From 1cb22da2ce1fc84528d9f7bf7b8d716aa8d6561e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Dec 2021 03:06:04 +0000 Subject: [PATCH 1/4] Bump github.com/aws/aws-sdk-go from 1.42.19 to 1.42.23 Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.42.19 to 1.42.23. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.42.19...v1.42.23) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index e30b9ffd..c1e8ce52 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/agext/levenshtein v1.2.2 // indirect - github.com/aws/aws-sdk-go v1.42.19 + github.com/aws/aws-sdk-go v1.42.23 github.com/dave/dst v0.26.2 github.com/fatih/color v1.9.0 // indirect github.com/golang/mock v1.6.0 @@ -50,7 +50,7 @@ require ( github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect github.com/vmihailenco/tagparser v0.1.1 // indirect golang.org/x/mod v0.4.2 // indirect - golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect + golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect golang.org/x/sys v0.0.0-20210510120138-977fb7262007 // indirect golang.org/x/text v0.3.6 // indirect golang.org/x/tools v0.1.1 // indirect diff --git a/go.sum b/go.sum index d981f7ca..581538fa 100644 --- a/go.sum +++ b/go.sum @@ -10,8 +10,8 @@ github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.42.19 h1:L/aM1QwsqVia9qIqexTHwYN+lgLYuOtf11VDgz0YIyw= -github.com/aws/aws-sdk-go v1.42.19/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= +github.com/aws/aws-sdk-go v1.42.23 h1:V0V5hqMEyVelgpu1e4gMPVCJ+KhmscdNxP/NWP1iCOA= +github.com/aws/aws-sdk-go v1.42.23/go.mod h1:gyRszuZ/icHmHAVE4gc/r+cfCmhA1AD+vqfWbgI+eHs= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -202,8 +202,8 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= +golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 05cfb4e6f0461951aeda23c953a6566fc24cb553 Mon Sep 17 00:00:00 2001 From: Ben Drucker Date: Wed, 22 Dec 2021 03:35:37 +0000 Subject: [PATCH 2/4] go generate --- aws/mock/ec2.go | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/aws/mock/ec2.go b/aws/mock/ec2.go index 88eae181..6ffe2bf3 100644 --- a/aws/mock/ec2.go +++ b/aws/mock/ec2.go @@ -30026,6 +30026,39 @@ func (mr *MockEC2APIMockRecorder) WaitUntilInstanceTerminatedWithContext(arg0, a return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WaitUntilInstanceTerminatedWithContext", reflect.TypeOf((*MockEC2API)(nil).WaitUntilInstanceTerminatedWithContext), varargs...) } +// WaitUntilInternetGatewayExists mocks base method. +func (m *MockEC2API) WaitUntilInternetGatewayExists(arg0 *ec2.DescribeInternetGatewaysInput) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "WaitUntilInternetGatewayExists", arg0) + ret0, _ := ret[0].(error) + return ret0 +} + +// WaitUntilInternetGatewayExists indicates an expected call of WaitUntilInternetGatewayExists. +func (mr *MockEC2APIMockRecorder) WaitUntilInternetGatewayExists(arg0 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WaitUntilInternetGatewayExists", reflect.TypeOf((*MockEC2API)(nil).WaitUntilInternetGatewayExists), arg0) +} + +// WaitUntilInternetGatewayExistsWithContext mocks base method. +func (m *MockEC2API) WaitUntilInternetGatewayExistsWithContext(arg0 context.Context, arg1 *ec2.DescribeInternetGatewaysInput, arg2 ...request.WaiterOption) error { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "WaitUntilInternetGatewayExistsWithContext", varargs...) + ret0, _ := ret[0].(error) + return ret0 +} + +// WaitUntilInternetGatewayExistsWithContext indicates an expected call of WaitUntilInternetGatewayExistsWithContext. +func (mr *MockEC2APIMockRecorder) WaitUntilInternetGatewayExistsWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WaitUntilInternetGatewayExistsWithContext", reflect.TypeOf((*MockEC2API)(nil).WaitUntilInternetGatewayExistsWithContext), varargs...) +} + // WaitUntilKeyPairExists mocks base method. func (m *MockEC2API) WaitUntilKeyPairExists(arg0 *ec2.DescribeKeyPairsInput) error { m.ctrl.T.Helper() From 66762b134ed667026501536ced0662e2235eb6df Mon Sep 17 00:00:00 2001 From: Ben Drucker Date: Wed, 22 Dec 2021 03:38:21 +0000 Subject: [PATCH 3/4] update aws-sdk-go submodule --- rules/models/aws-sdk-go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/models/aws-sdk-go b/rules/models/aws-sdk-go index 35cb1cbd..7f5088c6 160000 --- a/rules/models/aws-sdk-go +++ b/rules/models/aws-sdk-go @@ -1 +1 @@ -Subproject commit 35cb1cbdd2ddac29d2fc6c69a4bd460cc31a7096 +Subproject commit 7f5088c6be69a66f780eae8d1018a18a369bf9a7 From b77892c2b37d41d0a6ac9c0638867d3a4f0a4c82 Mon Sep 17 00:00:00 2001 From: Ben Drucker Date: Wed, 22 Dec 2021 03:39:24 +0000 Subject: [PATCH 4/4] go generate --- docs/rules/README.md | 2 + .../models/aws_iot_certificate_invalid_csr.go | 87 +++++++++++++++++++ rules/models/aws_iot_policy_invalid_policy.go | 78 +++++++++++++++++ ...h_check_invalid_cloudwatch_alarm_region.go | 2 + ...e53_zone_association_invalid_vpc_region.go | 2 + rules/models/provider.go | 2 + 6 files changed, 173 insertions(+) create mode 100644 rules/models/aws_iot_certificate_invalid_csr.go create mode 100644 rules/models/aws_iot_policy_invalid_policy.go diff --git a/docs/rules/README.md b/docs/rules/README.md index 507d6ebc..0f7b9e4b 100644 --- a/docs/rules/README.md +++ b/docs/rules/README.md @@ -483,8 +483,10 @@ These rules enforce best practices and naming conventions: |aws_instance_invalid_instance_initiated_shutdown_behavior|✔| |aws_instance_invalid_tenancy|✔| |aws_instance_invalid_type|✔| +|aws_iot_certificate_invalid_csr|✔| |aws_iot_policy_attachment_invalid_policy|✔| |aws_iot_policy_invalid_name|✔| +|aws_iot_policy_invalid_policy|✔| |aws_iot_role_alias_invalid_alias|✔| |aws_iot_role_alias_invalid_role_arn|✔| |aws_iot_thing_invalid_name|✔| diff --git a/rules/models/aws_iot_certificate_invalid_csr.go b/rules/models/aws_iot_certificate_invalid_csr.go new file mode 100644 index 00000000..2e5bca83 --- /dev/null +++ b/rules/models/aws_iot_certificate_invalid_csr.