Condition exclusively used together with Fn::If in a SAM resource reported as unused

[FlorianSW]

cfn-lint version: (cfn-lint --version)
0.50.0

Description of issue.
First of all: I'm not sure, if I should file this issue against cfn-lint or the sam-cli tbh. If you think it is more an issue of sam, I"ll can close this issue and go down this road :)

I've declared a condition (see template for a simplified example), which I use exclusively in a resource of type AWS::Serverless::Function (enabling or disabling a specific events rule basically, does, however, not really matter here). When I lint this template, I get the error message, that the defined condition is unused, even given it is used in the SAM resource.

Using cfn-lint --info, the resulted template still declares the condition, however, it is obviously not used anymore, as sam converted the Events properties to their own resources, which do not use the condition anymore.

When using the same construct (Fn::If + Condition) in a CFN resource, cfn-lint runs completely fine.

Please provide as much information as possible:
Error message:
W8001 Condition WithCondition not used

Template to reproduce:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Conditions:
  WithCondition: !Equals [ !Ref ParamTest, 'true' ]

Parameters:
  ParamTest:
    Type: String
    Default: false
    AllowedValues: [ true, false ]

Resources:
  BackgroundTasksFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: out/
      Handler: main
      Runtime: go1.x
      Events:
        Timed:
          Type: Schedule
          Properties:
            Schedule: rate(100 days)
            Enabled: !If [ WithCondition, true, false ]
      Tracing: 'Active'

Example template which does not fail (using CFN resource instead of AM):

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Conditions:
  WithCondition: !Equals [ !Ref ParamTest, 'true' ]

Parameters:
  ParamTest:
    Type: String
    Default: false
    AllowedValues: [ true, false ]

Resources:
  RecordServiceS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: test
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - BucketKeyEnabled: !If [ WithCondition, true, false ]

[chrisoverzero]

This is a bug in SAM which I've encountered before. Please see aws/serverless-application-model#1271 and aws/serverless-application-model#1666.

Here's what's happening:

if self.Enabled is not None:
    events_rule.State = "ENABLED" if self.Enabled else "DISABLED"

That property doesn't support intrinsics – SAM expects a constant true or false. The value is not None and it is truthy, so SAM is transforming it to a constant ENABLED. The condition does indeed go unused.

[FlorianSW]

@chrisoverzero alright, thanks for your answer and for confirming that this is an issue in SAM rather than cfn-lint :) I think it's fine to close this issue with the reference to the ones you linked above.