mapping aws_efs (#266)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_access_point
https://github.com/aws/aws-sdk-go/blob/main/models/apis/elasticfilesystem/2015-02-01/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -536,10 +536,14 @@ These rules enforce best practices and naming conventions:
 |aws_ecs_task_definition_invalid_network_mode|✔|
 |aws_ecs_task_definition_invalid_pid_mode|✔|
 |aws_ecs_task_set_invalid_launch_type|✔|
+|aws_efs_access_point_invalid_file_system_id|✔|
+|aws_efs_backup_policy_invalid_file_system_id|✔|
 |aws_efs_file_system_invalid_creation_token|✔|
 |aws_efs_file_system_invalid_kms_key_id|✔|
 |aws_efs_file_system_invalid_performance_mode|✔|
 |aws_efs_file_system_invalid_throughput_mode|✔|
+|aws_efs_file_system_policy_invalid_file_system_id|✔|
+|aws_efs_file_system_policy_invalid_policy|✔|
 |aws_efs_mount_target_invalid_file_system_id|✔|
 |aws_efs_mount_target_invalid_ip_address|✔|
 |aws_efs_mount_target_invalid_subnet_id|✔|

rules/models/aws_efs_access_point_invalid_file_system_id.go

@@ -0,0 +1,78 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsEfsAccessPointInvalidFileSystemIDRule checks the pattern is valid
+type AwsEfsAccessPointInvalidFileSystemIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsEfsAccessPointInvalidFileSystemIDRule returns new rule with default attributes
+func NewAwsEfsAccessPointInvalidFileSystemIDRule() *AwsEfsAccessPointInvalidFileSystemIDRule {
+	return &AwsEfsAccessPointInvalidFileSystemIDRule{
+		resourceType:  "aws_efs_access_point",
+		attributeName: "file_system_id",
+		max:           128,
+		pattern:       regexp.MustCompile(`^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsEfsAccessPointInvalidFileSystemIDRule) Name() string {
+	return "aws_efs_access_point_invalid_file_system_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsEfsAccessPointInvalidFileSystemIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsEfsAccessPointInvalidFileSystemIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsEfsAccessPointInvalidFileSystemIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsEfsAccessPointInvalidFileSystemIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"file_system_id must be 128 characters or less",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_efs_backup_policy_invalid_file_system_id.go

@@ -0,0 +1,78 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsEfsBackupPolicyInvalidFileSystemIDRule checks the pattern is valid
+type AwsEfsBackupPolicyInvalidFileSystemIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsEfsBackupPolicyInvalidFileSystemIDRule returns new rule with default attributes
+func NewAwsEfsBackupPolicyInvalidFileSystemIDRule() *AwsEfsBackupPolicyInvalidFileSystemIDRule {
+	return &AwsEfsBackupPolicyInvalidFileSystemIDRule{
+		resourceType:  "aws_efs_backup_policy",
+		attributeName: "file_system_id",
+		max:           128,
+		pattern:       regexp.MustCompile(`^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsEfsBackupPolicyInvalidFileSystemIDRule) Name() string {
+	return "aws_efs_backup_policy_invalid_file_system_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsEfsBackupPolicyInvalidFileSystemIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsEfsBackupPolicyInvalidFileSystemIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsEfsBackupPolicyInvalidFileSystemIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsEfsBackupPolicyInvalidFileSystemIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"file_system_id must be 128 characters or less",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_efs_file_system_policy_invalid_file_system_id.go

