From 12576cbc16ce78db02f79975a4768b4ec0957524 Mon Sep 17 00:00:00 2001
From: Kevin DeJong <kddejong@amazon.com>
Date: Tue, 10 Sep 2024 11:23:28 -0700
Subject: [PATCH] Remove experimental from W3037

---
 .../rules/resources/iam/Permissions.py        |  8 +++--
 .../resources/iam/test_iam_permissions_sam.py | 33 +++++++++++++++++++
 2 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 test/unit/rules/resources/iam/test_iam_permissions_sam.py

diff --git a/src/cfnlint/rules/resources/iam/Permissions.py b/src/cfnlint/rules/resources/iam/Permissions.py
index d988292a77..8928437784 100644
--- a/src/cfnlint/rules/resources/iam/Permissions.py
+++ b/src/cfnlint/rules/resources/iam/Permissions.py
@@ -21,7 +21,6 @@ class Permissions(CfnLintKeyword):
     description = "Check for valid IAM Permissions"
     source_url = "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html"
     tags = ["properties", "iam", "permissions"]
-    experimental = True
 
     def __init__(self):
         """Init"""
@@ -33,6 +32,11 @@ def __init__(self):
     def validate(
         self, validator: Validator, _, instance: Any, schema: dict[str, Any]
     ) -> ValidationResult:
+        # Escape validation when using SAM transforms as a result of
+        # https://github.com/aws/serverless-application-model/issues/3633
+        if validator.context.transforms.has_sam_transform():
+            return
+
         actions = ensure_list(instance)
 
         for action in actions:
@@ -41,7 +45,7 @@ def validate(
             if ":" not in action:
                 yield ValidationError(
                     (
-                        f"{action!r} is not a valid action."
+                        f"{action!r} is not a valid action. "
                         "Must be of the form service:action or '*'"
                     ),
                     rule=self,
diff --git a/test/unit/rules/resources/iam/test_iam_permissions_sam.py b/test/unit/rules/resources/iam/test_iam_permissions_sam.py
new file mode 100644
index 0000000000..9d3469c2ca
--- /dev/null
+++ b/test/unit/rules/resources/iam/test_iam_permissions_sam.py
@@ -0,0 +1,33 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+import pytest
+
+from cfnlint.rules.resources.iam.Permissions import Permissions
+
+
+@pytest.fixture(scope="module")
+def rule():
+    rule = Permissions()
+    yield rule
+
+
+@pytest.fixture
+def template():
+    return {}
+    # {
+    #    "Transform": "AWS::Serverless-2016-10-31",
+    # }
+
+
+@pytest.mark.parametrize(
+    "name,instance,err_count",
+    [
+        ("Empty string", "", 0),
+    ],
+)
+def test_permissions(name, instance, err_count, rule, validator):
+    errors = list(rule.validate(validator, {}, instance, {}))
+    assert len(errors) == err_count, f"Test {name!r} got {errors!r}"