mapping aws_elasticache (#267)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_global_replication_group
https://github.com/aws/aws-sdk-go/blob/main/models/apis/elasticache/2015-02-02/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -570,6 +570,10 @@ These rules enforce best practices and naming conventions:
 |aws_elastic_beanstalk_environment_invalid_template_name|✔|
 |aws_elastic_beanstalk_environment_invalid_version_label|✔|
 |aws_elasticache_cluster_invalid_az_mode|✔|
+|aws_elasticache_user_group_invalid_engine|✔|
+|aws_elasticache_user_invalid_access_string|✔|
+|aws_elasticache_user_invalid_engine|✔|
+|aws_elasticache_user_invalid_user_id|✔|
 |aws_elasticsearch_domain_invalid_domain_name|✔|
 |aws_elasticsearch_domain_invalid_elasticsearch_version|✔|
 |aws_elasticsearch_domain_policy_invalid_domain_name|✔|

rules/models/aws_elasticache_user_group_invalid_engine.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsElastiCacheUserGroupInvalidEngineRule checks the pattern is valid
+type AwsElastiCacheUserGroupInvalidEngineRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsElastiCacheUserGroupInvalidEngineRule returns new rule with default attributes
+func NewAwsElastiCacheUserGroupInvalidEngineRule() *AwsElastiCacheUserGroupInvalidEngineRule {
+	return &AwsElastiCacheUserGroupInvalidEngineRule{
+		resourceType:  "aws_elasticache_user_group",
+		attributeName: "engine",
+		pattern:       regexp.MustCompile(`^[a-zA-Z]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsElastiCacheUserGroupInvalidEngineRule) Name() string {
+	return "aws_elasticache_user_group_invalid_engine"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsElastiCacheUserGroupInvalidEngineRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsElastiCacheUserGroupInvalidEngineRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsElastiCacheUserGroupInvalidEngineRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsElastiCacheUserGroupInvalidEngineRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z]*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_elasticache_user_invalid_access_string.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsElastiCacheUserInvalidAccessStringRule checks the pattern is valid
+type AwsElastiCacheUserInvalidAccessStringRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsElastiCacheUserInvalidAccessStringRule returns new rule with default attributes
+func NewAwsElastiCacheUserInvalidAccessStringRule() *AwsElastiCacheUserInvalidAccessStringRule {
+	return &AwsElastiCacheUserInvalidAccessStringRule{
+		resourceType:  "aws_elasticache_user",
+		attributeName: "access_string",
+		pattern:       regexp.MustCompile(`^.*\S.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsElastiCacheUserInvalidAccessStringRule) Name() string {
+	return "aws_elasticache_user_invalid_access_string"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsElastiCacheUserInvalidAccessStringRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsElastiCacheUserInvalidAccessStringRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsElastiCacheUserInvalidAccessStringRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsElastiCacheUserInvalidAccessStringRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_elasticache_user_invalid_engine.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsElastiCacheUserInvalidEngineRule checks the pattern is valid
+type AwsElastiCacheUserInvalidEngineRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsElastiCacheUserInvalidEngineRule returns new rule with default attributes
+func NewAwsElastiCacheUserInvalidEngineRule() *AwsElastiCacheUserInvalidEngineRule {
+	return &AwsElastiCacheUserInvalidEngineRule{
+		resourceType:  "aws_elasticache_user",
+		attributeName: "engine",
+		pattern:       regexp.MustCompile(`^[a-zA-Z]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsElastiCacheUserInvalidEngineRule) Name() string {
+	return "aws_elasticache_user_invalid_engine"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsElastiCacheUserInvalidEngineRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsElastiCacheUserInvalidEngineRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsElastiCacheUserInvalidEngineRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsElastiCacheUserInvalidEngineRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z]*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_elasticache_user_invalid_user_id.go

@@ -0,0 +1,78 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsElastiCacheUserInvalidUserIDRule checks the pattern is valid
+type AwsElastiCacheUserInvalidUserIDRule struct {
+	resourceType  string
+	attributeName string
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsElastiCacheUserInvalidUserIDRule returns new rule with default attributes
+func NewAwsElastiCacheUserInvalidUserIDRule() *AwsElastiCacheUserInvalidUserIDRule {
+	return &AwsElastiCacheUserInvalidUserIDRule{
+		resourceType:  "aws_elasticache_user",
+		attributeName: "user_id",
+		min:           1,
+		pattern:       regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9\-]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsElastiCacheUserInvalidUserIDRule) Name() string {
+	return "aws_elasticache_user_invalid_user_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsElastiCacheUserInvalidUserIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsElastiCacheUserInvalidUserIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsElastiCacheUserInvalidUserIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsElastiCacheUserInvalidUserIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"user_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z][a-zA-Z0-9\-]*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/mappings/elasticache.hcl

@@ -72,6 +72,20 @@ mapping "aws_elasticache_subnet_group" {
   subnet_ids  = SubnetIdentifierList
 }
 
+mapping "aws_elasticache_user" {
+  access_string = AccessString
+  engine = EngineType
+  user_id = UserId
+  user_name = UserName
+  passwords = PasswordListInput
+  tags = TagList
+}
+
+mapping "aws_elasticache_user_group" {
+  engine = EngineType
+  user_ids = UserIdListInput
+}
+
 test "aws_elasticache_cluster" "az_mode" {
   ok = "cross-az"
   ng = "multi-az"

rules/models/provider.go

@@ -498,6 +498,10 @@ var Rules = []tflint.Rule{
 	NewAwsElasticBeanstalkEnvironmentInvalidTemplateNameRule(),
 	NewAwsElasticBeanstalkEnvironmentInvalidVersionLabelRule(),
 	NewAwsElastiCacheClusterInvalidAzModeRule(),
+	NewAwsElastiCacheUserGroupInvalidEngineRule(),
+	NewAwsElastiCacheUserInvalidAccessStringRule(),
+	NewAwsElastiCacheUserInvalidEngineRule(),
+	NewAwsElastiCacheUserInvalidUserIDRule(),
 	NewAwsElasticsearchDomainInvalidDomainNameRule(),
 	NewAwsElasticsearchDomainInvalidElasticsearchVersionRule(),
 	NewAwsElasticsearchDomainPolicyInvalidDomainNameRule(),