SUSE-RU-2020:0498-1: moderate: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Feb 26 13:12:37 MST 2020
SUSE Recommended Update: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer, python-aws-sam-translator, python-cfn-lint, python-nose2, python-parameterized
______________________________________________________________________________
Announcement ID: SUSE-RU-2020:0498-1
Rating: moderate
References: #1122669 #1136184 #1146853 #1146854 #1159018
Affected Products:
SUSE Linux Enterprise Module for Python2 15-SP1
SUSE Linux Enterprise Module for Public Cloud 15-SP1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update for aws-cli, python-aws-sam-translator, python-cfn-lint,
python-nose2, python-parameterized, python-boto3, python-botocore,
python-s3transfer fixes the following issues:
python-aws-sam-translator was updated to 1.11.0 (bsc#1159018, jsc#PM-1507):
Upgrade to 1.11.0:
* Add ReservedConcurrentExecutions to globals
* Fix ElasticsearchHttpPostPolicy resource reference
* Support using AWS::Region in Ref and Sub
* Documentation and examples updates
* Add VersionDescription property to Serverless::Function
* Update ServerlessRepoReadWriteAccessPolicy
* Add additional template validation
Upgrade to 1.10.0:
* Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy
* Add DynamoDBReconfigurePolicy
* Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy
* Add EKSDescribePolicy
* Add SESBulkTemplatedCrudPolicy
* Add FilterLogEventsPolicy
* Add SSMParameterReadPolicy
* Add SESEmailTemplateCrudPolicy
* Add s3:PutObjectAcl to S3CrudPolicy
* Add allow_credentials CORS option
* Add support for AccessLogSetting and CanarySetting Serverless::Api
properties
* Add support for X-Ray in Serverless::Api
* Add support for MinimumCompressionSize in Serverless::Api
* Add Auth to Serverless::Api globals
* Remove trailing slashes from APIGW permissions
* Add SNS FilterPolicy and an example application
* Add Enabled property to Serverless::Function event sources
* Add support for PermissionsBoundary in Serverless::Function
* Fix boto3 client initialization
* Add PublicAccessBlockConfiguration property to S3 bucket resource
* Make PAY_PER_REQUEST default mode for Serverless::SimpleTable
* Add limited support for resolving intrinsics in
Serverless::LayerVersion
* SAM now uses Flake8
* Add example application for S3 Events written in Go
* Updated several example applications
python-cfn-lint was added in version 0.21.4:
- Add upstream patch to fix EOL dates for lambda runtimes
- Add upstream patch to fix test_config_expand_paths test
- Rename to python-cfn-lint. This package has a python API, which is
required by python-moto.
Update to version 0.21.4:
+ Features
* Include more resource types in W3037
+ CloudFormation Specifications
* Add Resource Type `AWS::CDK::Metadata`
+ Fixes
* Uncap requests dependency in setup.py
* Check Join functions have lists in the correct sections
* Pass a parameter value for AutoPublishAlias when doing a Transform
* Show usage examples when displaying the help
Update to version 0.21.3
+ Fixes
* Support dumping strings for datetime objects when doing a Transform
Update to version 0.21.2
+ CloudFormation Specifications
* Update CloudFormation specs to 3.3.0
* Update instance types from pricing API as of 2019.05.23
Update to version 0.21.1
+ Features
* Add `Info` logging capability and set the default logging to `NotSet`
+ Fixes
* Only do rule logging (start/stop/time) when the rule is going to be
called
* Update rule E1019 to allow `Fn::Transform` inside a `Fn::Sub`
* Update rule W2001 to not break when `Fn::Transform` inside a
`Fn::Sub`
* Update rule E2503 to allow conditions to be used and to not default
to `network` load balancer when an object is used for the Load
Balancer type
Update to version 0.21.0
+ Features
* New rule E3038 to check if a Serverless resource includes the
appropriate Transform
* New rule E2531 to validate a Lambda's runtime against the deprecated
dates
* New rule W2531 to validate a Lambda's runtime against the EOL dates
* Update rule E2541 to include updates to Code Pipeline capabilities
* Update rule E2503 to include checking of values for load balancer
attributes
+ CloudFormation Specifications
* Update CloudFormation specs to 3.2.0
* Update instance types from pricing API as of 2019.05.20
+ Fixes
* Include setuptools in setup.py requires
Update to version 0.20.3
+ CloudFormation Specifications
* Update instance types from pricing API as of 2019.05.16
+ Fixes
* Update E7001 to allow float/doubles for mapping values