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsIotCertificateInvalidCsrRule checks the pattern is valid +type AwsIotCertificateInvalidCsrRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsIotCertificateInvalidCsrRule returns new rule with default attributes +func NewAwsIotCertificateInvalidCsrRule() *AwsIotCertificateInvalidCsrRule { + return &AwsIotCertificateInvalidCsrRule{ + resourceType: "aws_iot_certificate", + attributeName: "csr", + max: 4096, + min: 1, + pattern: regexp.MustCompile(`^[\s\S]*$`), + } +} + +// Name returns the rule name +func (r *AwsIotCertificateInvalidCsrRule) Name() string { + return "aws_iot_certificate_invalid_csr" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsIotCertificateInvalidCsrRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsIotCertificateInvalidCsrRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsIotCertificateInvalidCsrRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsIotCertificateInvalidCsrRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "csr must be 4096 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "csr must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\s\S]*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_iot_policy_invalid_policy.go b/rules/models/aws_iot_policy_invalid_policy.go new file mode 100644 index 00000000..8fff0b5e --- /dev/null +++ b/rules/models/aws_iot_policy_invalid_policy.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsIotPolicyInvalidPolicyRule checks the pattern is valid +type AwsIotPolicyInvalidPolicyRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsIotPolicyInvalidPolicyRule returns new rule with default attributes +func NewAwsIotPolicyInvalidPolicyRule() *AwsIotPolicyInvalidPolicyRule { + return &AwsIotPolicyInvalidPolicyRule{ + resourceType: "aws_iot_policy", + attributeName: "policy", + max: 404600, + pattern: regexp.MustCompile(`^[\s\S]*$`), + } +} + +// Name returns the rule name +func (r *AwsIotPolicyInvalidPolicyRule) Name() string { + return "aws_iot_policy_invalid_policy" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsIotPolicyInvalidPolicyRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsIotPolicyInvalidPolicyRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsIotPolicyInvalidPolicyRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsIotPolicyInvalidPolicyRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "policy must be 404600 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\s\S]*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_route53_health_check_invalid_cloudwatch_alarm_region.go b/rules/models/aws_route53_health_check_invalid_cloudwatch_alarm_region.go index be266cc8..39794b0e 100644 --- a/rules/models/aws_route53_health_check_invalid_cloudwatch_alarm_region.go +++ b/rules/models/aws_route53_health_check_invalid_cloudwatch_alarm_region.go @@ -41,6 +41,7 @@ func NewAwsRoute53HealthCheckInvalidCloudwatchAlarmRegionRule() *AwsRoute53Healt "ap-south-1", "ap-southeast-1", "ap-southeast-2", + "ap-southeast-3", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", @@ -53,6 +54,7 @@ func NewAwsRoute53HealthCheckInvalidCloudwatchAlarmRegionRule() *AwsRoute53Healt "us-gov-west-1", "us-gov-east-1", "us-iso-east-1", + "us-iso-west-1", "us-isob-east-1", }, } diff --git a/rules/models/aws_route53_zone_association_invalid_vpc_region.go b/rules/models/aws_route53_zone_association_invalid_vpc_region.go index 77b3409d..ff189cee 100644 --- a/rules/models/aws_route53_zone_association_invalid_vpc_region.go +++ b/rules/models/aws_route53_zone_association_invalid_vpc_region.go @@ -40,9 +40,11 @@ func NewAwsRoute53ZoneAssociationInvalidVpcRegionRule() *AwsRoute53ZoneAssociati "us-gov-west-1", "us-gov-east-1", "us-iso-east-1", + "us-iso-west-1", "us-isob-east-1", "ap-southeast-1", "ap-southeast-2", + "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", diff --git a/rules/models/provider.go b/rules/models/provider.go index 8dea368b..db20e6d8 100644 --- a/rules/models/provider.go +++ b/rules/models/provider.go @@ -421,8 +421,10 @@ var Rules = []tflint.Rule{ NewAwsInstanceInvalidInstanceInitiatedShutdownBehaviorRule(), NewAwsInstanceInvalidTenancyRule(), NewAwsInstanceInvalidTypeRule(), + NewAwsIotCertificateInvalidCsrRule(), NewAwsIotPolicyAttachmentInvalidPolicyRule(), NewAwsIotPolicyInvalidNameRule(), + NewAwsIotPolicyInvalidPolicyRule(), NewAwsIotRoleAliasInvalidAliasRule(), NewAwsIotRoleAliasInvalidRoleArnRule(), NewAwsIotThingInvalidNameRule(),