mapping aws_backup (#233)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_lock_configuration https://github.com/aws/aws-sdk-go/blob/main/models/apis/backup/2018-11-15/api-2.json
terraform-linters · Dec 25, 2021 · 08036ee · 08036ee
1 parent d83e511
commit 08036ee
Show file tree

Hide file tree

Showing 6 changed files with 227 additions and 0 deletions.
diff --git a/docs/rules/README.md b/docs/rules/README.md
@@ -242,6 +242,9 @@ These rules enforce best practices and naming conventions:
 |aws_athena_workgroup_invalid_state|✔|
 |aws_backup_selection_invalid_name|✔|
 |aws_backup_vault_invalid_name|✔|
+|aws_backup_vault_lock_configuration_invalid_backup_vault_name|✔|
+|aws_backup_vault_notifications_invalid_backup_vault_name|✔|
+|aws_backup_vault_policy_invalid_backup_vault_name|✔|
 |aws_batch_compute_environment_invalid_state|✔|
 |aws_batch_compute_environment_invalid_type|✔|
 |aws_batch_job_definition_invalid_type|✔|

diff --git a/rules/models/aws_backup_vault_lock_configuration_invalid_backup_vault_name.go b/rules/models/aws_backup_vault_lock_configuration_invalid_backup_vault_name.go
@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule checks the pattern is valid
+type AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsBackupVaultLockConfigurationInvalidBackupVaultNameRule returns new rule with default attributes
+func NewAwsBackupVaultLockConfigurationInvalidBackupVaultNameRule() *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule {
+	return &AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule{
+		resourceType:  "aws_backup_vault_lock_configuration",
+		attributeName: "backup_vault_name",
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9\-\_]{2,50}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Name() string {
+	return "aws_backup_vault_lock_configuration_invalid_backup_vault_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9\-\_]{2,50}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/aws_backup_vault_notifications_invalid_backup_vault_name.go b/rules/models/aws_backup_vault_notifications_invalid_backup_vault_name.go
@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsBackupVaultNotificationsInvalidBackupVaultNameRule checks the pattern is valid
+type AwsBackupVaultNotificationsInvalidBackupVaultNameRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsBackupVaultNotificationsInvalidBackupVaultNameRule returns new rule with default attributes
+func NewAwsBackupVaultNotificationsInvalidBackupVaultNameRule() *AwsBackupVaultNotificationsInvalidBackupVaultNameRule {
+	return &AwsBackupVaultNotificationsInvalidBackupVaultNameRule{
+		resourceType:  "aws_backup_vault_notifications",
+		attributeName: "backup_vault_name",
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9\-\_]{2,50}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Name() string {
+	return "aws_backup_vault_notifications_invalid_backup_vault_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9\-\_]{2,50}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/aws_backup_vault_policy_invalid_backup_vault_name.go b/rules/models/aws_backup_vault_policy_invalid_backup_vault_name.go
@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsBackupVaultPolicyInvalidBackupVaultNameRule checks the pattern is valid
+type AwsBackupVaultPolicyInvalidBackupVaultNameRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsBackupVaultPolicyInvalidBackupVaultNameRule returns new rule with default attributes
+func NewAwsBackupVaultPolicyInvalidBackupVaultNameRule() *AwsBackupVaultPolicyInvalidBackupVaultNameRule {
+	return &AwsBackupVaultPolicyInvalidBackupVaultNameRule{
+		resourceType:  "aws_backup_vault_policy",
+		attributeName: "backup_vault_name",
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9\-\_]{2,50}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Name() string {
+	return "aws_backup_vault_policy_invalid_backup_vault_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9\-\_]{2,50}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/mappings/backup.hcl b/rules/models/mappings/backup.hcl
@@ -8,6 +8,20 @@ mapping "aws_backup_vault" {
   name = BackupVaultName
 }
 
+mapping "aws_backup_vault_lock_configuration" {
+  backup_vault_name = BackupVaultName
+}
+
+mapping "aws_backup_vault_notifications" {
+  backup_vault_name = BackupVaultName
+  sns_topic_arn = ARN
+  backup_vault_events = BackupVaultEvents
+}
+
+mapping "aws_backup_vault_policy" {
+  backup_vault_name = BackupVaultName
+}
+
 test "aws_backup_selection" "name" {
   ok = "tf_example_backup_selection"
   ng = "tf_example_backup_selection_tf_example_backup_selection"

diff --git a/rules/models/provider.go b/rules/models/provider.go
@@ -170,6 +170,9 @@ var Rules = []tflint.Rule{
 	NewAwsAthenaWorkgroupInvalidStateRule(),
 	NewAwsBackupSelectionInvalidNameRule(),
 	NewAwsBackupVaultInvalidNameRule(),
+	NewAwsBackupVaultLockConfigurationInvalidBackupVaultNameRule(),
+	NewAwsBackupVaultNotificationsInvalidBackupVaultNameRule(),
+	NewAwsBackupVaultPolicyInvalidBackupVaultNameRule(),
 	NewAwsBatchComputeEnvironmentInvalidStateRule(),
 	NewAwsBatchComputeEnvironmentInvalidTypeRule(),
 	NewAwsBatchJobDefinitionInvalidTypeRule(),