* Update W1020 to check pre-transformed Fn::Sub(s) to determine if a
Sub is needed
* Pin requests to be below or equal to 2.21.0 to prevent issues with
botocore
Update to version 0.20.2
+ Features
* Add support for List<String> Parameter types
+ CloudFormation Specifications
* Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway,
DHCPOptions, EC2Fleet
* Create new property type for Security Group IDs or Names
* Add new Lambda runtime environment for NodeJs 10.x
* Move AWS::ServiceDiscovery::Service Health checks from Only One to
Exclusive
* Update Glue Crawler Role to take an ARN or a name
* Remove PrimitiveType from MaintenanceWindowTarget Targets
* Add Min/Max values for Load Balancer Ports to be between 1-65535
+ Fixes
* Include License file in the pypi package to help with downstream
projects
* Filter out dynamic references from rule E3031 and E3030
* Convert Python linting and Code Coverage from Python 3.6 to 3.7
Update to version 0.20.1
+ Fixes
* Update rule E8003 to support more functions inside a Fn::Equals
Update to version 0.20.0
+ Features
* Allow a rule's exception to be defined in a resource's metadata
* Add rule configuration capabilities
* Update rule E3012 to allow for non strict property checking
* Add rule E8003 to test Fn::Equals structure and syntax
* Add rule E8004 to test Fn::And structure and syntax
* Add rule E8005 to test Fn::Not structure and syntax
* Add rule E8006 to test Fn::Or structure and syntax
* Include Path to error in the JSON output
* Update documentation to describe how to install cfn-lint from brew
+ CloudFormation Specifications
* Update CloudFormation specs to version 3.0.0
* Add new region ap-east-1
* Add list min/max and string min/max for CloudWatch Alarm Actions
* Add allowed values for EC2::LaunchTemplate
* Add allowed values for EC2::Host
* Update allowed values for Amazon MQ to include 5.15.9
* Add AWS::Greengrass::ResourceDefinition to GreenGrass supported
regions
* Add AWS::EC2::VPCEndpointService to all regions
* Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN
* Patch spec files for SSM MaintenanceWindow to look for Target and
not Targets
* Update ManagedPolicyArns list size to be 20 which is the hard
limit. 10 is the soft limit.
+ Fixes
* Fix rule E3033 to check the string size when the string is inside a
list
* Fix an issue in which AWS::NotificationARNs was not a list
* Add AWS::EC2::Volume to rule W3010
* Fix an issue with W2001 where SAM translate would remove the Ref to
a parameter causing this error to falsely trigger
* Fix rule W3010 to not error when the availability zone is 'all'
Update to version 0.19.1
+ Fixes
* Fix core Condition processing to support direct Condition in another
Condition
* Fix the W2030 to check numbers against string allowed values
Update to version 0.19.0
+ Features
* Add NS and PTR Route53 record checking to rule E3020
* New rule E3050 to check if a Ref to IAM Role has a Role path of '/'
* New rule E3037 to look for duplicates in a list that doesn't support
duplicates
* New rule I3037 to look for duplicates in a list when duplicates are
allowed
+ CloudFormation Specifications
* Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup
HealthCheckTimeoutSeconds
* Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument
* Add allowed values for AWS::EC2 SpotFleet, TransitGateway,
NetworkAcl NetworkInterface, PlacementGroup, and Volume
* Add Min/max values to AWS::Budgets::Budget.Notification Threshold
* Update RDS Instance types by database engine and license definitions
using the pricing API
* Update AWS::CodeBuild::Project ServiceRole to support Role Name or
ARN
* Update AWS::ECS::Service Role to support Role Name or ARN
+ Fixes
* Update E3025 to support the new structure of data in the RDS
instance type json
* Update E2540 to remove all nested conditions from the object
* Update E3030 to not do strict type checking
* Update E3020 to support conditions nested in the record sets
* Update E3008 to better handle CloudFormation sub stacks with
different GetAtt formats
Update to version 0.18.1
+ CloudFormation Specifications
* Update CloudFormation Specs to 2.30.0
* Fix IAM Regex Path to support more character types
* Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole
to reference an InstanceProfile or GetAtt the InstanceProfile Arn
* Allow VPC IDs to Ref a Parameter of type String
+ Fixes
* Fix E3502 to check the size of the property instead of the parent
object
Update to version 0.18.0
+ Features
* New rule E3032 to check the size of lists
* New rule E3502 to check JSON Object Size using definitions in the
