Update lambda runtime validation to new data (#3297)

src/cfnlint/data/AdditionalSpecs/LmbdRuntimeLifecycle.json

@@ -1,107 +1,128 @@
 {
  "dotnet6": {
+  "create-block": "2025-02-28",
   "deprecated": "2024-11-12",
-  "eol": "2025-01-11",
-  "successor": "dotnet8"
+  "successor": "dotnet8",
+  "update-block": "2025-05-31"
  },
  "dotnet7": {
+  "create-block": "2024-05-14",
   "deprecated": "2024-05-14",
-  "eol": "2026-10-08",
-  "successor": "dotnet8"
+  "successor": "dotnet8",
+  "update-block": "2024-05-14"
  },
  "dotnetcore1.0": {
-  "deprecated": "2019-07-31",
-  "eol": "2019-06-27",
-  "successor": "dotnet8"
+  "create-block": "2019-07-30",
+  "deprecated": "2019-06-27",
+  "successor": "dotnet8",
+  "update-block": "2019-07-30"
  },
  "dotnetcore2.0": {
+  "create-block": "2019-05-30",
   "deprecated": "2019-05-30",
-  "eol": "2019-04-30",
-  "successor": "dotnet8"
+  "successor": "dotnet8",
+  "update-block": "2019-05-30"
  },
  "dotnetcore2.1": {
-  "deprecated": "2021-09-23",
-  "eol": "2021-08-23",
-  "successor": "dotnet8"
+  "create-block": "2022-01-05",
+  "deprecated": "2022-01-05",
+  "successor": "dotnet8",
+  "update-block": "2022-04-13"
  },
  "dotnetcore3.1": {
-  "deprecated": "2023-02-20",
-  "eol": "2023-01-20",
-  "successor": "dotnet8"
+  "create-block": "2023-04-03",
+  "deprecated": "2023-04-03",
+  "successor": "dotnet8",
+  "update-block": "2023-05-03"
  },
  "nodejs": {
+  "create-block": "2016-10-31",
   "deprecated": "2016-10-31",
-  "eol": "2016-10-31",
-  "successor": "nodejs20.x"
+  "successor": "nodejs20.x",
+  "update-block": "2016-10-31"
  },
  "nodejs10.x": {
-  "deprecated": "2021-08-30",
-  "eol": "2021-07-30",
-  "successor": "nodejs20.x"
+  "create-block": "2021-07-30",
+  "deprecated": "2021-07-30",
+  "successor": "nodejs20.x",
+  "update-block": "2022-02-14"
  },
  "nodejs12.x": {
-  "deprecated": "2022-12-14",
-  "eol": "2022-11-14",
-  "successor": "nodejs20.x"
+  "create-block": "2023-03-31",
+  "deprecated": "2023-03-31",
+  "successor": "nodejs20.x",
+  "update-block": "2023-04-30"
  },
  "nodejs14.x": {
+  "create-block": "2024-07-09",
   "deprecated": "2023-12-04",
-  "eol": "2024-01-09",
-  "successor": "nodejs20.x"
+  "successor": "nodejs20.x",
+  "update-block": "2025-02-28"
  },
  "nodejs16.x": {
+  "create-block": "2025-02-28",
   "deprecated": "2024-06-12",
-  "eol": "2024-07-15",
-  "successor": "nodejs20.x"
+  "successor": "nodejs20.x",
+  "update-block": "2025-03-31"
  },
  "nodejs4.3": {
-  "deprecated": "2019-04-30",
-  "eol": "2018-04-30",
-  "successor": "nodejs20.x"
+  "create-block": "2020-03-05",
+  "deprecated": "2020-03-05",
+  "successor": "nodejs20.x",
+  "update-block": "2020-03-05"
  },
  "nodejs4.3-edge": {
-  "deprecated": "2019-04-30",
-  "eol": "2018-04-30",
-  "successor": "nodejs20.x"
+  "create-block": "2019-04-30",
+  "deprecated": "2020-03-05",
+  "successor": "nodejs20.x",
+  "update-block": "2019-04-30"
  },
  "nodejs6.10": {
+  "create-block": "2019-08-12",
   "deprecated": "2019-08-12",
-  "eol": "2019-04-30",
-  "successor": "nodejs20.x"
+  "successor": "nodejs20.x",
+  "update-block": "2019-08-12"
  },
  "nodejs8.10": {
-  "deprecated": "2020-02-03",
-  "eol": "2019-12-31",
-  "successor": "nodejs20.x"
+  "create-block": "2020-03-06",
+  "deprecated": "2020-03-06",
+  "successor": "nodejs20.x",
+  "update-block": "2020-03-06"
  },
  "python2.7": {
-  "deprecated": "2021-09-30",
-  "eol": "2021-07-15",
-  "successor": "python3.12"
+  "create-block": "2021-07-15",
+  "deprecated": "2021-07-15",
+  "successor": "python3.12",
+  "update-block": "2022-05-30"
  },
  "python3.6": {
-  "deprecated": "2022-08-17",
-  "eol": "2022-07-18",
-  "successor": "python3.12"
+  "create-block": "2022-07-18",
+  "deprecated": "2022-07-18",
+  "successor": "python3.12",
+  "update-block": "2022-08-29"
  },
  "python3.7": {
+  "create-block": "2024-01-09",
   "deprecated": "2023-12-04",
-  "eol": "2024-01-09",
-  "successor": "python3.12"
+  "successor": "python3.12",
+  "update-block": "2025-02-28"
  },
  "python3.8": {
+  "create-block": "2025-02-28",
   "deprecated": "2024-10-14",
-  "eol": "2024-11-13",
-  "successor": "python3.12"
+  "successor": "python3.12",
+  "update-block": "2025-03-31"
  },
  "ruby2.5": {
+  "create-block": "2021-07-30",
   "deprecated": "2021-07-30",
-  "eol": "2021-07-30",
-  "successor": "ruby3.2"
+  "successor": "ruby3.2",
+  "update-block": "2022-03-31"
  },
  "ruby2.7": {
+  "create-block": "2024-01-09",
   "deprecated": "2023-12-07",
-  "eol": "2024-01-09",
-  "successor": "ruby3.2"
+  "successor": "ruby3.2",
+  "update-block": "2025-02-28"
  }
 }

