From 08036ee0fb5a1a527ccf92976e7cd70076cefd54 Mon Sep 17 00:00:00 2001 From: Pat Myron Date: Sat, 25 Dec 2021 12:38:34 -0800 Subject: [PATCH] mapping aws_backup (#233) https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_lock_configuration https://github.com/aws/aws-sdk-go/blob/main/models/apis/backup/2018-11-15/api-2.json --- docs/rules/README.md | 3 + ...configuration_invalid_backup_vault_name.go | 69 +++++++++++++++++++ ...notifications_invalid_backup_vault_name.go | 69 +++++++++++++++++++ ..._vault_policy_invalid_backup_vault_name.go | 69 +++++++++++++++++++ rules/models/mappings/backup.hcl | 14 ++++ rules/models/provider.go | 3 + 6 files changed, 227 insertions(+) create mode 100644 rules/models/aws_backup_vault_lock_configuration_invalid_backup_vault_name.go create mode 100644 rules/models/aws_backup_vault_notifications_invalid_backup_vault_name.go create mode 100644 rules/models/aws_backup_vault_policy_invalid_backup_vault_name.go diff --git a/docs/rules/README.md b/docs/rules/README.md index 608d8196..ebbad400 100644 --- a/docs/rules/README.md +++ b/docs/rules/README.md @@ -242,6 +242,9 @@ These rules enforce best practices and naming conventions: |aws_athena_workgroup_invalid_state|✔| |aws_backup_selection_invalid_name|✔| |aws_backup_vault_invalid_name|✔| +|aws_backup_vault_lock_configuration_invalid_backup_vault_name|✔| +|aws_backup_vault_notifications_invalid_backup_vault_name|✔| +|aws_backup_vault_policy_invalid_backup_vault_name|✔| |aws_batch_compute_environment_invalid_state|✔| |aws_batch_compute_environment_invalid_type|✔| |aws_batch_job_definition_invalid_type|✔| diff --git a/rules/models/aws_backup_vault_lock_configuration_invalid_backup_vault_name.go b/rules/models/aws_backup_vault_lock_configuration_invalid_backup_vault_name.go new file mode 100644 index 00000000..c957261a --- /dev/null +++ b/rules/models/aws_backup_vault_lock_configuration_invalid_backup_vault_name.go @@ -0,0 +1,69 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule checks the pattern is valid +type AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule struct { + resourceType string + attributeName string + pattern *regexp.Regexp +} + +// NewAwsBackupVaultLockConfigurationInvalidBackupVaultNameRule returns new rule with default attributes +func NewAwsBackupVaultLockConfigurationInvalidBackupVaultNameRule() *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule { + return &AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule{ + resourceType: "aws_backup_vault_lock_configuration", + attributeName: "backup_vault_name", + pattern: regexp.MustCompile(`^[a-zA-Z0-9\-\_]{2,50}$`), + } +} + +// Name returns the rule name +func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Name() string { + return "aws_backup_vault_lock_configuration_invalid_backup_vault_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsBackupVaultLockConfigurationInvalidBackupVaultNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9\-\_]{2,50}$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_backup_vault_notifications_invalid_backup_vault_name.go b/rules/models/aws_backup_vault_notifications_invalid_backup_vault_name.go new file mode 100644 index 00000000..e6a8d3a3 --- /dev/null +++ b/rules/models/aws_backup_vault_notifications_invalid_backup_vault_name.go @@ -0,0 +1,69 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsBackupVaultNotificationsInvalidBackupVaultNameRule checks the pattern is valid +type AwsBackupVaultNotificationsInvalidBackupVaultNameRule struct { + resourceType string + attributeName string + pattern *regexp.Regexp +} + +// NewAwsBackupVaultNotificationsInvalidBackupVaultNameRule returns new rule with default attributes +func NewAwsBackupVaultNotificationsInvalidBackupVaultNameRule() *AwsBackupVaultNotificationsInvalidBackupVaultNameRule { + return &AwsBackupVaultNotificationsInvalidBackupVaultNameRule{ + resourceType: "aws_backup_vault_notifications", + attributeName: "backup_vault_name", + pattern: regexp.MustCompile(`^[a-zA-Z0-9\-\_]{2,50}$`), + } +} + +// Name returns the rule name +func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Name() string { + return "aws_backup_vault_notifications_invalid_backup_vault_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsBackupVaultNotificationsInvalidBackupVaultNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9\-\_]{2,50}$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_backup_vault_policy_invalid_backup_vault_name.go b/rules/models/aws_backup_vault_policy_invalid_backup_vault_name.go new file mode 100644 index 00000000..270312a2 --- /dev/null +++ b/rules/models/aws_backup_vault_policy_invalid_backup_vault_name.go @@ -0,0 +1,69 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsBackupVaultPolicyInvalidBackupVaultNameRule checks the pattern is valid +type AwsBackupVaultPolicyInvalidBackupVaultNameRule struct { + resourceType string + attributeName string + pattern *regexp.Regexp +} + +// NewAwsBackupVaultPolicyInvalidBackupVaultNameRule returns new rule with default attributes +func NewAwsBackupVaultPolicyInvalidBackupVaultNameRule() *AwsBackupVaultPolicyInvalidBackupVaultNameRule { + return &AwsBackupVaultPolicyInvalidBackupVaultNameRule{ + resourceType: "aws_backup_vault_policy", + attributeName: "backup_vault_name", + pattern: regexp.MustCompile(`^[a-zA-Z0-9\-\_]{2,50}$`), + } +} + +// Name returns the rule name +func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Name() string { + return "aws_backup_vault_policy_invalid_backup_vault_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsBackupVaultPolicyInvalidBackupVaultNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9\-\_]{2,50}$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/mappings/backup.hcl b/rules/models/mappings/backup.hcl index b28ed1ad..f18df57a 100644 --- a/rules/models/mappings/backup.hcl +++ b/rules/models/mappings/backup.hcl @@ -8,6 +8,20 @@ mapping "aws_backup_vault" { name = BackupVaultName } +mapping "aws_backup_vault_lock_configuration" { + backup_vault_name = BackupVaultName +} + +mapping "aws_backup_vault_notifications" { + backup_vault_name = BackupVaultName + sns_topic_arn = ARN + backup_vault_events = BackupVaultEvents +} + +mapping "aws_backup_vault_policy" { + backup_vault_name = BackupVaultName +} + test "aws_backup_selection" "name" { ok = "tf_example_backup_selection" ng = "tf_example_backup_selection_tf_example_backup_selection" diff --git a/rules/models/provider.go b/rules/models/provider.go index 8c609dec..94471cfb 100644 --- a/rules/models/provider.go +++ b/rules/models/provider.go @@ -170,6 +170,9 @@ var Rules = []tflint.Rule{ NewAwsAthenaWorkgroupInvalidStateRule(), NewAwsBackupSelectionInvalidNameRule(), NewAwsBackupVaultInvalidNameRule(), + NewAwsBackupVaultLockConfigurationInvalidBackupVaultNameRule(), + NewAwsBackupVaultNotificationsInvalidBackupVaultNameRule(), + NewAwsBackupVaultPolicyInvalidBackupVaultNameRule(), NewAwsBatchComputeEnvironmentInvalidStateRule(), NewAwsBatchComputeEnvironmentInvalidTypeRule(), NewAwsBatchJobDefinitionInvalidTypeRule(),