logging module instead.
import logging
LOG = logging.getLogger(__name__)
...
LOG.debug("Debug info: initial linter_config %s", linter_config)
Basic usage on this other file:
aws-sam-cli/samcli/lib/utils/codeuri.py
Lines 5 to 8 in bdf9a7f
aws-sam-cli/samcli/lib/utils/codeuri.py
Line 30 in bdf9a7f
Also, prefer using a message with the string format only, and the values as parameters of debug (like "Debug info: initial linter_config %s", linter_config) instead of formatting in the string directly (f"Debug info: initial linter_config = {linter_config}"). When f" {parameter}" is used for logging, the values are formatted even when logging is off, just adding extra processing that's not needed. (full details about how to use it in here: https://docs.python.org/3/library/logging.html#logging.Logger.debug)
| # Support for previous serverless_rules option (deprecated) | ||
| if serverless_rules: |
There was a problem hiding this comment.
Just to emphasize what I mentioned before, don't add any of the serverless_rules code.
| help="Specify additional lint rules to be used with cfn-lint. " | ||
| "Format: module.path (e.g. 'cfn_lint_serverless.rules')", | ||
| default=None | ||
| ) |
There was a problem hiding this comment.
I think you need to pass multiple=True to allow the parameter to be passed multiple times (https://click.palletsprojects.com/en/stable/options/#multiple-options and it will be stored as a list).
You mentioned in the documentation that that is actually supported, did you test passing it multiple times? (I imagine the last one will just replace any other one if we don't add the multiple=True)
|
|
||
| if not matches: | ||
| print(f"Debug info: template validation successful") |
There was a problem hiding this comment.
I don't think we need all these debugging messages though. Some make sense, but this part is already printing something else already.
|
|
||
| ctx_mock = namedtuple("ctx_mock", ["profile", "region"]) | ||
| ctx_lint_mock = namedtuple("ctx_lint_mock", ["debug", "region"]) | ||
|
|
||
|
|
||
| class TestValidateCli(TestCase): | ||
| def setUp(self): | ||
| # datetime.utcnow() 사용에 대한 경고 무시 |
There was a problem hiding this comment.
Please include comments in English, thanks.
Which issue(s) does this change fix?
This PR adds a new feature and is not associated with a specific issue number.
Why is this change necessary?
The AWS SAM CLI's
validate --lintcommand is useful for validating CloudFormation templates, but currently lacks the ability to apply rules specific to Serverless applications. Serverless applications have different characteristics compared to general CloudFormation templates, requiring additional validation rules tailored to their specific needs.How does it address the issue?
This PR adds a
--serverless-rulesoption to thesam validate --lintcommand, allowing users to leverage rules from the cfn-lint-serverless package. This enables users to perform additional validations specific to Serverless applications. When enabled, this option validates Serverless application best practices such as Lambda function memory size, timeout, log retention, API Gateway stage logging, and throttling settings.What side effects does this change have?
--serverless-rulesoption is only activated when explicitly specified.Mandatory Checklist
PRs will only be reviewed after checklist is complete
make prpassesmake update-reproducible-reqsif dependencies were changedBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.