src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeCreate.py

@@ -0,0 +1,50 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+from datetime import datetime
+
+from cfnlint.rules import RuleMatch
+from cfnlint.rules.resources.lmbd.DeprecatedRuntime import DeprecatedRuntime
+
+
+class DeprecatedRuntimeCreate(DeprecatedRuntime):
+    """Check if EOL Lambda Function Runtimes are used"""
+
+    id = "E2531"
+    shortdesc = "Check if Lambda Function Runtimes are creatable"
+    description = (
+        "Check if an EOL Lambda Runtime is specified and you cannot create the function"
+    )
+    source_url = (
+        "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html"
+    )
+    tags = ["resources", "lambda", "runtime"]
+
+    def check_runtime(self, runtime_value, path):
+        """Check if the given runtime is valid"""
+        matches = []
+
+        runtime = self.deprecated_runtimes.get(runtime_value)
+        if runtime:
+            if (
+                datetime.strptime(runtime["create-block"], "%Y-%m-%d")
+                < self.current_date
+                and datetime.strptime(runtime["update-block"], "%Y-%m-%d")
+                > self.current_date
+            ):
+                message = "Runtime ({0}) was deprecated on {1}. Creation disabled on {2} and update on {3}. Please consider updating to {3}"
+                matches.append(
+                    RuleMatch(
+                        path,
+                        message.format(
+                            runtime_value,
+                            runtime["deprecated"],
+                            runtime["create-block"],
+                            runtime["update-block"],
+                            runtime["successor"],
+                        ),
+                    )
+                )
+        return matches

