mapping aws_signer (#272)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/signer_signing_job
https://github.com/aws/aws-sdk-go/blob/main/models/apis/signer/2017-08-25/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -1178,6 +1178,10 @@ These rules enforce best practices and naming conventions:
 |aws_sfn_state_machine_invalid_role_arn|✔|
 |aws_shield_protection_invalid_name|✔|
 |aws_shield_protection_invalid_resource_arn|✔|
+|aws_signer_signing_job_invalid_profile_name|✔|
+|aws_signer_signing_profile_invalid_name|✔|
+|aws_signer_signing_profile_permission_invalid_profile_name|✔|
+|aws_signer_signing_profile_permission_invalid_profile_version|✔|
 |aws_spot_fleet_request_invalid_allocation_strategy|✔|
 |aws_spot_fleet_request_invalid_fleet_type|✔|
 |aws_spot_fleet_request_invalid_instance_interruption_behaviour|✔|

rules/models/aws_signer_signing_job_invalid_profile_name.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSignerSigningJobInvalidProfileNameRule checks the pattern is valid
+type AwsSignerSigningJobInvalidProfileNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSignerSigningJobInvalidProfileNameRule returns new rule with default attributes
+func NewAwsSignerSigningJobInvalidProfileNameRule() *AwsSignerSigningJobInvalidProfileNameRule {
+	return &AwsSignerSigningJobInvalidProfileNameRule{
+		resourceType:  "aws_signer_signing_job",
+		attributeName: "profile_name",
+		max:           64,
+		min:           2,
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9_]{2,}`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSignerSigningJobInvalidProfileNameRule) Name() string {
+	return "aws_signer_signing_job_invalid_profile_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSignerSigningJobInvalidProfileNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSignerSigningJobInvalidProfileNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSignerSigningJobInvalidProfileNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSignerSigningJobInvalidProfileNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"profile_name must be 64 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"profile_name must be 2 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9_]{2,}`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_signer_signing_profile_invalid_name.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSignerSigningProfileInvalidNameRule checks the pattern is valid
+type AwsSignerSigningProfileInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSignerSigningProfileInvalidNameRule returns new rule with default attributes
+func NewAwsSignerSigningProfileInvalidNameRule() *AwsSignerSigningProfileInvalidNameRule {
+	return &AwsSignerSigningProfileInvalidNameRule{
+		resourceType:  "aws_signer_signing_profile",
+		attributeName: "name",
+		max:           64,
+		min:           2,
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9_]{2,}`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSignerSigningProfileInvalidNameRule) Name() string {
+	return "aws_signer_signing_profile_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSignerSigningProfileInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSignerSigningProfileInvalidNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSignerSigningProfileInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSignerSigningProfileInvalidNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"name must be 64 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"name must be 2 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9_]{2,}`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_signer_signing_profile_permission_invalid_profile_name.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSignerSigningProfilePermissionInvalidProfileNameRule checks the pattern is valid
+type AwsSignerSigningProfilePermissionInvalidProfileNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSignerSigningProfilePermissionInvalidProfileNameRule returns new rule with default attributes
+func NewAwsSignerSigningProfilePermissionInvalidProfileNameRule() *AwsSignerSigningProfilePermissionInvalidProfileNameRule {
+	return &AwsSignerSigningProfilePermissionInvalidProfileNameRule{
+		resourceType:  "aws_signer_signing_profile_permission",
+		attributeName: "profile_name",
+		max:           64,
+		min:           2,
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9_]{2,}`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSignerSigningProfilePermissionInvalidProfileNameRule) Name() string {
+	return "aws_signer_signing_profile_permission_invalid_profile_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSignerSigningProfilePermissionInvalidProfileNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSignerSigningProfilePermissionInvalidProfileNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSignerSigningProfilePermissionInvalidProfileNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSignerSigningProfilePermissionInvalidProfileNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"profile_name must be 64 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"profile_name must be 2 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9_]{2,}`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_signer_signing_profile_permission_invalid_profile_version.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSignerSigningProfilePermissionInvalidProfileVersionRule checks the pattern is valid
+type AwsSignerSigningProfilePermissionInvalidProfileVersionRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSignerSigningProfilePermissionInvalidProfileVersionRule returns new rule with default attributes
+func NewAwsSignerSigningProfilePermissionInvalidProfileVersionRule() *AwsSignerSigningProfilePermissionInvalidProfileVersionRule {
+	return &AwsSignerSigningProfilePermissionInvalidProfileVersionRule{
+		resourceType:  "aws_signer_signing_profile_permission",
+		attributeName: "profile_version",
+		max:           10,
+		min:           10,
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9]{10}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSignerSigningProfilePermissionInvalidProfileVersionRule) Name() string {
+	return "aws_signer_signing_profile_permission_invalid_profile_version"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSignerSigningProfilePermissionInvalidProfileVersionRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSignerSigningProfilePermissionInvalidProfileVersionRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSignerSigningProfilePermissionInvalidProfileVersionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSignerSigningProfilePermissionInvalidProfileVersionRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"profile_version must be 10 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"profile_version must be 10 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z0-9]{10}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/mappings/signer.hcl

@@ -0,0 +1,19 @@
+import = "aws-sdk-go/models/apis/signer/2017-08-25/api-2.json"
+
+mapping "aws_signer_signing_job" {
+  profile_name = ProfileName
+  source = Source
+  destination = Destination
+}
+
+mapping "aws_signer_signing_profile" {
+  platform_id = PlatformId
+  name = ProfileName
+  signature_validity_period = SignatureValidityPeriod
+  tags = TagMap
+}
+
+mapping "aws_signer_signing_profile_permission" {
+  profile_name = ProfileName
+  profile_version = ProfileVersion
+}

rules/models/provider.go

@@ -1106,6 +1106,10 @@ var Rules = []tflint.Rule{
 	NewAwsSfnStateMachineInvalidRoleArnRule(),
 	NewAwsShieldProtectionInvalidNameRule(),
 	NewAwsShieldProtectionInvalidResourceArnRule(),
+	NewAwsSignerSigningJobInvalidProfileNameRule(),
+	NewAwsSignerSigningProfileInvalidNameRule(),
+	NewAwsSignerSigningProfilePermissionInvalidProfileNameRule(),
+	NewAwsSignerSigningProfilePermissionInvalidProfileVersionRule(),
 	NewAwsSpotFleetRequestInvalidAllocationStrategyRule(),
 	NewAwsSpotFleetRequestInvalidFleetTypeRule(),
 	NewAwsSpotFleetRequestInvalidInstanceInterruptionBehaviourRule(),