terraform-linters
diff --git a/‎docs/rules/README.md‎
Lines changed: 53 additions & 1 deletion b/‎docs/rules/README.md‎
Lines changed: 53 additions & 1 deletion
diff --git a/‎rules/models/aws_appconfig_configuration_profile_invalid_validator.go‎
Lines changed: 88 additions & 0 deletions b/‎rules/models/aws_appconfig_configuration_profile_invalid_validator.go‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎rules/models/aws_appconfig_environment_invalid_monitor.go‎
Lines changed: 125 additions & 0 deletions b/‎rules/models/aws_appconfig_environment_invalid_monitor.go‎
Lines changed: 125 additions & 0 deletions
diff --git a/‎rules/models/aws_apprunner_service_invalid_health_check_configuration.go‎
Lines changed: 88 additions & 0 deletions b/‎rules/models/aws_apprunner_service_invalid_health_check_configuration.go‎
Lines changed: 88 additions & 0 deletions
@@ -0,0 +1,88 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/logger"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsAppconfigConfigurationProfileInvalidValidatorRule checks the pattern is valid
+type AwsAppconfigConfigurationProfileInvalidValidatorRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+	keyMax        int
+}
+
+// NewAwsAppconfigConfigurationProfileInvalidValidatorRule returns new rule with default attributes
+func NewAwsAppconfigConfigurationProfileInvalidValidatorRule() *AwsAppconfigConfigurationProfileInvalidValidatorRule {
+	return &AwsAppconfigConfigurationProfileInvalidValidatorRule{
+		resourceType:  "aws_appconfig_configuration_profile",
+		attributeName: "validator",
+		keyMax:        32768,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppconfigConfigurationProfileInvalidValidatorRule) Name() string {
+	return "aws_appconfig_configuration_profile_invalid_validator"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppconfigConfigurationProfileInvalidValidatorRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsAppconfigConfigurationProfileInvalidValidatorRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppconfigConfigurationProfileInvalidValidatorRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppconfigConfigurationProfileInvalidValidatorRule) Check(runner tflint.Runner) error {
+	logger.Trace("Check `%s` rule", r.Name())
+
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{
+			{Name: r.attributeName},
+		},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func(val map[string]string) error {
+			for k, _ := range val {
+				if len(k) > r.keyMax {
+					runner.EmitIssue(
+						r,
+						fmt.Sprintf("tag key %q must be 32768 characters or less", truncateLongMessage(k)),
+						attribute.Expr.Range(),
+					)
+				}
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
@@ -0,0 +1,125 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"regexp"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/logger"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsAppconfigEnvironmentInvalidMonitorRule checks the pattern is valid
+type AwsAppconfigEnvironmentInvalidMonitorRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+	keyMax        int
+	keyMin        int
+	valueMax      int
+	valueMin      int
+	valuePattern  *regexp.Regexp
+}
+
+// NewAwsAppconfigEnvironmentInvalidMonitorRule returns new rule with default attributes
+func NewAwsAppconfigEnvironmentInvalidMonitorRule() *AwsAppconfigEnvironmentInvalidMonitorRule {
+	return &AwsAppconfigEnvironmentInvalidMonitorRule{
+		resourceType:  "aws_appconfig_environment",
+		attributeName: "monitor",
+		keyMax:        2048,
+		keyMin:        1,
+		valueMax:      2048,
+		valueMin:      20,
+		valuePattern:  regexp.MustCompile(`^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov|aws-eusc):(iam)::\d{12}:role[/].*)$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppconfigEnvironmentInvalidMonitorRule) Name() string {
+	return "aws_appconfig_environment_invalid_monitor"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppconfigEnvironmentInvalidMonitorRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsAppconfigEnvironmentInvalidMonitorRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppconfigEnvironmentInvalidMonitorRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppconfigEnvironmentInvalidMonitorRule) Check(runner tflint.Runner) error {
+	logger.Trace("Check `%s` rule", r.Name())
+
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{
+			{Name: r.attributeName},
+		},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func(val map[string]string) error {
+			for k, v := range val {
+				if len(k) > r.keyMax {
+					runner.EmitIssue(
+						r,
+						fmt.Sprintf("tag key %q must be 2048 characters or less", truncateLongMessage(k)),
+						attribute.Expr.Range(),
+					)
+				}
+				if len(k) < r.keyMin {
+					runner.EmitIssue(
+						r,
+						fmt.Sprintf("tag key %q must be 1 characters or higher", truncateLongMessage(k)),
+						attribute.Expr.Range(),
+					)
+				}
+				if len(v) > r.valueMax {
+					runner.EmitIssue(
+						r,
+						fmt.Sprintf("tag value for key %q must be 2048 characters or less", truncateLongMessage(k)),
+						attribute.Expr.Range(),
+					)
+				}
+				if len(v) < r.valueMin {
+					runner.EmitIssue(
+						r,
+						fmt.Sprintf("tag value for key %q must be 20 characters or higher", truncateLongMessage(k)),
+						attribute.Expr.Range(),
+					)
+				}
+				if !r.valuePattern.MatchString(v) {
+					runner.EmitIssue(
+						r,
+						fmt.Sprintf(`tag value %q for key %q does not match valid pattern %s`, truncateLongMessage(v), truncateLongMessage(k), `^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov|aws-eusc):(iam)::\d{12}:role[/].*)$`),
+						attribute.Expr.Range(),
+					)
+				}
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
@@ -0,0 +1,88 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/logger"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsApprunnerServiceInvalidHealthCheckConfigurationRule checks the pattern is valid
+type AwsApprunnerServiceInvalidHealthCheckConfigurationRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+	keyMin        int
+}
+
+// NewAwsApprunnerServiceInvalidHealthCheckConfigurationRule returns new rule with default attributes
+func NewAwsApprunnerServiceInvalidHealthCheckConfigurationRule() *AwsApprunnerServiceInvalidHealthCheckConfigurationRule {
+	return &AwsApprunnerServiceInvalidHealthCheckConfigurationRule{
+		resourceType:  "aws_apprunner_service",
+		attributeName: "health_check_configuration",
+		keyMin:        1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsApprunnerServiceInvalidHealthCheckConfigurationRule) Name() string {
+	return "aws_apprunner_service_invalid_health_check_configuration"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsApprunnerServiceInvalidHealthCheckConfigurationRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsApprunnerServiceInvalidHealthCheckConfigurationRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsApprunnerServiceInvalidHealthCheckConfigurationRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsApprunnerServiceInvalidHealthCheckConfigurationRule) Check(runner tflint.Runner) error {
+	logger.Trace("Check `%s` rule", r.Name())
+
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{
+			{Name: r.attributeName},
+		},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func(val map[string]string) error {
+			for k, _ := range val {
+				if len(k) < r.keyMin {
+					runner.EmitIssue(
+						r,
+						fmt.Sprintf("tag key %q must be 1 characters or higher", truncateLongMessage(k)),
+						attribute.Expr.Range(),
+					)
+				}
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}