spec file
* New rule E3033 to test the minimum and maximum length of a string
* New rule E3034 to validate the min and max of a number
* Remove Ebs Iops check from E2504 and use rule E3034 instead
* Remove rule E2509 and use rule E3033 instead
* Remove rule E2508 as it replaced by E3032 and E3502
* Update rule E2503 to check that there are at least two 2 Subnets or
SubnetMappings for ALBs
* SAM requirement upped to minimal version of 1.10.0
+ CloudFormation Specifications
* Extend specs to include: > `ListMin` and `ListMax` for the minimum
and maximum size of a list > `JsonMax` to check the max size of a
JSON Object > `StringMin` and `StringMax` to check the minimum and
maximum length of a String > `NumberMin` and `NumberMax` to check
the minimum and maximum value of a Number, Float, Long
* Update State and ExecutionRoleArn to be required on
AWS::DLM::LifecyclePolicy
* Add AllowedValues for PerformanceInsightsRetentionPeriod for
AWS::RDS::Instance
* Add AllowedValues for the AWS::GuardDuty Resources
* Add AllowedValues for AWS::EC2 VPC and VPN Resources
* Switch IAM Instance Profiles for certain resources to the type that
only takes the name
* Add regex pattern for IAM Instance Profile when a name (not Arn) is
used
* Add regex pattern for IAM Paths
* Add Regex pattern for IAM Role Arn
* Update OnlyOne spec to require require at least one of Subnets or
SubnetMappings with ELB v2
+ Fixes
* Fix serverless transform to use DefinitionBody when Auth is in the
API definition
* Fix rule W2030 to not error when checking SSM or List Parameters
Update to version 0.17.1
+ Features
* Update rule E2503 to make sure NLBs don't have a Security Group
configured
+ CloudFormation Specifications
* Add all the allowed values of the `AWS::Glue` Resources
* Update OnlyOne check for `AWS::CloudWatch::Alarm` to only
`MetricName` or `Metrics`
* Update Exclusive check for `AWS::CloudWatch::Alarm` for properties
mixed with `Metrics` and `Statistic`
* Update CloudFormation specs to 2.29.0
* Fix type with MariaDB in the AllowedValues
* Update pricing information for data available on 2018.3.29
+ Fixes
* Fix rule E1029 to not look for a sub is needed when looking for iot
strings in policies
* Fix rule E2541 to allow for ActionId Versions of length 1-9 and
meets regex `[0-9A-Za-z_-]+`
* Fix rule E2532 to allow for `Parameters` inside a `Pass` action
* Fix an issue when getting the location of an error in which numbers
are causing an attribute error
Update to version 0.17.0
+ Features
* Add new rule E3026 to validate Redis cluster settings including
AutomaticFailoverEnabled and NumCacheClusters. Status: Released
* Add new rule W3037 to validate IAM resource policies. Status:
Experimental
* Add new parameter `-e/--include-experimental` to allow for new rules
in that aren't ready to be fully released
+ CloudFormation Specifications
* Update Spec files to 2.28.0
* Add all the allowed values of the AWS::Redshift::* Resources
* Add all the allowed values of the AWS::Neptune::* Resources
* Patch spec to make
AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN r
equired
* Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required
+ Fixes
* Remove extra blank lines when there is no errors in the output
* Add exception to rule E1029 to have exceptions for EMR
CloudWatchAlarmDefinition
* Update rule E1029 to allow for literals in a Sub
* Remove sub checks from rule E3031 as it won't match in all cases of
an allowed pattern regex check
* Correct typos for errors in rule W1001
* Switch from parsing a template as Yaml to Json when finding an
escape character
* Fix an issue with SAM related to transforming templates with
Serverless Application and Lambda Layers
* Fix an issue with rule E2541 when non strings were used for Stage
Names
Update to version 0.16.0
+ Features
* Add rule E3031 to look for regex patterns based on the patched spec
file
* Remove regex checks from rule E2509
* Add parameter `ignore-templates` to allow the ignoring of templates
when doing bulk linting
+ CloudFormation Specifications
* Update Spec files to 2.26.0
* Add all the allowed values of the AWS::DirectoryService::* Resources
* Add all the allowed values of the AWS::DynamoDB::* Resources
* Added AWS::Route53Resolver resources to the Spec Patches of
ap-southeast-2
* Patch the spec file with regex patterns
* Add all the allowed values of the AWS::DocDb::* Resources
+ Fixes
* Update rule E2504 to have '20000' as the max value
* Update rule E1016 to not allow ImportValue inside of Conditions