src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeEol.py

@@ -29,18 +29,21 @@ def check_runtime(self, runtime_value, path):
         runtime = self.deprecated_runtimes.get(runtime_value)
         if runtime:
             if (
-                datetime.strptime(runtime["eol"], "%Y-%m-%d") < self.current_date
-                and datetime.strptime(runtime["deprecated"], "%Y-%m-%d")
+                datetime.strptime(runtime["deprecated"], "%Y-%m-%d") < self.current_date
+                and datetime.strptime(runtime["create-block"], "%Y-%m-%d")
+                > self.current_date
+                and datetime.strptime(runtime["update-block"], "%Y-%m-%d")
                 > self.current_date
             ):
-                message = "EOL runtime ({0}) specified. Runtime is EOL since {1} and updating will be disabled at {2}. Please consider updating to {3}"
+                message = "Runtime ({0}) was deprecated on {1}. Creation will be disabled on {2} and update on {3}. Please consider updating to {4}"
                 matches.append(
                     RuleMatch(
                         path,
                         message.format(
                             runtime_value,
-                            runtime["eol"],
                             runtime["deprecated"],
+                            runtime["create-block"],
+                            runtime["update-block"],
                             runtime["successor"],
                         ),
                     )

src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeEnd.py → src/cfnlint/rules/resources/lmbd/DeprecatedRuntimeUpdate.py

@@ -9,13 +9,13 @@
 from cfnlint.rules.resources.lmbd.DeprecatedRuntime import DeprecatedRuntime
 
 
-class DeprecatedRuntimeEnd(DeprecatedRuntime):
+class DeprecatedRuntimeUpdate(DeprecatedRuntime):
     """Check if EOL Lambda Function Runtimes are used"""
 
-    id = "E2531"
-    shortdesc = "Check if EOL Lambda Function Runtimes are used"
+    id = "E2533"
+    shortdesc = "Check if Lambda Function Runtimes are updatable"
     description = (
-        "Check if an EOL Lambda Runtime is specified and give an error if used. "
+        "Check if an EOL Lambda Runtime is specified and you cannot update the function"
     )
     source_url = (
         "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html"
@@ -28,13 +28,19 @@ def check_runtime(self, runtime_value, path):
 
         runtime = self.deprecated_runtimes.get(runtime_value)
         if runtime:
-            if datetime.strptime(runtime["deprecated"], "%Y-%m-%d") < self.current_date:
-                message = "Deprecated runtime ({0}) specified. Updating disabled since {1}. Please consider updating to {2}"
+            if (
+                datetime.strptime(runtime["update-block"], "%Y-%m-%d")
+                < self.current_date
+            ):
+                message = "Runtime ({0}) was deprecated on {1}. Update disabled on {2}. Please consider updating to {3}"
                 matches.append(
                     RuleMatch(
                         path,
                         message.format(
-                            runtime_value, runtime["deprecated"], runtime["successor"]
+                            runtime_value,
+                            runtime["deprecated"],
+                            runtime["update-block"],
+                            runtime["successor"],
                         ),
                     )
                 )

test/fixtures/results/public/lambda-poller.json

@@ -18,11 +18,11 @@
                 "LineNumber": 151
             }
         },
-        "Message": "Deprecated runtime (nodejs6.10) specified. Updating disabled since 2019-08-12. Please consider updating to nodejs20.x",
+        "Message": "Runtime (nodejs6.10) was deprecated on 2019-08-12. Update disabled on 2019-08-12. Please consider updating to nodejs20.x",
         "Rule": {
-            "Description": "Check if an EOL Lambda Runtime is specified and give an error if used. ",
-            "Id": "E2531",
-            "ShortDescription": "Check if EOL Lambda Function Runtimes are used",
+            "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function",
+            "Id": "E2533",
+            "ShortDescription": "Check if Lambda Function Runtimes are updatable",
             "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html"
         }
     }

