Cfn: Fix backslash processing for dynamic replacement values

[dfangl]

Motivation

When dynamic references (like {{resolve:secretsmanager:secret-id:secret-string:json-key::}}) return backslashes, they are currently not handled correctly. Mainly, they are interpreted by re.sub, and used to escape characters (or reference sections of the regex match).

The python documentation says this about this topic:

repl can be a string or a function; if it is a string, any backslash escapes in it are processed. That is, \n is converted to a single newline character, \r is converted to a carriage return, and so forth. Unknown escapes of ASCII letters are reserved for future use and treated as errors. Other unknown escapes such as & are left alone. Backreferences, such as \6, are replaced with the substring matched by group 6 in the pattern.

This leads to issues if the secret contains one or multiple backslashes, leading either to escape errors (bad escape \<something> at position <something> or changed values (\\ -> \, \& -> &).

This can lead to significant, but hard to debug issues.

The change replaces the string with a function returning a string, as the backslashes are not processed:

If repl is a function, it is called for every non-overlapping occurrence of pattern. The function takes a single Match argument, and returns the replacement string.

Changes

• dynamic references referencing secrets or parameters with backslashes should now work correctly.
• Added test
• The information for the new cloudformation engine contained an invalid provider name (legacy instead of engine-legacy).

[github-actions]

Test Results - Preflight, Unit

22 281 tests  ±0   20 538 ✅ ±0   14m 16s ⏱️ - 2m 14s
     1 suites ±0    1 743 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit ff83a05. ± Comparison against base commit c835d59.

[github-actions]

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 21s ⏱️ ±0s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit ff83a05. ± Comparison against base commit c835d59.

[github-actions]

Test Results - Alternative Providers

575 tests   330 ✅  25m 34s ⏱️
  1 suites  245 💤
  1 files      0 ❌

Results for commit ff83a05.

[github-actions]

Test Results (amd64) - Integration, Bootstrap

    5 files      5 suites   2h 39m 5s ⏱️
5 169 tests 4 673 ✅ 496 💤 0 ❌
5 175 runs  4 673 ✅ 502 💤 0 ❌

Results for commit ff83a05.

[github-actions]

LocalStack Community integration with Pro

    2 files  ±0      2 suites  ±0   1h 59m 7s ⏱️ +12s
4 795 tests +1  4 459 ✅ +1  336 💤 ±0  0 ❌ ±0 
4 797 runs  +1  4 459 ✅ +1  338 💤 ±0  0 ❌ ±0 

Results for commit ff83a05. ± Comparison against base commit c835d59.

[pinzon]

LGTM. Thank you for the fix and catching the error with the LOG