diff --git a/docs/rules/README.md b/docs/rules/README.md index b5d5633e..c994f1e4 100644 --- a/docs/rules/README.md +++ b/docs/rules/README.md @@ -461,10 +461,20 @@ These rules enforce best practices and naming conventions: |aws_datasync_agent_invalid_name|✔| |aws_datasync_location_efs_invalid_efs_file_system_arn|✔| |aws_datasync_location_efs_invalid_subdirectory|✔| +|aws_datasync_location_fsx_windows_file_system_invalid_domain|✔| +|aws_datasync_location_fsx_windows_file_system_invalid_fsx_filesystem_arn|✔| +|aws_datasync_location_fsx_windows_file_system_invalid_password|✔| +|aws_datasync_location_fsx_windows_file_system_invalid_subdirectory|✔| +|aws_datasync_location_fsx_windows_file_system_invalid_user|✔| |aws_datasync_location_nfs_invalid_server_hostname|✔| |aws_datasync_location_nfs_invalid_subdirectory|✔| |aws_datasync_location_s3_invalid_s3_bucket_arn|✔| |aws_datasync_location_s3_invalid_subdirectory|✔| +|aws_datasync_location_smb_invalid_domain|✔| +|aws_datasync_location_smb_invalid_password|✔| +|aws_datasync_location_smb_invalid_server_hostname|✔| +|aws_datasync_location_smb_invalid_subdirectory|✔| +|aws_datasync_location_smb_invalid_user|✔| |aws_datasync_task_invalid_cloudwatch_log_group_arn|✔| |aws_datasync_task_invalid_destination_location_arn|✔| |aws_datasync_task_invalid_name|✔| diff --git a/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_domain.go b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_domain.go new file mode 100644 index 00000000..bf682011 --- /dev/null +++ b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_domain.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule checks the pattern is valid +type AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule returns new rule with default attributes +func NewAwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule() *AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule { + return &AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule{ + resourceType: "aws_datasync_location_fsx_windows_file_system", + attributeName: "domain", + max: 253, + pattern: regexp.MustCompile(`^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule) Name() string { + return "aws_datasync_location_fsx_windows_file_system_invalid_domain" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "domain must be 253 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_fsx_filesystem_arn.go b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_fsx_filesystem_arn.go new file mode 100644 index 00000000..b7ec6e66 --- /dev/null +++ b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_fsx_filesystem_arn.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule checks the pattern is valid +type AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule returns new rule with default attributes +func NewAwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule() *AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule { + return &AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule{ + resourceType: "aws_datasync_location_fsx_windows_file_system", + attributeName: "fsx_filesystem_arn", + max: 128, + pattern: regexp.MustCompile(`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\-0-9]*:[0-9]{12}:file-system/fs-.*$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule) Name() string { + return "aws_datasync_location_fsx_windows_file_system_invalid_fsx_filesystem_arn" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "fsx_filesystem_arn must be 128 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\-0-9]*:[0-9]{12}:file-system/fs-.*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_password.go b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_password.go new file mode 100644 index 00000000..9980a311 --- /dev/null +++ b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_password.go @@ -0,0 +1,77 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule checks the pattern is valid +type AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule returns new rule with default attributes +func NewAwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule() *AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule { + return &AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule{ + resourceType: "aws_datasync_location_fsx_windows_file_system", + attributeName: "password", + max: 104, + pattern: regexp.MustCompile(`^.{0,104}$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule) Name() string { + return "aws_datasync_location_fsx_windows_file_system_invalid_password" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "password must be 104 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + `password does not match valid pattern ^.{0,104}$`, + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_subdirectory.go b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_subdirectory.go new file mode 100644 index 00000000..681ad444 --- /dev/null +++ b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_subdirectory.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule checks the pattern is valid +type AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule returns new rule with default attributes +func NewAwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule() *AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule { + return &AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule{ + resourceType: "aws_datasync_location_fsx_windows_file_system", + attributeName: "subdirectory", + max: 4096, + pattern: regexp.MustCompile(`^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule) Name() string { + return "aws_datasync_location_fsx_windows_file_system_invalid_subdirectory" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "subdirectory must be 4096 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_user.go b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_user.go new file mode 100644 index 00000000..ea6ac502 --- /dev/null +++ b/rules/models/aws_datasync_location_fsx_windows_file_system_invalid_user.