From ab27152473bfc5c6e13367f0cb67a2ad287fbf49 Mon Sep 17 00:00:00 2001 From: Matthias Kay Date: Thu, 12 Dec 2024 11:12:07 +0100 Subject: [PATCH] fix: Or aws_iam_policy_attachment_exclusive_attachment may be better. I prefer names that are descriptive of what issue we are warning about. Additionally, the prefix should preferably match the resource name. What do you think? --- docs/rules/README.md | 2 +- ...policy_attachment_exclusive_attachment.md} | 4 ++-- ...policy_attachment_exclusive_attachment.go} | 22 +++++++++---------- ...y_attachment_exclusive_attachment_test.go} | 6 ++--- rules/provider.go | 2 +- 5 files changed, 18 insertions(+), 18 deletions(-) rename docs/rules/{aws_iam_policy_attachment_has_alternatives.md => aws_iam_policy_attachment_exclusive_attachment.md} (92%) rename rules/{aws_iam_policy_attachment_has_alternatives.go => aws_iam_policy_attachment_exclusive_attachment.go} (58%) rename rules/{aws_iam_policy_attachment_has_alternatives_test.go => aws_iam_policy_attachment_exclusive_attachment_test.go} (85%) diff --git a/docs/rules/README.md b/docs/rules/README.md index 1d18f293..55562d00 100644 --- a/docs/rules/README.md +++ b/docs/rules/README.md @@ -68,7 +68,7 @@ These rules enforce best practices and naming conventions: |[aws_elasticache_replication_group_previous_type](aws_elasticache_replication_group_previous_type.md)|Disallow using previous node types|✔| |[aws_elasticache_replication_group_default_parameter_group](aws_elasticache_replication_group_default_parameter_group.md)|Disallow using default parameter group|✔| |[aws_instance_previous_type](aws_instance_previous_type.md)|Disallow using previous generation instance types|✔| -|[aws_iam_policy_attachment_has_alternatives](aws_iam_policy_attachment_has_alternatives.md)|Consider alternative resources to `aws_iam_policy_attachment`|| +|[aws_iam_policy_attachment_has_alternatives](aws_iam_policy_attachment_exclusive_attachment)|Consider alternative resources to `aws_iam_policy_attachment`|| |[aws_iam_policy_document_gov_friendly_arns](aws_iam_policy_document_gov_friendly_arns.md)|Ensure `iam_policy_document` data sources do not contain `arn:aws:` ARN's|| |[aws_iam_policy_gov_friendly_arns](aws_iam_policy_gov_friendly_arns.md)|Ensure `iam_policy` resources do not contain `arn:aws:` ARN's|| |[aws_iam_role_policy_gov_friendly_arns](aws_iam_role_policy_gov_friendly_arns.md)|Ensure `iam_role_policy` resources do not contain `arn:aws:` ARN's|| diff --git a/docs/rules/aws_iam_policy_attachment_has_alternatives.md b/docs/rules/aws_iam_policy_attachment_exclusive_attachment.md similarity index 92% rename from docs/rules/aws_iam_policy_attachment_has_alternatives.md rename to docs/rules/aws_iam_policy_attachment_exclusive_attachment.md index 82b870d1..642cd6b1 100644 --- a/docs/rules/aws_iam_policy_attachment_has_alternatives.md +++ b/docs/rules/aws_iam_policy_attachment_exclusive_attachment.md @@ -1,11 +1,11 @@ -# aws_iam_policy_attachment_has_alternatives +# aws_iam_policy_attachment_exclusive_attachment Consider alternative resources to `aws_iam_policy_attachment`. ## Configuration ```hcl -rule "aws_iam_policy_attachment_has_alternatives" { +rule "aws_iam_policy_attachment_exclusive_attachment" { enabled = true } ``` diff --git a/rules/aws_iam_policy_attachment_has_alternatives.go b/rules/aws_iam_policy_attachment_exclusive_attachment.go similarity index 58% rename from rules/aws_iam_policy_attachment_has_alternatives.go rename to rules/aws_iam_policy_attachment_exclusive_attachment.go index 084320ca..0c3e383a 100644 --- a/rules/aws_iam_policy_attachment_has_alternatives.go +++ b/rules/aws_iam_policy_attachment_exclusive_attachment.go @@ -6,44 +6,44 @@ import ( "github.com/terraform-linters/tflint-ruleset-aws/project" ) -// AwsIAMPolicyAttachmentHasAlternativesRule warns that the resource has alternatives recommended -type AwsIAMPolicyAttachmentHasAlternativesRule struct { +// AwsIAMPolicyAttachmentExclusiveAttachmentRule warns that the