@@ -0,0 +1,78 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsEfsFileSystemPolicyInvalidFileSystemIDRule checks the pattern is valid
+type AwsEfsFileSystemPolicyInvalidFileSystemIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsEfsFileSystemPolicyInvalidFileSystemIDRule returns new rule with default attributes
+func NewAwsEfsFileSystemPolicyInvalidFileSystemIDRule() *AwsEfsFileSystemPolicyInvalidFileSystemIDRule {
+	return &AwsEfsFileSystemPolicyInvalidFileSystemIDRule{
+		resourceType:  "aws_efs_file_system_policy",
+		attributeName: "file_system_id",
+		max:           128,
+		pattern:       regexp.MustCompile(`^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsEfsFileSystemPolicyInvalidFileSystemIDRule) Name() string {
+	return "aws_efs_file_system_policy_invalid_file_system_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsEfsFileSystemPolicyInvalidFileSystemIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsEfsFileSystemPolicyInvalidFileSystemIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsEfsFileSystemPolicyInvalidFileSystemIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsEfsFileSystemPolicyInvalidFileSystemIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"file_system_id must be 128 characters or less",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_efs_file_system_policy_invalid_policy.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsEfsFileSystemPolicyInvalidPolicyRule checks the pattern is valid
+type AwsEfsFileSystemPolicyInvalidPolicyRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsEfsFileSystemPolicyInvalidPolicyRule returns new rule with default attributes
+func NewAwsEfsFileSystemPolicyInvalidPolicyRule() *AwsEfsFileSystemPolicyInvalidPolicyRule {
+	return &AwsEfsFileSystemPolicyInvalidPolicyRule{
+		resourceType:  "aws_efs_file_system_policy",
+		attributeName: "policy",
+		max:           20000,
+		min:           1,
+		pattern:       regexp.MustCompile(`^[\s\S]+$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsEfsFileSystemPolicyInvalidPolicyRule) Name() string {
+	return "aws_efs_file_system_policy_invalid_policy"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsEfsFileSystemPolicyInvalidPolicyRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsEfsFileSystemPolicyInvalidPolicyRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsEfsFileSystemPolicyInvalidPolicyRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsEfsFileSystemPolicyInvalidPolicyRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"policy must be 20000 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"policy must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\s\S]+$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/mappings/efs.hcl

@@ -1,5 +1,17 @@
 import = "aws-sdk-go/models/apis/elasticfilesystem/2015-02-01/api-2.json"
 
+mapping "aws_efs_access_point" {
+  file_system_id = FileSystemId
+  posix_user = PosixUser
+  root_directory = RootDirectory
+  tags = Tags
+}
+
+mapping "aws_efs_backup_policy" {
+  file_system_id = FileSystemId
+  backup_policy = BackupPolicy
+}
+
 mapping "aws_efs_file_system" {
   creation_token                  = CreationToken
   encrypted                       = Encrypted
@@ -10,6 +22,12 @@ mapping "aws_efs_file_system" {
   throughput_mode                 = ThroughputMode
 }
 
+mapping "aws_efs_file_system_policy" {
+  file_system_id = FileSystemId
+  bypass_policy_lockout_safety_check = BypassPolicyLockoutSafetyCheck
+  policy = Policy
+}
+
 mapping "aws_efs_mount_target" {
   file_system_id  = FileSystemId
   subnet_id       = SubnetId

rules/models/provider.go

@@ -464,10 +464,14 @@ var Rules = []tflint.Rule{
 	NewAwsEcsTaskDefinitionInvalidNetworkModeRule(),
 	NewAwsEcsTaskDefinitionInvalidPidModeRule(),
 	NewAwsEcsTaskSetInvalidLaunchTypeRule(),
+	NewAwsEfsAccessPointInvalidFileSystemIDRule(),
+	NewAwsEfsBackupPolicyInvalidFileSystemIDRule(),
 	NewAwsEfsFileSystemInvalidCreationTokenRule(),
 	NewAwsEfsFileSystemInvalidKmsKeyIDRule(),
 	NewAwsEfsFileSystemInvalidPerformanceModeRule(),
 	NewAwsEfsFileSystemInvalidThroughputModeRule(),
+	NewAwsEfsFileSystemPolicyInvalidFileSystemIDRule(),
+	NewAwsEfsFileSystemPolicyInvalidPolicyRule(),
 	NewAwsEfsMountTargetInvalidFileSystemIDRule(),
 	NewAwsEfsMountTargetInvalidIPAddressRule(),
 	NewAwsEfsMountTargetInvalidSubnetIDRule(),