mapping aws_guardduty (#261)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_filter
https://github.com/aws/aws-sdk-go/blob/main/models/apis/guardduty/2017-11-28/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -638,13 +638,20 @@ These rules enforce best practices and naming conventions:
 |aws_glue_trigger_invalid_type|✔|
 |aws_glue_user_defined_function_invalid_owner_type|✔|
 |aws_guardduty_detector_invalid_finding_publishing_frequency|✔|
+|aws_guardduty_filter_invalid_action|✔|
+|aws_guardduty_filter_invalid_description|✔|
+|aws_guardduty_filter_invalid_detector_id|✔|
+|aws_guardduty_filter_invalid_name|✔|
 |aws_guardduty_invite_accepter_invalid_detector_id|✔|
 |aws_guardduty_ipset_invalid_detector_id|✔|
 |aws_guardduty_ipset_invalid_format|✔|
 |aws_guardduty_ipset_invalid_location|✔|
 |aws_guardduty_ipset_invalid_name|✔|
 |aws_guardduty_member_invalid_detector_id|✔|
 |aws_guardduty_member_invalid_email|✔|
+|aws_guardduty_organization_configuration_invalid_detector_id|✔|
+|aws_guardduty_publishing_destination_invalid_destination_type|✔|
+|aws_guardduty_publishing_destination_invalid_detector_id|✔|
 |aws_guardduty_threatintelset_invalid_detector_id|✔|
 |aws_guardduty_threatintelset_invalid_format|✔|
 |aws_guardduty_threatintelset_invalid_location|✔|

rules/models/aws_guardduty_filter_invalid_action.go

@@ -0,0 +1,95 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsGuarddutyFilterInvalidActionRule checks the pattern is valid
+type AwsGuarddutyFilterInvalidActionRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	enum          []string
+}
+
+// NewAwsGuarddutyFilterInvalidActionRule returns new rule with default attributes
+func NewAwsGuarddutyFilterInvalidActionRule() *AwsGuarddutyFilterInvalidActionRule {
+	return &AwsGuarddutyFilterInvalidActionRule{
+		resourceType:  "aws_guardduty_filter",
+		attributeName: "action",
+		max:           300,
+		min:           1,
+		enum: []string{
+			"NOOP",
+			"ARCHIVE",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsGuarddutyFilterInvalidActionRule) Name() string {
+	return "aws_guardduty_filter_invalid_action"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsGuarddutyFilterInvalidActionRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsGuarddutyFilterInvalidActionRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsGuarddutyFilterInvalidActionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsGuarddutyFilterInvalidActionRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"action must be 300 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"action must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as action`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_guardduty_filter_invalid_description.go

@@ -0,0 +1,67 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsGuarddutyFilterInvalidDescriptionRule checks the pattern is valid
+type AwsGuarddutyFilterInvalidDescriptionRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+}
+
+// NewAwsGuarddutyFilterInvalidDescriptionRule returns new rule with default attributes
+func NewAwsGuarddutyFilterInvalidDescriptionRule() *AwsGuarddutyFilterInvalidDescriptionRule {
+	return &AwsGuarddutyFilterInvalidDescriptionRule{
+		resourceType:  "aws_guardduty_filter",
+		attributeName: "description",
+		max:           512,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsGuarddutyFilterInvalidDescriptionRule) Name() string {
+	return "aws_guardduty_filter_invalid_description"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsGuarddutyFilterInvalidDescriptionRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsGuarddutyFilterInvalidDescriptionRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsGuarddutyFilterInvalidDescriptionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsGuarddutyFilterInvalidDescriptionRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"description must be 512 characters or less",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_guardduty_filter_invalid_detector_id.go

@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsGuarddutyFilterInvalidDetectorIDRule checks the pattern is valid
+type AwsGuarddutyFilterInvalidDetectorIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsGuarddutyFilterInvalidDetectorIDRule returns new rule with default attributes
+func NewAwsGuarddutyFilterInvalidDetectorIDRule() *AwsGuarddutyFilterInvalidDetectorIDRule {
+	return &AwsGuarddutyFilterInvalidDetectorIDRule{
+		resourceType:  "aws_guardduty_filter",
+		attributeName: "detector_id",
+		max:           300,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsGuarddutyFilterInvalidDetectorIDRule) Name() string {
+	return "aws_guardduty_filter_invalid_detector_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsGuarddutyFilterInvalidDetectorIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsGuarddutyFilterInvalidDetectorIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsGuarddutyFilterInvalidDetectorIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsGuarddutyFilterInvalidDetectorIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"detector_id must be 300 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"detector_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_guardduty_filter_invalid_name.go

@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsGuarddutyFilterInvalidNameRule checks the pattern is valid
+type AwsGuarddutyFilterInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsGuarddutyFilterInvalidNameRule returns new rule with default attributes
+func NewAwsGuarddutyFilterInvalidNameRule() *AwsGuarddutyFilterInvalidNameRule {
+	return &AwsGuarddutyFilterInvalidNameRule{
+		resourceType:  "aws_guardduty_filter",
+		attributeName: "name",
+		max:           64,
+		min:           3,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsGuarddutyFilterInvalidNameRule) Name() string {
+	return "aws_guardduty_filter_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsGuarddutyFilterInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsGuarddutyFilterInvalidNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsGuarddutyFilterInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsGuarddutyFilterInvalidNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"name must be 64 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"name must be 3 characters or higher",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}