mapping aws_db_proxy (#255)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_proxy
https://github.com/aws/aws-sdk-go/blob/main/models/apis/rds/2014-10-31/api-2.json

Author: PatMyron

docs/rules/README.md

@@ -455,6 +455,10 @@ These rules enforce best practices and naming conventions:
 |aws_datasync_task_invalid_destination_location_arn|✔|
 |aws_datasync_task_invalid_name|✔|
 |aws_datasync_task_invalid_source_location_arn|✔|
+|aws_db_proxy_endpoint_invalid_db_proxy_endpoint_name|✔|
+|aws_db_proxy_endpoint_invalid_db_proxy_name|✔|
+|aws_db_proxy_endpoint_invalid_target_role|✔|
+|aws_db_proxy_invalid_engine_family|✔|
 |aws_devicefarm_project_invalid_name|✔|
 |aws_directory_service_conditional_forwarder_invalid_directory_id|✔|
 |aws_directory_service_conditional_forwarder_invalid_remote_domain_name|✔|

rules/models/aws_db_proxy_endpoint_invalid_db_proxy_endpoint_name.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsDBProxyEndpointInvalidDBProxyEndpointNameRule checks the pattern is valid
+type AwsDBProxyEndpointInvalidDBProxyEndpointNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsDBProxyEndpointInvalidDBProxyEndpointNameRule returns new rule with default attributes
+func NewAwsDBProxyEndpointInvalidDBProxyEndpointNameRule() *AwsDBProxyEndpointInvalidDBProxyEndpointNameRule {
+	return &AwsDBProxyEndpointInvalidDBProxyEndpointNameRule{
+		resourceType:  "aws_db_proxy_endpoint",
+		attributeName: "db_proxy_endpoint_name",
+		max:           63,
+		min:           1,
+		pattern:       regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsDBProxyEndpointInvalidDBProxyEndpointNameRule) Name() string {
+	return "aws_db_proxy_endpoint_invalid_db_proxy_endpoint_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsDBProxyEndpointInvalidDBProxyEndpointNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsDBProxyEndpointInvalidDBProxyEndpointNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsDBProxyEndpointInvalidDBProxyEndpointNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsDBProxyEndpointInvalidDBProxyEndpointNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"db_proxy_endpoint_name must be 63 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"db_proxy_endpoint_name must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_db_proxy_endpoint_invalid_db_proxy_name.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsDBProxyEndpointInvalidDBProxyNameRule checks the pattern is valid
+type AwsDBProxyEndpointInvalidDBProxyNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsDBProxyEndpointInvalidDBProxyNameRule returns new rule with default attributes
+func NewAwsDBProxyEndpointInvalidDBProxyNameRule() *AwsDBProxyEndpointInvalidDBProxyNameRule {
+	return &AwsDBProxyEndpointInvalidDBProxyNameRule{
+		resourceType:  "aws_db_proxy_endpoint",
+		attributeName: "db_proxy_name",
+		max:           63,
+		min:           1,
+		pattern:       regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsDBProxyEndpointInvalidDBProxyNameRule) Name() string {
+	return "aws_db_proxy_endpoint_invalid_db_proxy_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsDBProxyEndpointInvalidDBProxyNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsDBProxyEndpointInvalidDBProxyNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsDBProxyEndpointInvalidDBProxyNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsDBProxyEndpointInvalidDBProxyNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"db_proxy_name must be 63 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"db_proxy_name must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_db_proxy_endpoint_invalid_target_role.go

@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsDBProxyEndpointInvalidTargetRoleRule checks the pattern is valid
+type AwsDBProxyEndpointInvalidTargetRoleRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsDBProxyEndpointInvalidTargetRoleRule returns new rule with default attributes
+func NewAwsDBProxyEndpointInvalidTargetRoleRule() *AwsDBProxyEndpointInvalidTargetRoleRule {
+	return &AwsDBProxyEndpointInvalidTargetRoleRule{
+		resourceType:  "aws_db_proxy_endpoint",
+		attributeName: "target_role",
+		enum: []string{
+			"READ_WRITE",
+			"READ_ONLY",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsDBProxyEndpointInvalidTargetRoleRule) Name() string {
+	return "aws_db_proxy_endpoint_invalid_target_role"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsDBProxyEndpointInvalidTargetRoleRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsDBProxyEndpointInvalidTargetRoleRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsDBProxyEndpointInvalidTargetRoleRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsDBProxyEndpointInvalidTargetRoleRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as target_role`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/aws_db_proxy_invalid_engine_family.go

@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsDBProxyInvalidEngineFamilyRule checks the pattern is valid
+type AwsDBProxyInvalidEngineFamilyRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsDBProxyInvalidEngineFamilyRule returns new rule with default attributes
+func NewAwsDBProxyInvalidEngineFamilyRule() *AwsDBProxyInvalidEngineFamilyRule {
+	return &AwsDBProxyInvalidEngineFamilyRule{
+		resourceType:  "aws_db_proxy",
+		attributeName: "engine_family",
+		enum: []string{
+			"MYSQL",
+			"POSTGRESQL",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsDBProxyInvalidEngineFamilyRule) Name() string {
+	return "aws_db_proxy_invalid_engine_family"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsDBProxyInvalidEngineFamilyRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsDBProxyInvalidEngineFamilyRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsDBProxyInvalidEngineFamilyRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsDBProxyInvalidEngineFamilyRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as engine_family`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/mappings/rds.hcl

@@ -92,6 +92,23 @@ mapping "aws_db_parameter_group" {
   tags        = TagList
 }
 
+mapping "aws_db_proxy" {
+  auth = UserAuthConfigList
+  engine_family = EngineFamily
+  tags = TagList
+}
+
+mapping "aws_db_proxy_default_target_group" {
+  connection_pool_config = ConnectionPoolConfiguration
+}
+
+mapping "aws_db_proxy_endpoint" {
+  db_proxy_endpoint_name = DBProxyEndpointName
+  db_proxy_name = DBProxyName
+  target_role = DBProxyEndpointTargetRole
+  tags = TagList
+}
+
 mapping "aws_db_security_group" {
   name        = String
   description = String

rules/models/provider.go

@@ -383,6 +383,10 @@ var Rules = []tflint.Rule{
 	NewAwsDatasyncTaskInvalidDestinationLocationArnRule(),
 	NewAwsDatasyncTaskInvalidNameRule(),
 	NewAwsDatasyncTaskInvalidSourceLocationArnRule(),
+	NewAwsDBProxyEndpointInvalidDBProxyEndpointNameRule(),
+	NewAwsDBProxyEndpointInvalidDBProxyNameRule(),
+	NewAwsDBProxyEndpointInvalidTargetRoleRule(),
+	NewAwsDBProxyInvalidEngineFamilyRule(),
 	NewAwsDevicefarmProjectInvalidNameRule(),
 	NewAwsDirectoryServiceConditionalForwarderInvalidDirectoryIDRule(),
 	NewAwsDirectoryServiceConditionalForwarderInvalidRemoteDomainNameRule(),