mapping aws_ssoadmin (#263)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssoadmin_account_assignment
https://github.com/aws/aws-sdk-go/blob/main/models/apis/sso-admin/2020-07-20/api-2.json

* removing lookahead mappings

Author: PatMyron

docs/rules/README.md

@@ -1182,6 +1182,22 @@ These rules enforce best practices and naming conventions:
 |aws_ssm_patch_group_invalid_baseline_id|✔|
 |aws_ssm_patch_group_invalid_patch_group|✔|
 |aws_ssm_resource_data_sync_invalid_name|✔|
+|aws_ssoadmin_account_assignment_invalid_instance_arn|✔|
+|aws_ssoadmin_account_assignment_invalid_permission_set_arn|✔|
+|aws_ssoadmin_account_assignment_invalid_principal_id|✔|
+|aws_ssoadmin_account_assignment_invalid_principal_type|✔|
+|aws_ssoadmin_account_assignment_invalid_target_id|✔|
+|aws_ssoadmin_account_assignment_invalid_target_type|✔|
+|aws_ssoadmin_managed_policy_attachment_invalid_instance_arn|✔|
+|aws_ssoadmin_managed_policy_attachment_invalid_managed_policy_arn|✔|
+|aws_ssoadmin_managed_policy_attachment_invalid_permission_set_arn|✔|
+|aws_ssoadmin_permission_set_inline_policy_invalid_inline_policy|✔|
+|aws_ssoadmin_permission_set_inline_policy_invalid_instance_arn|✔|
+|aws_ssoadmin_permission_set_inline_policy_invalid_permission_set_arn|✔|
+|aws_ssoadmin_permission_set_invalid_description|✔|
+|aws_ssoadmin_permission_set_invalid_instance_arn|✔|
+|aws_ssoadmin_permission_set_invalid_name|✔|
+|aws_ssoadmin_permission_set_invalid_relay_state|✔|
 |aws_storagegateway_cache_invalid_disk_id|✔|
 |aws_storagegateway_cache_invalid_gateway_arn|✔|
 |aws_storagegateway_cached_iscsi_volume_invalid_gateway_arn|✔|

rules/models/aws_ssoadmin_account_assignment_invalid_instance_arn.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSsoadminAccountAssignmentInvalidInstanceArnRule checks the pattern is valid
+type AwsSsoadminAccountAssignmentInvalidInstanceArnRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSsoadminAccountAssignmentInvalidInstanceArnRule returns new rule with default attributes
+func NewAwsSsoadminAccountAssignmentInvalidInstanceArnRule() *AwsSsoadminAccountAssignmentInvalidInstanceArnRule {
+	return &AwsSsoadminAccountAssignmentInvalidInstanceArnRule{
+		resourceType:  "aws_ssoadmin_account_assignment",
+		attributeName: "instance_arn",
+		max:           1224,
+		min:           10,
+		pattern:       regexp.MustCompile(`^arn:aws:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSsoadminAccountAssignmentInvalidInstanceArnRule) Name() string {
+	return "aws_ssoadmin_account_assignment_invalid_instance_arn"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSsoadminAccountAssignmentInvalidInstanceArnRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSsoadminAccountAssignmentInvalidInstanceArnRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSsoadminAccountAssignmentInvalidInstanceArnRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSsoadminAccountAssignmentInvalidInstanceArnRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"instance_arn must be 1224 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"instance_arn must be 10 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws:sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_ssoadmin_account_assignment_invalid_permission_set_arn.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule checks the pattern is valid
+type AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSsoadminAccountAssignmentInvalidPermissionSetArnRule returns new rule with default attributes
+func NewAwsSsoadminAccountAssignmentInvalidPermissionSetArnRule() *AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule {
+	return &AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule{
+		resourceType:  "aws_ssoadmin_account_assignment",
+		attributeName: "permission_set_arn",
+		max:           1224,
+		min:           10,
+		pattern:       regexp.MustCompile(`^arn:aws:sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule) Name() string {
+	return "aws_ssoadmin_account_assignment_invalid_permission_set_arn"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSsoadminAccountAssignmentInvalidPermissionSetArnRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"permission_set_arn must be 1224 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"permission_set_arn must be 10 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws:sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_ssoadmin_account_assignment_invalid_principal_id.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSsoadminAccountAssignmentInvalidPrincipalIDRule checks the pattern is valid
+type AwsSsoadminAccountAssignmentInvalidPrincipalIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsSsoadminAccountAssignmentInvalidPrincipalIDRule returns new rule with default attributes
+func NewAwsSsoadminAccountAssignmentInvalidPrincipalIDRule() *AwsSsoadminAccountAssignmentInvalidPrincipalIDRule {
+	return &AwsSsoadminAccountAssignmentInvalidPrincipalIDRule{
+		resourceType:  "aws_ssoadmin_account_assignment",
+		attributeName: "principal_id",
+		max:           47,
+		min:           1,
+		pattern:       regexp.MustCompile(`^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalIDRule) Name() string {
+	return "aws_ssoadmin_account_assignment_invalid_principal_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalIDRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"principal_id must be 47 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"principal_id must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_ssoadmin_account_assignment_invalid_principal_type.go

@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule checks the pattern is valid
+type AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsSsoadminAccountAssignmentInvalidPrincipalTypeRule returns new rule with default attributes
+func NewAwsSsoadminAccountAssignmentInvalidPrincipalTypeRule() *AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule {
+	return &AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule{
+		resourceType:  "aws_ssoadmin_account_assignment",
+		attributeName: "principal_type",
+		enum: []string{
+			"USER",
+			"GROUP",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule) Name() string {
+	return "aws_ssoadmin_account_assignment_invalid_principal_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsSsoadminAccountAssignmentInvalidPrincipalTypeRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as principal_type`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}