generated from terraform-linters/tflint-ruleset-template
-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathaws_secretsmanager_secret_policy_invalid_secret_arn.go
93 lines (79 loc) · 2.41 KB
/
aws_secretsmanager_secret_policy_invalid_secret_arn.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
// This file generated by `generator/`. DO NOT EDIT
package models
import (
"github.com/terraform-linters/tflint-plugin-sdk/hclext"
"github.com/terraform-linters/tflint-plugin-sdk/logger"
"github.com/terraform-linters/tflint-plugin-sdk/tflint"
)
// AwsSecretsmanagerSecretPolicyInvalidSecretArnRule checks the pattern is valid
type AwsSecretsmanagerSecretPolicyInvalidSecretArnRule struct {
tflint.DefaultRule
resourceType string
attributeName string
max int
min int
}
// NewAwsSecretsmanagerSecretPolicyInvalidSecretArnRule returns new rule with default attributes
func NewAwsSecretsmanagerSecretPolicyInvalidSecretArnRule() *AwsSecretsmanagerSecretPolicyInvalidSecretArnRule {
return &AwsSecretsmanagerSecretPolicyInvalidSecretArnRule{
resourceType: "aws_secretsmanager_secret_policy",
attributeName: "secret_arn",
max: 2048,
min: 1,
}
}
// Name returns the rule name
func (r *AwsSecretsmanagerSecretPolicyInvalidSecretArnRule) Name() string {
return "aws_secretsmanager_secret_policy_invalid_secret_arn"
}
// Enabled returns whether the rule is enabled by default
func (r *AwsSecretsmanagerSecretPolicyInvalidSecretArnRule) Enabled() bool {
return true
}
// Severity returns the rule severity
func (r *AwsSecretsmanagerSecretPolicyInvalidSecretArnRule) Severity() tflint.Severity {
return tflint.ERROR
}
// Link returns the rule reference link
func (r *AwsSecretsmanagerSecretPolicyInvalidSecretArnRule) Link() string {
return ""
}
// Check checks the pattern is valid
func (r *AwsSecretsmanagerSecretPolicyInvalidSecretArnRule) Check(runner tflint.Runner) error {
logger.Trace("Check `%s` rule", r.Name())
resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
Attributes: []hclext.AttributeSchema{
{Name: r.attributeName},
},
}, nil)
if err != nil {
return err
}
for _, resource := range resources.Blocks {
attribute, exists := resource.Body.Attributes[r.attributeName]
if !exists {
continue
}
err := runner.EvaluateExpr(attribute.Expr, func (val string) error {
if len(val) > r.max {
runner.EmitIssue(
r,
"secret_arn must be 2048 characters or less",
attribute.Expr.Range(),
)
}
if len(val) < r.min {
runner.EmitIssue(
r,
"secret_arn must be 1 characters or higher",
attribute.Expr.Range(),
)
}
return nil
}, nil)
if err != nil {
return err
}
}
return nil
}