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule checks the pattern is valid +type AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule returns new rule with default attributes +func NewAwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule() *AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule { + return &AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule{ + resourceType: "aws_datasync_location_fsx_windows_file_system", + attributeName: "user", + max: 104, + pattern: regexp.MustCompile(`^[^\x5B\x5D\\/:;|=,+*?]{1,104}$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule) Name() string { + return "aws_datasync_location_fsx_windows_file_system_invalid_user" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "user must be 104 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[^\x5B\x5D\\/:;|=,+*?]{1,104}$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_smb_invalid_domain.go b/rules/models/aws_datasync_location_smb_invalid_domain.go new file mode 100644 index 00000000..bcb5e646 --- /dev/null +++ b/rules/models/aws_datasync_location_smb_invalid_domain.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationSmbInvalidDomainRule checks the pattern is valid +type AwsDatasyncLocationSmbInvalidDomainRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationSmbInvalidDomainRule returns new rule with default attributes +func NewAwsDatasyncLocationSmbInvalidDomainRule() *AwsDatasyncLocationSmbInvalidDomainRule { + return &AwsDatasyncLocationSmbInvalidDomainRule{ + resourceType: "aws_datasync_location_smb", + attributeName: "domain", + max: 253, + pattern: regexp.MustCompile(`^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationSmbInvalidDomainRule) Name() string { + return "aws_datasync_location_smb_invalid_domain" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationSmbInvalidDomainRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationSmbInvalidDomainRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationSmbInvalidDomainRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationSmbInvalidDomainRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "domain must be 253 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^([A-Za-z0-9]+[A-Za-z0-9-.]*)*[A-Za-z0-9-]*[A-Za-z0-9]$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_smb_invalid_password.go b/rules/models/aws_datasync_location_smb_invalid_password.go new file mode 100644 index 00000000..2da00dfa --- /dev/null +++ b/rules/models/aws_datasync_location_smb_invalid_password.go @@ -0,0 +1,77 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationSmbInvalidPasswordRule checks the pattern is valid +type AwsDatasyncLocationSmbInvalidPasswordRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationSmbInvalidPasswordRule returns new rule with default attributes +func NewAwsDatasyncLocationSmbInvalidPasswordRule() *AwsDatasyncLocationSmbInvalidPasswordRule { + return &AwsDatasyncLocationSmbInvalidPasswordRule{ + resourceType: "aws_datasync_location_smb", + attributeName: "password", + max: 104, + pattern: regexp.MustCompile(`^.{0,104}$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationSmbInvalidPasswordRule) Name() string { + return "aws_datasync_location_smb_invalid_password" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationSmbInvalidPasswordRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationSmbInvalidPasswordRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationSmbInvalidPasswordRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationSmbInvalidPasswordRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "password must be 104 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + `password does not match valid pattern ^.{0,104}$`, + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_smb_invalid_server_hostname.go b/rules/models/aws_datasync_location_smb_invalid_server_hostname.go new file mode 100644 index 00000000..bca189bb --- /dev/null +++ b/rules/models/aws_datasync_location_smb_invalid_server_hostname.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationSmbInvalidServerHostnameRule checks the pattern is valid +type AwsDatasyncLocationSmbInvalidServerHostnameRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationSmbInvalidServerHostnameRule returns new rule with default attributes +func NewAwsDatasyncLocationSmbInvalidServerHostnameRule() *AwsDatasyncLocationSmbInvalidServerHostnameRule { + return &AwsDatasyncLocationSmbInvalidServerHostnameRule{ + resourceType: "aws_datasync_location_smb", + attributeName: "server_hostname", + max: 255, + pattern: regexp.MustCompile(`^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationSmbInvalidServerHostnameRule) Name() string { + return "aws_datasync_location_smb_invalid_server_hostname" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationSmbInvalidServerHostnameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationSmbInvalidServerHostnameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationSmbInvalidServerHostnameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationSmbInvalidServerHostnameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "server_hostname must be 255 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(([a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9\-]*[A-Za-z0-9])$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_smb_invalid_subdirectory.go b/rules/models/aws_datasync_location_smb_invalid_subdirectory.go new file mode 100644 index 00000000..77ac2f36 --- /dev/null +++ b/rules/models/aws_datasync_location_smb_invalid_subdirectory.