mapping aws_xray (#280)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/xray_encryption_config
https://github.com/aws/aws-sdk-go/blob/main/models/apis/xray/2016-04-12/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -1394,6 +1394,9 @@ These rules enforce best practices and naming conventions:
 |aws_worklink_website_certificate_authority_association_invalid_certificate|✔|
 |aws_worklink_website_certificate_authority_association_invalid_display_name|✔|
 |aws_worklink_website_certificate_authority_association_invalid_fleet_arn|✔|
+|aws_xray_encryption_config_invalid_key_id|✔|
+|aws_xray_encryption_config_invalid_type|✔|
+|aws_xray_group_invalid_group_name|✔|
 |aws_xray_sampling_rule_invalid_host|✔|
 |aws_xray_sampling_rule_invalid_http_method|✔|
 |aws_xray_sampling_rule_invalid_resource_arn|✔|

rules/models/aws_xray_encryption_config_invalid_key_id.go

@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsXrayEncryptionConfigInvalidKeyIDRule checks the pattern is valid
+type AwsXrayEncryptionConfigInvalidKeyIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsXrayEncryptionConfigInvalidKeyIDRule returns new rule with default attributes
+func NewAwsXrayEncryptionConfigInvalidKeyIDRule() *AwsXrayEncryptionConfigInvalidKeyIDRule {
+	return &AwsXrayEncryptionConfigInvalidKeyIDRule{
+		resourceType:  "aws_xray_encryption_config",
+		attributeName: "key_id",
+		max:           3000,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsXrayEncryptionConfigInvalidKeyIDRule) Name() string {
+	return "aws_xray_encryption_config_invalid_key_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsXrayEncryptionConfigInvalidKeyIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsXrayEncryptionConfigInvalidKeyIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsXrayEncryptionConfigInvalidKeyIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsXrayEncryptionConfigInvalidKeyIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"key_id must be 3000 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"key_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_xray_encryption_config_invalid_type.go

@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsXrayEncryptionConfigInvalidTypeRule checks the pattern is valid
+type AwsXrayEncryptionConfigInvalidTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsXrayEncryptionConfigInvalidTypeRule returns new rule with default attributes
+func NewAwsXrayEncryptionConfigInvalidTypeRule() *AwsXrayEncryptionConfigInvalidTypeRule {
+	return &AwsXrayEncryptionConfigInvalidTypeRule{
+		resourceType:  "aws_xray_encryption_config",
+		attributeName: "type",
+		enum: []string{
+			"NONE",
+			"KMS",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsXrayEncryptionConfigInvalidTypeRule) Name() string {
+	return "aws_xray_encryption_config_invalid_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsXrayEncryptionConfigInvalidTypeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsXrayEncryptionConfigInvalidTypeRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsXrayEncryptionConfigInvalidTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsXrayEncryptionConfigInvalidTypeRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as type`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_xray_group_invalid_group_name.go

@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsXrayGroupInvalidGroupNameRule checks the pattern is valid
+type AwsXrayGroupInvalidGroupNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsXrayGroupInvalidGroupNameRule returns new rule with default attributes
+func NewAwsXrayGroupInvalidGroupNameRule() *AwsXrayGroupInvalidGroupNameRule {
+	return &AwsXrayGroupInvalidGroupNameRule{
+		resourceType:  "aws_xray_group",
+		attributeName: "group_name",
+		max:           32,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsXrayGroupInvalidGroupNameRule) Name() string {
+	return "aws_xray_group_invalid_group_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsXrayGroupInvalidGroupNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsXrayGroupInvalidGroupNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsXrayGroupInvalidGroupNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsXrayGroupInvalidGroupNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"group_name must be 32 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"group_name must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/mappings/xray.hcl

@@ -1,5 +1,16 @@
 import = "aws-sdk-go/models/apis/xray/2016-04-12/api-2.json"
 
+mapping "aws_xray_encryption_config" {
+  type = EncryptionType
+  key_id = EncryptionKeyId
+}
+
+mapping "aws_xray_group" {
+  group_name = GroupName
+  filter_expression = FilterExpression
+  tags = TagList
+}
+
 mapping "aws_xray_sampling_rule" {
   rule_name      = RuleName
   resource_arn   = ResourceARN

rules/models/provider.go

@@ -1322,6 +1322,9 @@ var Rules = []tflint.Rule{
 	NewAwsWorklinkWebsiteCertificateAuthorityAssociationInvalidCertificateRule(),
 	NewAwsWorklinkWebsiteCertificateAuthorityAssociationInvalidDisplayNameRule(),
 	NewAwsWorklinkWebsiteCertificateAuthorityAssociationInvalidFleetArnRule(),
+	NewAwsXrayEncryptionConfigInvalidKeyIDRule(),
+	NewAwsXrayEncryptionConfigInvalidTypeRule(),
+	NewAwsXrayGroupInvalidGroupNameRule(),
 	NewAwsXraySamplingRuleInvalidHostRule(),
 	NewAwsXraySamplingRuleInvalidHTTPMethodRule(),
 	NewAwsXraySamplingRuleInvalidResourceArnRule(),