* Update rule E2508 to check conditions when providing limit checks on
managed policies
* Convert unicode to strings when in Py 3.4/3.5 and updating specs
* Convert from `awslabs` to `aws-cloudformation` organization
* Remove suppression of logging that was removed from samtranslator
>1.7.0 and incompatibility with samtranslator 1.10.0
Update to version 0.15.0
+ Features
* Add scaffolding for arbitrary Match attributes, adding attributes
for Type checks
* Add rule E3024 to validate that ProvisionedThroughput is not
specified with BillingMode PAY_PER_REQUEST
+ CloudFormation Specifications
* Update Spec files to 2.24.0
* Update OnlyOne spec to have BlockDeviceMapping to include NoDevice
with Ebs and VirtualName
* Add all the allowed values of the AWS::CloudFront::* Resources
* Add all the allowed values of the AWS::DAX::* Resources
+ Fixes
* Update config parsing to use the builtin Yaml decoder
* Add condition support for Inclusive E2521, Exclusive E2520, and
AtLeastOne E2522 rules
* Update rule E1029 to better check Resource strings inside IAM
Policies
* Improve the line/column information of a Match with array support
Update to version 0.14.1
+ CloudFormation Specifications
* Update CloudFormation Specs to version 2.23.0
* Add allowed values for AWS::Config::* resources
* Add allowed values for AWS::ServiceDiscovery::* resources
* Fix allowed values for Apache MQ
+ Fixes
* Update rule E3008 to not error when using a list from a custom
resource
* Support simple types in the CloudFormation spec
* Add tests for the formatters
Update to version 0.14.0
+ Features
* Add rule E3035 to check the values of DeletionPolicy
* Add rule E3036 to check the values of UpdateReplacePolicy
* Add rule E2014 to check that there are no REFs in the Parameter
section
* Update rule E2503 to support TLS on NLBs
+ CloudFormation Specifications
* Update CloudFormation spec to version 2.22.0
* Add allowed values for AWS::Cognito::* resources
+ Fixes
* Update rule E3002 to allow GetAtts to Custom Resources under a
Condition
Update to version 0.13.2
+ Features
* Introducing the cfn-lint logo!
* Update SAM dependency version
+ Fixes
* Fix CloudWatchAlarmComparisonOperator allowed values.
* Fix typo resoruce_type_spec in several files
* Better support for nested And, Or, and Not when processing Conditions
Update to version 0.13.1
+ CloudFormation Specifications
* Add allowed values for AWS::CloudTrail::Trail resources
* Patch spec to have AWS::CodePipeline::CustomActionType Version
included
+ Fixes
* Fix conditions logic to use AllowedValues when REFing a Parameter
that has AllowedValues specified
Update to version 0.13.0
+ Features
* New rule W1011 to check if a FindInMap is using the correct map name
and keys
* New rule W1001 to check if a Ref/GetAtt to a resource that exists
when Conditions are used
* Removed logic in E1011 and moved it to W1011 for validating keys
* Add property relationships for
AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive,
Exclusive, and AtLeastOne
* Update rule E2505 to check the netmask bit
* Include the ability to update the CloudFormation Specs using the
Pricing API
+ CloudFormation Specifications
* Update to version 2.21.0
* Add allowed values for AWS::Budgets::Budget
* Add allowed values for AWS::CertificateManager resources
* Add allowed values for AWS::CodePipeline resources
* Add allowed values for AWS::CodeCommit resources
* Add allowed values for EC2 InstanceTypes from pricing API
* Add allowed values for RedShift InstanceTypes from pricing API
* Add allowed values for MQ InstanceTypes from pricing API
* Add allowed values for RDS InstanceTypes from pricing API
+ Fixes
* Fixed README indentation issue with .pre-commit-config.yaml
* Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild
task
* Fixed rule E3020 to allow for a period or no period at the end of a
ACM registration record
* Update rule E3001 to support UpdateReplacePolicy
* Fix a cli issue where `--template` wouldn't be used when a
.cfnlintrc was in the same folder
* Update rule E3002 and E1024 to support packaging of
AWS::Lambda::LayerVersion content
- Initial build
+ Version 0.12.1
Update to 0.9.1
* the prof plugin now uses cProfile instead of hotshot for profiling
* skipped tests now include the user's reason in junit XML's message field
* the prettyassert plugin mishandled multi-line function definitions
* Using a plugin's CLI flag when the plugin is already enabled via config
no longer errors
* nose2.plugins.prettyassert, enabled with --pretty-assert
* Cleanup code for EOLed python versions
* Dropped support for distutils.