resource has alternatives recommended +type AwsIAMPolicyAttachmentExclusiveAttachmentRule struct { tflint.DefaultRule resourceType string attributeName string } -// AwsIAMPolicyAttachmentHasAlternativesRule returns new rule with default attributes -func NewAwsIAMPolicyAttachmentHasAlternativesRule() *AwsIAMPolicyAttachmentHasAlternativesRule { - return &AwsIAMPolicyAttachmentHasAlternativesRule{ +// AwsIAMPolicyAttachmentExclusiveAttachmentRule returns new rule with default attributes +func NewAwsIAMPolicyAttachmentExclusiveAttachmentRule() *AwsIAMPolicyAttachmentExclusiveAttachmentRule { + return &AwsIAMPolicyAttachmentExclusiveAttachmentRule{ resourceType: "aws_iam_policy_attachment", attributeName: "name", } } // Name returns the rule name -func (r *AwsIAMPolicyAttachmentHasAlternativesRule) Name() string { - return "aws_iam_policy_attachment_has_alternatives" +func (r *AwsIAMPolicyAttachmentExclusiveAttachmentRule) Name() string { + return "aws_iam_policy_attachment_exclusive_attachment" } // Enabled returns whether the rule is enabled by default -func (r *AwsIAMPolicyAttachmentHasAlternativesRule) Enabled() bool { +func (r *AwsIAMPolicyAttachmentExclusiveAttachmentRule) Enabled() bool { return false } // Severity returns the rule severity -func (r *AwsIAMPolicyAttachmentHasAlternativesRule) Severity() tflint.Severity { +func (r *AwsIAMPolicyAttachmentExclusiveAttachmentRule) Severity() tflint.Severity { return tflint.WARNING } // Link returns the rule reference link -func (r *AwsIAMPolicyAttachmentHasAlternativesRule) Link() string { +func (r *AwsIAMPolicyAttachmentExclusiveAttachmentRule) Link() string { return project.ReferenceLink(r.Name()) } // Check checks the length of the policy -func (r *AwsIAMPolicyAttachmentHasAlternativesRule) Check(runner tflint.Runner) error { +func (r *AwsIAMPolicyAttachmentExclusiveAttachmentRule) Check(runner tflint.Runner) error { resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, }, nil) diff --git a/rules/aws_iam_policy_attachment_has_alternatives_test.go b/rules/aws_iam_policy_attachment_exclusive_attachment_test.go similarity index 85% rename from rules/aws_iam_policy_attachment_has_alternatives_test.go rename to rules/aws_iam_policy_attachment_exclusive_attachment_test.go index 07b7575f..cc213614 100644 --- a/rules/aws_iam_policy_attachment_has_alternatives_test.go +++ b/rules/aws_iam_policy_attachment_exclusive_attachment_test.go @@ -9,7 +9,7 @@ import ( "github.com/terraform-linters/tflint-plugin-sdk/helper" ) -func Test_AwsIAMPolicyAttachmentHasAlternativesRule(t *testing.T) { +func Test_AwsIAMPolicyAttachmentExclusiveAttachmentRule(t *testing.T) { rand.Seed(time.Now().UnixNano()) cases := []struct { Name string @@ -25,7 +25,7 @@ resource "aws_iam_policy_attachment" "attachment" { `, Expected: helper.Issues{ { - Rule: NewAwsIAMPolicyAttachmentHasAlternativesRule(), + Rule: NewAwsIAMPolicyAttachmentExclusiveAttachmentRule(), Message: "Consider aws_iam_role_policy_attachment, aws_iam_user_policy_attachment, or aws_iam_group_policy_attachment instead.", Range: hcl.Range{ Filename: "resource.tf", @@ -46,7 +46,7 @@ resource "aws_iam_role_policy_attachment" "attachment" { }, } - rule := NewAwsIAMPolicyAttachmentHasAlternativesRule() + rule := NewAwsIAMPolicyAttachmentExclusiveAttachmentRule() for _, tc := range cases { runner := helper.TestRunner(t, map[string]string{"resource.tf": tc.Content}) diff --git a/rules/provider.go b/rules/provider.go index 0daed585..e1a52830 100644 --- a/rules/provider.go +++ b/rules/provider.go @@ -31,7 +31,7 @@ var manualRules = []tflint.Rule{ NewAwsElastiCacheReplicationGroupDefaultParameterGroupRule(), NewAwsElastiCacheReplicationGroupInvalidTypeRule(), NewAwsElastiCacheReplicationGroupPreviousTypeRule(), - NewAwsIAMPolicyAttachmentHasAlternativesRule(), + NewAwsIAMPolicyAttachmentExclusiveAttachmentRule(), NewAwsIAMPolicySidInvalidCharactersRule(), NewAwsIAMPolicyTooLongPolicyRule(), NewAwsLambdaFunctionDeprecatedRuntimeRule(),