Merge from aws/aws-sam-cli/develop

Author: aws-sam-cli-bot

samcli/__init__.py

@@ -2,4 +2,4 @@
 SAM CLI version
 """
 
-__version__ = "1.147.0"
+__version__ = "1.147.1"

samcli/cli/types.py

@@ -662,3 +662,40 @@ def restore_spaces(self):
             text_list[pos] = " "
 
         return "".join(text_list)
+
+
+class TenantIdType(click.ParamType):
+    """
+    Custom Click parameter type for tenant-id validation.
+    Validates tenant-id format according to AWS Lambda multi-tenancy requirements.
+    """
+
+    name = "string"
+
+    # Tenant-id validation pattern
+    TENANT_ID_PATTERN = re.compile(r"^[a-zA-Z0-9\._:\/=+\-@ ]+$")
+    MIN_LENGTH = 1
+    MAX_LENGTH = 256
+
+    def convert(self, value, param, ctx):
+        if value is None:
+            return None
+
+        # Check length constraints
+        if len(value) < self.MIN_LENGTH or len(value) > self.MAX_LENGTH:
+            raise click.BadParameter(
+                f"{param.opts[0]} must be between {self.MIN_LENGTH} and {self.MAX_LENGTH} characters"
+            )
+
+        # Check for empty or whitespace-only strings
+        if not value.strip():
+            raise click.BadParameter(f"{param.opts[0]} cannot be empty or contain only whitespace")
+
+        # Check format pattern
+        if not self.TENANT_ID_PATTERN.match(value):
+            raise click.BadParameter(
+                f"{param.opts[0]} contains invalid characters. "
+                "Allowed characters are a-z, A-Z, numbers, spaces, and the characters _ . : / = + - @"
+            )
+
+        return value

samcli/commands/local/invoke/cli.py

@@ -9,6 +9,7 @@
 from samcli.cli.cli_config_file import ConfigProvider, configuration_option, save_params_option
 from samcli.cli.main import aws_creds_options, pass_context, print_cmdline_args
 from samcli.cli.main import common_options as cli_framework_options
+from samcli.cli.types import TenantIdType
 from samcli.commands._utils.option_value_processor import process_image_options
 from samcli.commands._utils.options import (
     hook_name_click_option,
@@ -74,6 +75,14 @@
     help="Lambda runtime used to invoke the function."
     + click.style(f"\n\nRuntimes: {', '.join(get_sorted_runtimes(INIT_RUNTIMES))}", bold=True),
 )
+@click.option(
+    "--tenant-id",
+    type=TenantIdType(),
+    help="Tenant ID for multi-tenant Lambda functions. "
+    "Used to ensure compute isolation between different tenants. "
+    "Must be 1-256 characters, the allowed characters are a-z and A-Z, "
+    "numbers, spaces, and the characters _ . : / = + - @",
+)
 @mount_symlinks_option
 @invoke_common_options
 @local_common_options
@@ -117,6 +126,7 @@ def cli(
     runtime,
     mount_symlinks,
     no_memory_limit,
+    tenant_id,
 ):
     """
     `sam local invoke` command entry point
@@ -150,6 +160,7 @@ def cli(
         runtime,
         mount_symlinks,
         no_memory_limit,
+        tenant_id,
     )  # pragma: no cover
 
 
@@ -180,6 +191,7 @@ def do_cli(  # pylint: disable=R0914
     runtime,
     mount_symlinks,
     no_mem_limit,
+    tenant_id,
 ):
     """
     Implementation of the ``cli`` method, just separated out for unit testing purposes
@@ -236,6 +248,7 @@ def do_cli(  # pylint: disable=R0914
             context.local_lambda_runner.invoke(
                 context.function_identifier,
                 event=event_data,
+                tenant_id=tenant_id,
                 stdout=context.stdout,
                 stderr=context.stderr,
                 override_runtime=runtime,

samcli/commands/local/invoke/core/options.py

@@ -36,6 +36,7 @@
     "add_host",
     "invoke_image",
     "runtime",
+    "tenant_id",
     "mount_symlinks",
     "no_memory_limit",
 ]

samcli/commands/local/lib/exceptions.py

@@ -46,3 +46,10 @@ class InvalidHandlerPathError(UserException):
     """
     Raises when the handler is in an unexpected format and can't be parsed
     """
+
+
+class TenantIdValidationError(UserException):
+    """
+    Raised when there's a tenant-id validation error (missing tenant-id for multi-tenant functions
+    or providing tenant-id for non-multi-tenant functions)
+    """

samcli/commands/local/lib/local_lambda.py

@@ -16,6 +16,7 @@
     InvalidIntermediateImageError,
     NoPrivilegeException,
     OverridesNotWellDefinedError,
+    TenantIdValidationError,
     UnsupportedInlineCodeError,
 )
 from samcli.lib.providers.provider import Function
@@ -99,6 +100,7 @@ def invoke(
         self,
         function_identifier: str,
         event: str,
+        tenant_id: Optional[str] = None,
         stdout: Optional[StreamWriter] = None,
         stderr: Optional[StreamWriter] = None,
         override_runtime: Optional[str] = None,
@@ -158,6 +160,20 @@ def invoke(
             LOG.info("Invoking Container created from %s", function.imageuri)
 
