mapping aws_route53_resolver (#252)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_dnssec_config
https://github.com/aws/aws-sdk-go/blob/main/models/apis/route53resolver/2018-04-01/api-2.json

* removing lookahead mappings

Author: PatMyron

docs/rules/README.md

@@ -861,7 +861,22 @@ These rules enforce best practices and naming conventions:
 |aws_route53_record_invalid_set_identifier|✔|
 |aws_route53_record_invalid_type|✔|
 |aws_route53_record_invalid_zone_id|✔|
+|aws_route53_resolver_dnssec_config_invalid_resource_id|✔|
 |aws_route53_resolver_endpoint_invalid_direction|✔|
+|aws_route53_resolver_firewall_config_invalid_firewall_fail_open|✔|
+|aws_route53_resolver_firewall_config_invalid_resource_id|✔|
+|aws_route53_resolver_firewall_rule_group_association_invalid_firewall_rule_group_id|✔|
+|aws_route53_resolver_firewall_rule_group_association_invalid_mutation_protection|✔|
+|aws_route53_resolver_firewall_rule_group_association_invalid_vpc_id|✔|
+|aws_route53_resolver_firewall_rule_invalid_action|✔|
+|aws_route53_resolver_firewall_rule_invalid_block_override_dns_type|✔|
+|aws_route53_resolver_firewall_rule_invalid_block_override_domain|✔|
+|aws_route53_resolver_firewall_rule_invalid_block_response|✔|
+|aws_route53_resolver_firewall_rule_invalid_firewall_domain_list_id|✔|
+|aws_route53_resolver_firewall_rule_invalid_firewall_rule_group_id|✔|
+|aws_route53_resolver_query_log_config_association_invalid_resolver_query_log_config_id|✔|
+|aws_route53_resolver_query_log_config_association_invalid_resource_id|✔|
+|aws_route53_resolver_query_log_config_invalid_destination_arn|✔|
 |aws_route53_resolver_rule_association_invalid_resolver_rule_id|✔|
 |aws_route53_resolver_rule_association_invalid_vpc_id|✔|
 |aws_route53_resolver_rule_invalid_domain_name|✔|

rules/models/aws_route53_resolver_dnssec_config_invalid_resource_id.go

@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsRoute53ResolverDnssecConfigInvalidResourceIDRule checks the pattern is valid
+type AwsRoute53ResolverDnssecConfigInvalidResourceIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsRoute53ResolverDnssecConfigInvalidResourceIDRule returns new rule with default attributes
+func NewAwsRoute53ResolverDnssecConfigInvalidResourceIDRule() *AwsRoute53ResolverDnssecConfigInvalidResourceIDRule {
+	return &AwsRoute53ResolverDnssecConfigInvalidResourceIDRule{
+		resourceType:  "aws_route53_resolver_dnssec_config",
+		attributeName: "resource_id",
+		max:           64,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsRoute53ResolverDnssecConfigInvalidResourceIDRule) Name() string {
+	return "aws_route53_resolver_dnssec_config_invalid_resource_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsRoute53ResolverDnssecConfigInvalidResourceIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsRoute53ResolverDnssecConfigInvalidResourceIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsRoute53ResolverDnssecConfigInvalidResourceIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsRoute53ResolverDnssecConfigInvalidResourceIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"resource_id must be 64 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"resource_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_route53_resolver_firewall_config_invalid_firewall_fail_open.go

@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule checks the pattern is valid
+type AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule returns new rule with default attributes
+func NewAwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule() *AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule {
+	return &AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule{
+		resourceType:  "aws_route53_resolver_firewall_config",
+		attributeName: "firewall_fail_open",
+		enum: []string{
+			"ENABLED",
+			"DISABLED",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule) Name() string {
+	return "aws_route53_resolver_firewall_config_invalid_firewall_fail_open"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsRoute53ResolverFirewallConfigInvalidFirewallFailOpenRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as firewall_fail_open`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_route53_resolver_firewall_config_invalid_resource_id.go

@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsRoute53ResolverFirewallConfigInvalidResourceIDRule checks the pattern is valid
+type AwsRoute53ResolverFirewallConfigInvalidResourceIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsRoute53ResolverFirewallConfigInvalidResourceIDRule returns new rule with default attributes
+func NewAwsRoute53ResolverFirewallConfigInvalidResourceIDRule() *AwsRoute53ResolverFirewallConfigInvalidResourceIDRule {
+	return &AwsRoute53ResolverFirewallConfigInvalidResourceIDRule{
+		resourceType:  "aws_route53_resolver_firewall_config",
+		attributeName: "resource_id",
+		max:           64,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsRoute53ResolverFirewallConfigInvalidResourceIDRule) Name() string {
+	return "aws_route53_resolver_firewall_config_invalid_resource_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsRoute53ResolverFirewallConfigInvalidResourceIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsRoute53ResolverFirewallConfigInvalidResourceIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsRoute53ResolverFirewallConfigInvalidResourceIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsRoute53ResolverFirewallConfigInvalidResourceIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"resource_id must be 64 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"resource_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_route53_resolver_firewall_rule_group_association_invalid_firewall_rule_group_id.go

@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule checks the pattern is valid
+type AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule returns new rule with default attributes
+func NewAwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule() *AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule {
+	return &AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule{
+		resourceType:  "aws_route53_resolver_firewall_rule_group_association",
+		attributeName: "firewall_rule_group_id",
+		max:           64,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule) Name() string {
+	return "aws_route53_resolver_firewall_rule_group_association_invalid_firewall_rule_group_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsRoute53ResolverFirewallRuleGroupAssociationInvalidFirewallRuleGroupIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"firewall_rule_group_id must be 64 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"firewall_rule_group_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}