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationSmbInvalidSubdirectoryRule checks the pattern is valid +type AwsDatasyncLocationSmbInvalidSubdirectoryRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationSmbInvalidSubdirectoryRule returns new rule with default attributes +func NewAwsDatasyncLocationSmbInvalidSubdirectoryRule() *AwsDatasyncLocationSmbInvalidSubdirectoryRule { + return &AwsDatasyncLocationSmbInvalidSubdirectoryRule{ + resourceType: "aws_datasync_location_smb", + attributeName: "subdirectory", + max: 4096, + pattern: regexp.MustCompile(`^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationSmbInvalidSubdirectoryRule) Name() string { + return "aws_datasync_location_smb_invalid_subdirectory" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationSmbInvalidSubdirectoryRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationSmbInvalidSubdirectoryRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationSmbInvalidSubdirectoryRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationSmbInvalidSubdirectoryRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "subdirectory must be 4096 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9_\-\+\./\(\)\$\p{Zs}]+$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_datasync_location_smb_invalid_user.go b/rules/models/aws_datasync_location_smb_invalid_user.go new file mode 100644 index 00000000..dbb98124 --- /dev/null +++ b/rules/models/aws_datasync_location_smb_invalid_user.go @@ -0,0 +1,78 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsDatasyncLocationSmbInvalidUserRule checks the pattern is valid +type AwsDatasyncLocationSmbInvalidUserRule struct { + resourceType string + attributeName string + max int + pattern *regexp.Regexp +} + +// NewAwsDatasyncLocationSmbInvalidUserRule returns new rule with default attributes +func NewAwsDatasyncLocationSmbInvalidUserRule() *AwsDatasyncLocationSmbInvalidUserRule { + return &AwsDatasyncLocationSmbInvalidUserRule{ + resourceType: "aws_datasync_location_smb", + attributeName: "user", + max: 104, + pattern: regexp.MustCompile(`^[^\x5B\x5D\\/:;|=,+*?]{1,104}$`), + } +} + +// Name returns the rule name +func (r *AwsDatasyncLocationSmbInvalidUserRule) Name() string { + return "aws_datasync_location_smb_invalid_user" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsDatasyncLocationSmbInvalidUserRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsDatasyncLocationSmbInvalidUserRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsDatasyncLocationSmbInvalidUserRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsDatasyncLocationSmbInvalidUserRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "user must be 104 characters or less", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[^\x5B\x5D\\/:;|=,+*?]{1,104}$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/mappings/datasync.hcl b/rules/models/mappings/datasync.hcl index 6e8848a0..a8724b44 100644 --- a/rules/models/mappings/datasync.hcl +++ b/rules/models/mappings/datasync.hcl @@ -13,6 +13,16 @@ mapping "aws_datasync_location_efs" { tags = InputTagList } +mapping "aws_datasync_location_fsx_windows_file_system" { + fsx_filesystem_arn = FsxFilesystemArn + password = SmbPassword + user = SmbUser + domain = SmbDomain + security_group_arns = Ec2SecurityGroupArnList + subdirectory = FsxWindowsSubdirectory + tags = InputTagList +} + mapping "aws_datasync_location_nfs" { on_prem_config = OnPremConfig server_hostname = ServerHostname @@ -27,6 +37,17 @@ mapping "aws_datasync_location_s3" { tags = InputTagList } +mapping "aws_datasync_location_smb" { + agent_arns = AgentArnList + domain = SmbDomain + mount_options = SmbMountOptions + password = SmbPassword + server_hostname = ServerHostname + subdirectory = SmbSubdirectory + tags = InputTagList + user = SmbUser +} + mapping "aws_datasync_task" { destination_location_arn = LocationArn source_location_arn = LocationArn diff --git a/rules/models/provider.go b/rules/models/provider.go index 53d3b302..f1a9c052 100644 --- a/rules/models/provider.go +++ b/rules/models/provider.go @@ -389,10 +389,20 @@ var Rules = []tflint.Rule{ NewAwsDatasyncAgentInvalidNameRule(), NewAwsDatasyncLocationEfsInvalidEfsFileSystemArnRule(), NewAwsDatasyncLocationEfsInvalidSubdirectoryRule(), + NewAwsDatasyncLocationFsxWindowsFileSystemInvalidDomainRule(), + NewAwsDatasyncLocationFsxWindowsFileSystemInvalidFsxFilesystemArnRule(), + NewAwsDatasyncLocationFsxWindowsFileSystemInvalidPasswordRule(), + NewAwsDatasyncLocationFsxWindowsFileSystemInvalidSubdirectoryRule(), + NewAwsDatasyncLocationFsxWindowsFileSystemInvalidUserRule(), NewAwsDatasyncLocationNfsInvalidServerHostnameRule(), NewAwsDatasyncLocationNfsInvalidSubdirectoryRule(), NewAwsDatasyncLocationS3InvalidS3BucketArnRule(), NewAwsDatasyncLocationS3InvalidSubdirectoryRule(), + NewAwsDatasyncLocationSmbInvalidDomainRule(), + NewAwsDatasyncLocationSmbInvalidPasswordRule(), + NewAwsDatasyncLocationSmbInvalidServerHostnameRule(), + NewAwsDatasyncLocationSmbInvalidSubdirectoryRule(), + NewAwsDatasyncLocationSmbInvalidUserRule(), NewAwsDatasyncTaskInvalidCloudwatchLogGroupArnRule(), NewAwsDatasyncTaskInvalidDestinationLocationArnRule(), NewAwsDatasyncTaskInvalidNameRule(),