terraform-linters · bendrucker · Dec 22, 2021 · Dec 20, 2021 · Dec 22, 2021 · Dec 22, 2021
diff --git a/aws/mock/ec2.go b/aws/mock/ec2.go
diff --git a/docs/rules/README.md b/docs/rules/README.md
@@ -483,8 +483,10 @@ These rules enforce best practices and naming conventions:
 |aws_instance_invalid_instance_initiated_shutdown_behavior|✔|
 |aws_instance_invalid_tenancy|✔|
 |aws_instance_invalid_type|✔|
+|aws_iot_certificate_invalid_csr|✔|
 |aws_iot_policy_attachment_invalid_policy|✔|
 |aws_iot_policy_invalid_name|✔|
+|aws_iot_policy_invalid_policy|✔|
 |aws_iot_role_alias_invalid_alias|✔|
 |aws_iot_role_alias_invalid_role_arn|✔|
 |aws_iot_thing_invalid_name|✔|

diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.17
 
 require (
 	github.com/agext/levenshtein v1.2.2 // indirect
-	github.com/aws/aws-sdk-go v1.42.19
+	github.com/aws/aws-sdk-go v1.42.23
 	github.com/dave/dst v0.26.2
 	github.com/fatih/color v1.9.0 // indirect
 	github.com/golang/mock v1.6.0
@@ -50,7 +50,7 @@ require (
 	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
 	github.com/vmihailenco/tagparser v0.1.1 // indirect
 	golang.org/x/mod v0.4.2 // indirect
-	golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect
+	golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
 	golang.org/x/sys v0.0.0-20210510120138-977fb7262007 // indirect
 	golang.org/x/text v0.3.6 // indirect
 	golang.org/x/tools v0.1.1 // indirect

diff --git a/go.sum b/go.sum
@@ -10,8 +10,8 @@ github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.42.19 h1:L/aM1QwsqVia9qIqexTHwYN+lgLYuOtf11VDgz0YIyw=
-github.com/aws/aws-sdk-go v1.42.19/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
+github.com/aws/aws-sdk-go v1.42.23 h1:V0V5hqMEyVelgpu1e4gMPVCJ+KhmscdNxP/NWP1iCOA=
+github.com/aws/aws-sdk-go v1.42.23/go.mod h1:gyRszuZ/icHmHAVE4gc/r+cfCmhA1AD+vqfWbgI+eHs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@@ -202,8 +202,8 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q=
-golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

diff --git a/rules/models/aws-sdk-go b/rules/models/aws-sdk-go
diff --git a/rules/models/aws_iot_certificate_invalid_csr.go b/rules/models/aws_iot_certificate_invalid_csr.go
@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsIotCertificateInvalidCsrRule checks the pattern is valid
+type AwsIotCertificateInvalidCsrRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsIotCertificateInvalidCsrRule returns new rule with default attributes
+func NewAwsIotCertificateInvalidCsrRule() *AwsIotCertificateInvalidCsrRule {
+	return &AwsIotCertificateInvalidCsrRule{
+		resourceType:  "aws_iot_certificate",
+		attributeName: "csr",
+		max:           4096,
+		min:           1,
+		pattern:       regexp.MustCompile(`^[\s\S]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsIotCertificateInvalidCsrRule) Name() string {
+	return "aws_iot_certificate_invalid_csr"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsIotCertificateInvalidCsrRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsIotCertificateInvalidCsrRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsIotCertificateInvalidCsrRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsIotCertificateInvalidCsrRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"csr must be 4096 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"csr must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\s\S]*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/aws_iot_policy_invalid_policy.go b/rules/models/aws_iot_policy_invalid_policy.go
@@ -0,0 +1,78 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsIotPolicyInvalidPolicyRule checks the pattern is valid
+type AwsIotPolicyInvalidPolicyRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsIotPolicyInvalidPolicyRule returns new rule with default attributes
+func NewAwsIotPolicyInvalidPolicyRule() *AwsIotPolicyInvalidPolicyRule {
+	return &AwsIotPolicyInvalidPolicyRule{
+		resourceType:  "aws_iot_policy",
+		attributeName: "policy",
+		max:           404600,
+		pattern:       regexp.MustCompile(`^[\s\S]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsIotPolicyInvalidPolicyRule) Name() string {
+	return "aws_iot_policy_invalid_policy"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsIotPolicyInvalidPolicyRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsIotPolicyInvalidPolicyRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsIotPolicyInvalidPolicyRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsIotPolicyInvalidPolicyRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"policy must be 404600 characters or less",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\s\S]*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/aws_route53_health_check_invalid_cloudwatch_alarm_region.go b/rules/models/aws_route53_health_check_invalid_cloudwatch_alarm_region.go
@@ -41,6 +41,7 @@ func NewAwsRoute53HealthCheckInvalidCloudwatchAlarmRegionRule() *AwsRoute53Healt
 			"ap-south-1",
 			"ap-southeast-1",
 			"ap-southeast-2",
+			"ap-southeast-3",
 			"ap-northeast-1",
 			"ap-northeast-2",
 			"ap-northeast-3",
@@ -53,6 +54,7 @@ func NewAwsRoute53HealthCheckInvalidCloudwatchAlarmRegionRule() *AwsRoute53Healt
 			"us-gov-west-1",
 			"us-gov-east-1",
 			"us-iso-east-1",
+			"us-iso-west-1",
 			"us-isob-east-1",
 		},
 	}

diff --git a/rules/models/aws_route53_zone_association_invalid_vpc_region.go b/rules/models/aws_route53_zone_association_invalid_vpc_region.go
@@ -40,9 +40,11 @@ func NewAwsRoute53ZoneAssociationInvalidVpcRegionRule() *AwsRoute53ZoneAssociati
 			"us-gov-west-1",
 			"us-gov-east-1",
 			"us-iso-east-1",
+			"us-iso-west-1",
 			"us-isob-east-1",
 			"ap-southeast-1",
 			"ap-southeast-2",
+			"ap-southeast-3",
 			"ap-south-1",
 			"ap-northeast-1",
 			"ap-northeast-2",

diff --git a/rules/models/provider.go b/rules/models/provider.go
@@ -421,8 +421,10 @@ var Rules = []tflint.Rule{
 	NewAwsInstanceInvalidInstanceInitiatedShutdownBehaviorRule(),
 	NewAwsInstanceInvalidTenancyRule(),
 	NewAwsInstanceInvalidTypeRule(),
+	NewAwsIotCertificateInvalidCsrRule(),
 	NewAwsIotPolicyAttachmentInvalidPolicyRule(),
 	NewAwsIotPolicyInvalidNameRule(),
+	NewAwsIotPolicyInvalidPolicyRule(),
 	NewAwsIotRoleAliasInvalidAliasRule(),
 	NewAwsIotRoleAliasInvalidRoleArnRule(),
 	NewAwsIotThingInvalidNameRule(),