From 8b6ee101ee65e2b1d9a6693e9c794fc58e2d29db Mon Sep 17 00:00:00 2001
From: Kevin DeJong <kddejong@amazon.com>
Date: Wed, 11 Sep 2024 10:41:30 -0700
Subject: [PATCH 1/3] Exceptions for hardcoded authorizer uri in I3042

---
 .../rules/resources/HardCodedArnProperties.py   | 17 +++++++++++++++++
 .../hard_coded_arn_properties_sam.yaml          |  8 ++++++++
 2 files changed, 25 insertions(+)

diff --git a/src/cfnlint/rules/resources/HardCodedArnProperties.py b/src/cfnlint/rules/resources/HardCodedArnProperties.py
index 50fde2eb10..0fce8446a2 100644
--- a/src/cfnlint/rules/resources/HardCodedArnProperties.py
+++ b/src/cfnlint/rules/resources/HardCodedArnProperties.py
@@ -47,6 +47,12 @@ def __init__(self):
                 "type": "boolean",
             },
         }
+        self.exceptions = {
+            "AWS::ApiGateway::Authorizer": [
+                ["Properties", "AuthorizerUri"],
+            ]
+        }
+
         self.configure()
 
     def _match_values(self, cfnelem, path):
@@ -96,6 +102,17 @@ def match(self, cfn: Template) -> RuleMatches:
             path = ["Resources"] + parameter_string_path[:-1]
             candidate = parameter_string_path[-1]
 
+            resource_name = path[1]
+            _type = cfn.template.get("Resources", {}).get(resource_name, {}).get("Type")
+            is_exception = False
+            if _type in self.exceptions:
+                for exception in self.exceptions[_type]:
+                    if all(x[0] == x[1] for x in zip(path[2:], exception)):
+                        is_exception = True
+
+            if is_exception:
+                continue
+
             # ruff: noqa: E501
             # !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
             # is valid even with aws as the account #.  This handles empty string
diff --git a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml
index 7dfad83771..9aee96cdfa 100644
--- a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml
+++ b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml
@@ -104,3 +104,11 @@ Resources:
                       start_position: "LATEST"
                 aws:
                   region: us-east-1
+
+  Authorizer:
+    Type: AWS::ApiGateway::Authorizer
+    Properties:
+      AuthorizerUri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:Name/invocations
+      RestApiId: RestApiId
+      Type: REQUEST
+      Name: Name

From c9fa19322e453abb78fbf7a0357ab2915606d1b5 Mon Sep 17 00:00:00 2001
From: Kevin DeJong <kddejong@amazon.com>
Date: Wed, 11 Sep 2024 10:50:54 -0700
Subject: [PATCH 2/3] Improve testing

---
 .../resources/properties/hard_coded_arn_properties.yaml   | 8 ++++++++
 .../properties/hard_coded_arn_properties_sam.yaml         | 8 --------
 test/unit/rules/resources/test_hardcodedarnproperties.py  | 1 +
 3 files changed, 9 insertions(+), 8 deletions(-)
 create mode 100644 test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml

diff --git a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml
new file mode 100644
index 0000000000..2ad971962a
--- /dev/null
+++ b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml
@@ -0,0 +1,8 @@
+Resources:
+  Authorizer:
+    Type: AWS::ApiGateway::Authorizer
+    Properties:
+      AuthorizerUri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:Name/invocations
+      RestApiId: RestApiId
+      Type: REQUEST
+      Name: Name
diff --git a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml
index 9aee96cdfa..7dfad83771 100644
--- a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml
+++ b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml
@@ -104,11 +104,3 @@ Resources:
                       start_position: "LATEST"
                 aws:
                   region: us-east-1
-
-  Authorizer:
-    Type: AWS::ApiGateway::Authorizer
-    Properties:
-      AuthorizerUri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:Name/invocations
-      RestApiId: RestApiId
-      Type: REQUEST
-      Name: Name
diff --git a/test/unit/rules/resources/test_hardcodedarnproperties.py b/test/unit/rules/resources/test_hardcodedarnproperties.py
index ea8ad8a587..bee996d3e7 100644
--- a/test/unit/rules/resources/test_hardcodedarnproperties.py
+++ b/test/unit/rules/resources/test_hardcodedarnproperties.py
@@ -19,6 +19,7 @@ def setUp(self):
         super(TestHardCodedArnProperties, self).setUp()
         self.collection.register(HardCodedArnProperties())
         self.success_templates = [
+            "test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml",
             "test/fixtures/templates/good/resources/properties/hard_coded_arn_properties_sam.yaml",
         ]
 

From 16d87a6bbcefd546dedadc61c62a69b2020751e2 Mon Sep 17 00:00:00 2001
From: Kevin DeJong <kddejong@amazon.com>
Date: Wed, 11 Sep 2024 11:07:00 -0700
Subject: [PATCH 3/3] Add a bad test results

---
 .../fixtures/templates/bad/hard_coded_arn_properties.yaml | 8 ++++++++
 test/unit/rules/resources/test_hardcodedarnproperties.py  | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/test/fixtures/templates/bad/hard_coded_arn_properties.yaml b/test/fixtures/templates/bad/hard_coded_arn_properties.yaml
index de51db2922..f57b35b6c7 100644
--- a/test/fixtures/templates/bad/hard_coded_arn_properties.yaml
+++ b/test/fixtures/templates/bad/hard_coded_arn_properties.yaml
@@ -77,3 +77,11 @@ Resources:
               - !Sub arn:${AWS::Partition}:sns:${AWS::Partition}:${AWS::AccountId}:TestTopic
       Roles:
         - !Ref SampleRole
+
+  Authorizer:
+    Type: AWS::ApiGateway::Authorizer
+    Properties:
+      AuthorizerUri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:Name/invocations
+      RestApiId: RestApiId
+      Type: REQUEST
+      Name: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:Name/invocations
diff --git a/test/unit/rules/resources/test_hardcodedarnproperties.py b/test/unit/rules/resources/test_hardcodedarnproperties.py
index bee996d3e7..2b7b1fce92 100644
--- a/test/unit/rules/resources/test_hardcodedarnproperties.py
+++ b/test/unit/rules/resources/test_hardcodedarnproperties.py
@@ -71,7 +71,7 @@ def test_file_negative_region(self):
     def test_file_negative_accountid(self):
         self.helper_file_negative(
             "test/fixtures/templates/bad/hard_coded_arn_properties.yaml",
-            1,
+            2,
             ConfigMixIn(
                 [],
                 include_experimental=True,