         validate_architecture_runtime(function)
+
+        # Validate tenant-id for multi-tenant functions
+        if function.tenancy_config and isinstance(function.tenancy_config, dict):
+            if not tenant_id:
+                raise TenantIdValidationError(
+                    "The invoked function is enabled with tenancy configuration. "
+                    "Add a valid tenant ID in your request and try again."
+                )
+        elif tenant_id:
+            raise TenantIdValidationError(
+                "The invoked function is not enabled with tenancy configuration. "
+                "Remove the tenant ID from your request and try again."
+            )
+
         config = self.get_invoke_config(function, override_runtime)
 
         if (
@@ -173,6 +189,7 @@ def invoke(
             self.local_runtime.invoke(
                 config,
                 event,
+                tenant_id,
                 debug_context=self.debug_context,
                 stdout=stdout,
                 stderr=stderr,

samcli/commands/local/start_api/cli.py

@@ -48,6 +48,10 @@
   a interpreted language, local changes will be available immediately in Docker container on every invoke. For more
   compiled languages or projects requiring complex packing support, it is recommended to run custom building solution
   and point AWS SAM CLI to the directory or file containing build artifacts.
+
+  For testing multi-tenant functions, pass tenant-id via X-Amz-Tenant-Id header. By default, each request uses a new 
+  container providing tenant isolation. When using --warm-containers, containers are reused and do not 
+  provide tenant isolation like production Lambda.
 """
 
 

samcli/commands/local/start_lambda/cli.py

@@ -39,7 +39,11 @@
   Programmatically invoke your Lambda function locally using the AWS CLI or SDKs.
   Start a local endpoint that emulates the AWS Lambda service, and one can run their automated
   tests against this local Lambda endpoint. Invokes to this endpoint can be sent using the AWS CLI or
-  SDK and they will in turn locally execute the Lambda function specified in the request.\n
+  SDK and they will in turn locally execute the Lambda function specified in the request.
+
+  For testing multi-tenant functions, pass tenant-id via the TenantId parameter in Lambda API calls. By default, each 
+  invocation uses a new container providing tenant isolation. When using --warm-containers, containers are reused 
+  and do not provide tenant isolation like production Lambda.
 """
 
 

samcli/commands/remote/invoke/cli.py

@@ -8,7 +8,7 @@
 from samcli.cli.cli_config_file import ConfigProvider, configuration_option, save_params_option
 from samcli.cli.context import Context
 from samcli.cli.main import aws_creds_options, common_options, pass_context, print_cmdline_args
-from samcli.cli.types import RemoteInvokeOutputFormatType
+from samcli.cli.types import RemoteInvokeOutputFormatType, TenantIdType
 from samcli.commands._utils.command_exception_handler import command_exception_handler
 from samcli.commands._utils.options import remote_invoke_parameter_option
 from samcli.commands.remote.invoke.core.command import RemoteInvokeCommand
@@ -66,6 +66,14 @@
     type=click.File("r", encoding="utf-8"),
     help="The file that contains the event that will be sent to the resource.",
 )
+@click.option(
+    "--tenant-id",
+    type=TenantIdType(),
+    help="Tenant ID for multi-tenant Lambda functions. "
+    "Used to ensure compute isolation between different tenants. "
+    "Must be 1-256 characters, the allowed characters are a-z and A-Z, "
+    "numbers, spaces, and the characters _ . : / = + - @",
+)
 @click.option(
     "--test-event-name",
     help="Name of the remote test event to send to the resource",
@@ -94,6 +102,7 @@ def cli(
     resource_id: str,
     event: str,
     event_file: TextIOWrapper,
+    tenant_id: str,
     output: RemoteInvokeOutputFormat,
     test_event_name: str,
     parameter: dict,
@@ -110,6 +119,7 @@ def cli(
         resource_id,
         event,
         event_file,
+        tenant_id,
         output,
         parameter,
         test_event_name,
@@ -125,6 +135,7 @@ def do_cli(
     resource_id: str,
     event: str,
     event_file: TextIOWrapper,
+    tenant_id: str,
     output: RemoteInvokeOutputFormat,
     parameter: dict,
     test_event_name: str,
@@ -187,7 +198,7 @@ def do_cli(
             EventTracker.track_event("RemoteInvokeEventType", event_type)
 
             remote_invoke_input = RemoteInvokeExecutionInfo(
-                payload=event, payload_file=event_file, parameters=parameter, output_format=output
+                payload=event, payload_file=event_file, tenant_id=tenant_id, parameters=parameter, output_format=output
             )
 
             remote_invoke_context.run(remote_invoke_input=remote_invoke_input)

samcli/commands/remote/invoke/core/options.py

@@ -14,7 +14,7 @@
 
 INPUT_EVENT_OPTIONS: List[str] = ["event", "event_file", "test_event_name"]
 
-ADDITIONAL_OPTIONS: List[str] = ["parameter", "output"]
+ADDITIONAL_OPTIONS: List[str] = ["parameter", "output", "tenant_id"]
 
 AWS_CREDENTIAL_OPTION_NAMES: List[str] = ["region", "profile"]