* Result reporter respects failure status set by other plugins
* JUnit XML plugin now includes the skip reason in its output
Upgrade to 0.8.0:
- List of changes is too long to show here, see
https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst
changes between 0.6.5 and 0.8.0
Update to 0.7.0:
* Added parameterized_class feature, for parameterizing entire test
classes (many thanks to @TobyLL for their suggestions and help testing!)
* Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh;
https://github.com/wolever/parameterized/issues/67)
* Make sure that `setUp` and `tearDown` methods work correctly (#40)
* Raise a ValueError when input is empty (thanks @danielbradburn;
https://github.com/wolever/parameterized/pull/48)
* Fix the order when number of cases exceeds 10 (thanks @ntflc;
https://github.com/wolever/parameterized/pull/49)
aws-cli was updated to version 1.16.223:
For detailed changes see the changes entries:
https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst
https://github.com/aws/aws-cli/blob/1.16.189/CHANGELOG.rst
https://github.com/aws/aws-cli/blob/1.16.182/CHANGELOG.rst
https://github.com/aws/aws-cli/blob/1.16.176/CHANGELOG.rst
https://github.com/aws/aws-cli/blob/1.16.103/CHANGELOG.rst
https://github.com/aws/aws-cli/blob/1.16.94/CHANGELOG.rst
https://github.com/aws/aws-cli/blob/1.16.84/CHANGELOG.rst
python-boto3 was updated to 1.9.213, python-botocore was updated to
1.9.188, and python-s3transfer was updated to 1.12.74, fixing lots of bugs
and adding features (bsc#1146853, bsc#1146854)
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Python2 15-SP1:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-498=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP1:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-498=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-498=1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-498=1
- SUSE Linux Enterprise Module for Basesystem 15-SP1:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-498=1
Package List:
- SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64):
python-PyYAML-debuginfo-5.1.2-6.3.7
python-PyYAML-debugsource-5.1.2-6.3.7
python2-PyYAML-5.1.2-6.3.7
python2-PyYAML-debuginfo-5.1.2-6.3.7
- SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch):
aws-cli-1.16.223-8.3.3
azure-cli-core-2.0.45-6.3.3
azure-cli-interactive-0.3.28-6.3.3
cfn-lint-0.21.4-3.3.9
python3-aws-sam-translator-1.11.0-4.3.8
python3-cfn-lint-0.21.4-3.3.9
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch):
python2-boto3-1.9.213-7.3.4
python2-botocore-1.12.213-7.3.4
python2-s3transfer-0.2.1-6.3.5
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
python2-boto3-1.9.213-7.3.4
python2-botocore-1.12.213-7.3.4
python2-s3transfer-0.2.1-6.3.5
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
python-PyYAML-debuginfo-5.1.2-6.3.7
python-PyYAML-debugsource-5.1.2-6.3.7
python3-PyYAML-5.1.2-6.3.7
python3-PyYAML-debuginfo-5.1.2-6.3.7
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
python3-boto3-1.9.213-7.3.4
python3-botocore-1.12.213-7.3.4
python3-s3transfer-0.2.1-6.3.5
References:
https://bugzilla.suse.com/1122669
https://bugzilla.suse.com/1136184
https://bugzilla.suse.com/1146853
https://bugzilla.suse.com/1146854
https://bugzilla.suse.com/1159018
More information about the sle-updates
mailing list