mapping aws_networkfirewall (#249)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall
https://github.com/aws/aws-sdk-go/blob/main/models/apis/network-firewall/2020-11-12/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -772,6 +772,19 @@ These rules enforce best practices and naming conventions:
 |aws_msk_cluster_invalid_enhanced_monitoring|✔|
 |aws_msk_cluster_invalid_kafka_version|✔|
 |aws_network_acl_rule_invalid_rule_action|✔|
+|aws_networkfirewall_firewall_invalid_description|✔|
+|aws_networkfirewall_firewall_invalid_firewall_policy_arn|✔|
+|aws_networkfirewall_firewall_invalid_name|✔|
+|aws_networkfirewall_firewall_invalid_vpc_id|✔|
+|aws_networkfirewall_firewall_policy_invalid_description|✔|
+|aws_networkfirewall_firewall_policy_invalid_name|✔|
+|aws_networkfirewall_logging_configuration_invalid_firewall_arn|✔|
+|aws_networkfirewall_resource_policy_invalid_policy|✔|
+|aws_networkfirewall_resource_policy_invalid_resource_arn|✔|
+|aws_networkfirewall_rule_group_invalid_description|✔|
+|aws_networkfirewall_rule_group_invalid_name|✔|
+|aws_networkfirewall_rule_group_invalid_rules|✔|
+|aws_networkfirewall_rule_group_invalid_type|✔|
 |aws_opsworks_application_invalid_type|✔|
 |aws_opsworks_instance_invalid_architecture|✔|
 |aws_opsworks_instance_invalid_auto_scaling_type|✔|

rules/models/aws_networkfirewall_firewall_invalid_description.go

@@ -0,0 +1,78 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsNetworkfirewallFirewallInvalidDescriptionRule checks the pattern is valid
+type AwsNetworkfirewallFirewallInvalidDescriptionRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsNetworkfirewallFirewallInvalidDescriptionRule returns new rule with default attributes
+func NewAwsNetworkfirewallFirewallInvalidDescriptionRule() *AwsNetworkfirewallFirewallInvalidDescriptionRule {
+	return &AwsNetworkfirewallFirewallInvalidDescriptionRule{
+		resourceType:  "aws_networkfirewall_firewall",
+		attributeName: "description",
+		max:           512,
+		pattern:       regexp.MustCompile(`^.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsNetworkfirewallFirewallInvalidDescriptionRule) Name() string {
+	return "aws_networkfirewall_firewall_invalid_description"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsNetworkfirewallFirewallInvalidDescriptionRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsNetworkfirewallFirewallInvalidDescriptionRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsNetworkfirewallFirewallInvalidDescriptionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsNetworkfirewallFirewallInvalidDescriptionRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"description must be 512 characters or less",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_networkfirewall_firewall_invalid_firewall_policy_arn.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule checks the pattern is valid
+type AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule returns new rule with default attributes
+func NewAwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule() *AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule {
+	return &AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule{
+		resourceType:  "aws_networkfirewall_firewall",
+		attributeName: "firewall_policy_arn",
+		max:           256,
+		min:           1,
+		pattern:       regexp.MustCompile(`^arn:aws.*`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule) Name() string {
+	return "aws_networkfirewall_firewall_invalid_firewall_policy_arn"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"firewall_policy_arn must be 256 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"firewall_policy_arn must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws.*`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_networkfirewall_firewall_invalid_name.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsNetworkfirewallFirewallInvalidNameRule checks the pattern is valid
+type AwsNetworkfirewallFirewallInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsNetworkfirewallFirewallInvalidNameRule returns new rule with default attributes
+func NewAwsNetworkfirewallFirewallInvalidNameRule() *AwsNetworkfirewallFirewallInvalidNameRule {
+	return &AwsNetworkfirewallFirewallInvalidNameRule{
+		resourceType:  "aws_networkfirewall_firewall",
+		attributeName: "name",
+		max:           128,
+		min:           1,
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9-]+$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsNetworkfirewallFirewallInvalidNameRule) Name() string {
+	return "aws_networkfirewall_firewall_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsNetworkfirewallFirewallInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsNetworkfirewallFirewallInvalidNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsNetworkfirewallFirewallInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsNetworkfirewallFirewallInvalidNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"name must be 128 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9-]+$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_networkfirewall_firewall_invalid_vpc_id.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsNetworkfirewallFirewallInvalidVpcIDRule checks the pattern is valid
+type AwsNetworkfirewallFirewallInvalidVpcIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsNetworkfirewallFirewallInvalidVpcIDRule returns new rule with default attributes
+func NewAwsNetworkfirewallFirewallInvalidVpcIDRule() *AwsNetworkfirewallFirewallInvalidVpcIDRule {
+	return &AwsNetworkfirewallFirewallInvalidVpcIDRule{
+		resourceType:  "aws_networkfirewall_firewall",
+		attributeName: "vpc_id",
+		max:           128,
+		min:           1,
+		pattern:       regexp.MustCompile(`^vpc-[0-9a-f]+$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsNetworkfirewallFirewallInvalidVpcIDRule) Name() string {
+	return "aws_networkfirewall_firewall_invalid_vpc_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsNetworkfirewallFirewallInvalidVpcIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsNetworkfirewallFirewallInvalidVpcIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsNetworkfirewallFirewallInvalidVpcIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsNetworkfirewallFirewallInvalidVpcIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"vpc_id must be 128 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"vpc_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^vpc-[0-9a-f]+$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}