test/fixtures/results/quickstart/nist_config_rules.json

@@ -72,11 +72,11 @@
                 "LineNumber": 94
             }
         },
-        "Message": "Deprecated runtime (nodejs) specified. Updating disabled since 2016-10-31. Please consider updating to nodejs20.x",
+        "Message": "Runtime (nodejs) was deprecated on 2016-10-31. Update disabled on 2016-10-31. Please consider updating to nodejs20.x",
         "Rule": {
-            "Description": "Check if an EOL Lambda Runtime is specified and give an error if used. ",
-            "Id": "E2531",
-            "ShortDescription": "Check if EOL Lambda Function Runtimes are used",
+            "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function",
+            "Id": "E2533",
+            "ShortDescription": "Check if Lambda Function Runtimes are updatable",
             "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html"
         }
     },
@@ -152,11 +152,11 @@
                 "LineNumber": 159
             }
         },
-        "Message": "Deprecated runtime (nodejs) specified. Updating disabled since 2016-10-31. Please consider updating to nodejs20.x",
+        "Message": "Runtime (nodejs) was deprecated on 2016-10-31. Update disabled on 2016-10-31. Please consider updating to nodejs20.x",
         "Rule": {
-            "Description": "Check if an EOL Lambda Runtime is specified and give an error if used. ",
-            "Id": "E2531",
-            "ShortDescription": "Check if EOL Lambda Function Runtimes are used",
+            "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function",
+            "Id": "E2533",
+            "ShortDescription": "Check if Lambda Function Runtimes are updatable",
             "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html"
         }
     },

test/fixtures/results/quickstart/nist_logging.json

@@ -43,9 +43,9 @@
                 "LineNumber": 44
             }
         },
-        "Message": "Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting",
+        "Message": "A bucket with AccessControl set should also have OwnershipControl configured",
         "Rule": {
-            "Description": "When using AccessControl other than private you must also configure OwnershipControls",
+            "Description": "When using AccessControl other than private you must also configure OwnershipControls. The default is bucket owner enforced which disables ACLs.",
             "Id": "E3045",
             "ShortDescription": "Validate AccessControl are set with OwnershipControls",
             "Source": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html"

test/fixtures/templates/bad/resources/lambda/runtimes.yaml

@@ -6,11 +6,11 @@ Parameters:
   myParameterRuntime:
     Type: String
     Description: Runtime
-    Default: nodejs
+    Default: python3.7
     AllowedValues:
       - nodejs10.x
-      - nodejs
-      - nodejs6.10
+      - nodejs16.x
+      - python3.7
 Resources:
   myLambdaExecutionRole:
     Type: AWS::IAM::Role

test/integration/test_good_templates.py

@@ -149,11 +149,11 @@ class TestQuickStartTemplates(BaseCliTestCase):
                         "Path": ["Resources", "myFunction", "Properties", "Runtime"],
                         "Start": {"ColumnNumber": 3, "LineNumber": 10},
                     },
-                    "Message": "Deprecated runtime (nodejs6.10) specified. Updating disabled since 2019-08-12. Please consider updating to nodejs20.x",
+                    "Message": "Runtime (nodejs6.10) was deprecated on 2019-08-12. Update disabled on 2019-08-12. Please consider updating to nodejs20.x",
                     "Rule": {
-                        "Description": "Check if an EOL Lambda Runtime is specified and give an error if used. ",
-                        "Id": "E2531",
-                        "ShortDescription": "Check if EOL Lambda Function Runtimes are used",
+                        "Description": "Check if an EOL Lambda Runtime is specified and you cannot update the function",
+                        "Id": "E2533",
+                        "ShortDescription": "Check if Lambda Function Runtimes are updatable",
                         "Source": "https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html",
                     },
                 }

test/unit/rules/__init__.py

@@ -61,4 +61,5 @@ def helper_file_negative(self, filename, err_count, regions=None):
         bad_runner = Runner(self.collection, filename, template, regions, [])
         bad_runner.transform()
         errs = bad_runner.run()
+        print(errs)
         self.assertEqual(err_count, len(errs))