diff --git a/docs/rules/README.md b/docs/rules/README.md index e6e23f69..dd6868b6 100644 --- a/docs/rules/README.md +++ b/docs/rules/README.md @@ -889,6 +889,10 @@ These rules enforce best practices and naming conventions: |aws_organizations_policy_invalid_name|✔| |aws_organizations_policy_invalid_type|✔| |aws_placement_group_invalid_strategy|✔| +|aws_prometheus_alert_manager_definition_invalid_workspace_id|✔| +|aws_prometheus_rule_group_namespace_invalid_name|✔| +|aws_prometheus_rule_group_namespace_invalid_workspace_id|✔| +|aws_prometheus_workspace_invalid_alias|✔| |aws_quicksight_group_invalid_aws_account_id|✔| |aws_quicksight_group_invalid_description|✔| |aws_quicksight_group_invalid_group_name|✔| diff --git a/rules/models/aws_prometheus_alert_manager_definition_invalid_workspace_id.go b/rules/models/aws_prometheus_alert_manager_definition_invalid_workspace_id.go new file mode 100644 index 00000000..aaa146b2 --- /dev/null +++ b/rules/models/aws_prometheus_alert_manager_definition_invalid_workspace_id.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule checks the pattern is valid +type AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule returns new rule with default attributes +func NewAwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule() *AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule { + return &AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule{ + resourceType: "aws_prometheus_alert_manager_definition", + attributeName: "workspace_id", + max: 64, + min: 1, + pattern: regexp.MustCompile(`^[0-9A-Za-z][-.0-9A-Z_a-z]*$`), + } +} + +// Name returns the rule name +func (r *AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule) Name() string { + return "aws_prometheus_alert_manager_definition_invalid_workspace_id" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "workspace_id must be 64 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "workspace_id must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[0-9A-Za-z][-.0-9A-Z_a-z]*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_prometheus_rule_group_namespace_invalid_name.go b/rules/models/aws_prometheus_rule_group_namespace_invalid_name.go new file mode 100644 index 00000000..168846c9 --- /dev/null +++ b/rules/models/aws_prometheus_rule_group_namespace_invalid_name.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsPrometheusRuleGroupNamespaceInvalidNameRule checks the pattern is valid +type AwsPrometheusRuleGroupNamespaceInvalidNameRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsPrometheusRuleGroupNamespaceInvalidNameRule returns new rule with default attributes +func NewAwsPrometheusRuleGroupNamespaceInvalidNameRule() *AwsPrometheusRuleGroupNamespaceInvalidNameRule { + return &AwsPrometheusRuleGroupNamespaceInvalidNameRule{ + resourceType: "aws_prometheus_rule_group_namespace", + attributeName: "name", + max: 64, + min: 1, + pattern: regexp.MustCompile(`^[0-9A-Za-z][-.0-9A-Z_a-z]*$`), + } +} + +// Name returns the rule name +func (r *AwsPrometheusRuleGroupNamespaceInvalidNameRule) Name() string { + return "aws_prometheus_rule_group_namespace_invalid_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsPrometheusRuleGroupNamespaceInvalidNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsPrometheusRuleGroupNamespaceInvalidNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsPrometheusRuleGroupNamespaceInvalidNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsPrometheusRuleGroupNamespaceInvalidNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "name must be 64 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "name must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[0-9A-Za-z][-.0-9A-Z_a-z]*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_prometheus_rule_group_namespace_invalid_workspace_id.go b/rules/models/aws_prometheus_rule_group_namespace_invalid_workspace_id.go new file mode 100644 index 00000000..1639f653 --- /dev/null +++ b/rules/models/aws_prometheus_rule_group_namespace_invalid_workspace_id.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule checks the pattern is valid +type AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule returns new rule with default attributes +func NewAwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule() *AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule { + return &AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule{ + resourceType: "aws_prometheus_rule_group_namespace", + attributeName: "workspace_id", + max: 64, + min: 1, + pattern: regexp.MustCompile(`^[0-9A-Za-z][-.0-9A-Z_a-z]*$`), + } +} + +// Name returns the rule name +func (r *AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule) Name() string { + return "aws_prometheus_rule_group_namespace_invalid_workspace_id" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "workspace_id must be 64 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "workspace_id must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[0-9A-Za-z][-.0-9A-Z_a-z]*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_prometheus_workspace_invalid_alias.go b/rules/models/aws_prometheus_workspace_invalid_alias.go new file mode 100644 index 00000000..3ee504d5 --- /dev/null +++ b/rules/models/aws_prometheus_workspace_invalid_alias.go @@ -0,0 +1,76 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "log" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsPrometheusWorkspaceInvalidAliasRule checks the pattern is valid +type AwsPrometheusWorkspaceInvalidAliasRule struct { + resourceType string + attributeName string + max int + min int +} + +// NewAwsPrometheusWorkspaceInvalidAliasRule returns new rule with default attributes +func NewAwsPrometheusWorkspaceInvalidAliasRule() *AwsPrometheusWorkspaceInvalidAliasRule { + return &AwsPrometheusWorkspaceInvalidAliasRule{ + resourceType: "aws_prometheus_workspace", + attributeName: "alias", + max: 100, + min: 1, + } +} + +// Name returns the rule name +func (r *AwsPrometheusWorkspaceInvalidAliasRule) Name() string { + return "aws_prometheus_workspace_invalid_alias" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsPrometheusWorkspaceInvalidAliasRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsPrometheusWorkspaceInvalidAliasRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsPrometheusWorkspaceInvalidAliasRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsPrometheusWorkspaceInvalidAliasRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "alias must be 100 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "alias must be 1 characters or higher", + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/mappings/prometheus.hcl b/rules/models/mappings/prometheus.hcl new file mode 100644 index 00000000..3dfd302e --- /dev/null +++ b/rules/models/mappings/prometheus.hcl @@ -0,0 +1,16 @@ +import = "aws-sdk-go/models/apis/amp/2020-08-01/api-2.json" + +mapping "aws_prometheus_alert_manager_definition" { + workspace_id = WorkspaceId + definition = AlertManagerDefinitionData +} + +mapping "aws_prometheus_rule_group_namespace" { + name = RuleGroupsNamespaceName + workspace_id = WorkspaceId + data = RuleGroupsNamespaceData +} + +mapping "aws_prometheus_workspace" { + alias = WorkspaceAlias +} diff --git a/rules/models/provider.go b/rules/models/provider.go index ceace121..497b56ff 100644 --- a/rules/models/provider.go +++ b/rules/models/provider.go @@ -817,6 +817,10 @@ var Rules = []tflint.Rule{ NewAwsOrganizationsPolicyInvalidNameRule(), NewAwsOrganizationsPolicyInvalidTypeRule(), NewAwsPlacementGroupInvalidStrategyRule(), + NewAwsPrometheusAlertManagerDefinitionInvalidWorkspaceIDRule(), + NewAwsPrometheusRuleGroupNamespaceInvalidNameRule(), + NewAwsPrometheusRuleGroupNamespaceInvalidWorkspaceIDRule(), + NewAwsPrometheusWorkspaceInvalidAliasRule(), NewAwsQuicksightGroupInvalidAwsAccountIDRule(), NewAwsQuicksightGroupInvalidDescriptionRule(), NewAwsQuicksightGroupInvalidGroupNameRule(),