mapping aws_securityhub (#243)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_action_target
https://github.com/aws/aws-sdk-go/blob/main/models/apis/securityhub/2018-10-26/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -893,7 +893,19 @@ These rules enforce best practices and naming conventions:
 |aws_secretsmanager_secret_invalid_rotation_lambda_arn|✔|
 |aws_secretsmanager_secret_version_invalid_secret_id|✔|
 |aws_secretsmanager_secret_version_invalid_secret_string|✔|
+|aws_securityhub_action_target_invalid_description|✔|
+|aws_securityhub_action_target_invalid_identifier|✔|
+|aws_securityhub_action_target_invalid_name|✔|
+|aws_securityhub_finding_aggregator_invalid_linking_mode|✔|
+|aws_securityhub_insight_invalid_group_by_attribute|✔|
+|aws_securityhub_insight_invalid_name|✔|
+|aws_securityhub_invite_accepter_invalid_master_id|✔|
+|aws_securityhub_member_invalid_email|✔|
+|aws_securityhub_organization_admin_account_invalid_admin_account_id|✔|
 |aws_securityhub_product_subscription_invalid_product_arn|✔|
+|aws_securityhub_standards_control_invalid_control_status|✔|
+|aws_securityhub_standards_control_invalid_disabled_reason|✔|
+|aws_securityhub_standards_control_invalid_standards_control_arn|✔|
 |aws_securityhub_standards_subscription_invalid_standards_arn|✔|
 |aws_service_discovery_http_namespace_invalid_description|✔|
 |aws_service_discovery_http_namespace_invalid_name|✔|

rules/models/aws_securityhub_action_target_invalid_description.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSecurityhubActionTargetInvalidDescriptionRule checks the pattern is valid
+type AwsSecurityhubActionTargetInvalidDescriptionRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSecurityhubActionTargetInvalidDescriptionRule returns new rule with default attributes
+func NewAwsSecurityhubActionTargetInvalidDescriptionRule() *AwsSecurityhubActionTargetInvalidDescriptionRule {
+	return &AwsSecurityhubActionTargetInvalidDescriptionRule{
+		resourceType:  "aws_securityhub_action_target",
+		attributeName: "description",
+		pattern:       regexp.MustCompile(`^.*\S.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSecurityhubActionTargetInvalidDescriptionRule) Name() string {
+	return "aws_securityhub_action_target_invalid_description"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSecurityhubActionTargetInvalidDescriptionRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSecurityhubActionTargetInvalidDescriptionRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSecurityhubActionTargetInvalidDescriptionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSecurityhubActionTargetInvalidDescriptionRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_securityhub_action_target_invalid_identifier.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSecurityhubActionTargetInvalidIdentifierRule checks the pattern is valid
+type AwsSecurityhubActionTargetInvalidIdentifierRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSecurityhubActionTargetInvalidIdentifierRule returns new rule with default attributes
+func NewAwsSecurityhubActionTargetInvalidIdentifierRule() *AwsSecurityhubActionTargetInvalidIdentifierRule {
+	return &AwsSecurityhubActionTargetInvalidIdentifierRule{
+		resourceType:  "aws_securityhub_action_target",
+		attributeName: "identifier",
+		pattern:       regexp.MustCompile(`^.*\S.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSecurityhubActionTargetInvalidIdentifierRule) Name() string {
+	return "aws_securityhub_action_target_invalid_identifier"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSecurityhubActionTargetInvalidIdentifierRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSecurityhubActionTargetInvalidIdentifierRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSecurityhubActionTargetInvalidIdentifierRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSecurityhubActionTargetInvalidIdentifierRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_securityhub_action_target_invalid_name.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSecurityhubActionTargetInvalidNameRule checks the pattern is valid
+type AwsSecurityhubActionTargetInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSecurityhubActionTargetInvalidNameRule returns new rule with default attributes
+func NewAwsSecurityhubActionTargetInvalidNameRule() *AwsSecurityhubActionTargetInvalidNameRule {
+	return &AwsSecurityhubActionTargetInvalidNameRule{
+		resourceType:  "aws_securityhub_action_target",
+		attributeName: "name",
+		pattern:       regexp.MustCompile(`^.*\S.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSecurityhubActionTargetInvalidNameRule) Name() string {
+	return "aws_securityhub_action_target_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSecurityhubActionTargetInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSecurityhubActionTargetInvalidNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSecurityhubActionTargetInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSecurityhubActionTargetInvalidNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_securityhub_finding_aggregator_invalid_linking_mode.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSecurityhubFindingAggregatorInvalidLinkingModeRule checks the pattern is valid
+type AwsSecurityhubFindingAggregatorInvalidLinkingModeRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSecurityhubFindingAggregatorInvalidLinkingModeRule returns new rule with default attributes
+func NewAwsSecurityhubFindingAggregatorInvalidLinkingModeRule() *AwsSecurityhubFindingAggregatorInvalidLinkingModeRule {
+	return &AwsSecurityhubFindingAggregatorInvalidLinkingModeRule{
+		resourceType:  "aws_securityhub_finding_aggregator",
+		attributeName: "linking_mode",
+		pattern:       regexp.MustCompile(`^.*\S.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSecurityhubFindingAggregatorInvalidLinkingModeRule) Name() string {
+	return "aws_securityhub_finding_aggregator_invalid_linking_mode"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSecurityhubFindingAggregatorInvalidLinkingModeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSecurityhubFindingAggregatorInvalidLinkingModeRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSecurityhubFindingAggregatorInvalidLinkingModeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSecurityhubFindingAggregatorInvalidLinkingModeRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_securityhub_insight_invalid_group_by_attribute.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSecurityhubInsightInvalidGroupByAttributeRule checks the pattern is valid
+type AwsSecurityhubInsightInvalidGroupByAttributeRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSecurityhubInsightInvalidGroupByAttributeRule returns new rule with default attributes
+func NewAwsSecurityhubInsightInvalidGroupByAttributeRule() *AwsSecurityhubInsightInvalidGroupByAttributeRule {
+	return &AwsSecurityhubInsightInvalidGroupByAttributeRule{
+		resourceType:  "aws_securityhub_insight",
+		attributeName: "group_by_attribute",
+		pattern:       regexp.MustCompile(`^.*\S.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSecurityhubInsightInvalidGroupByAttributeRule) Name() string {
+	return "aws_securityhub_insight_invalid_group_by_attribute"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSecurityhubInsightInvalidGroupByAttributeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSecurityhubInsightInvalidGroupByAttributeRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSecurityhubInsightInvalidGroupByAttributeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSecurityhubInsightInvalidGroupByAttributeRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}