mapping aws_vpc (#250)

PatMyron · web-flow · commit f4fe0ecc31ef · 2021-12-27T13:10:49.000-08:00
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipam https://github.com/aws/aws-sdk-go/blob/main/models/apis/ec2/2016-11-15/api-2.json
diff --git a/docs/rules/README.md b/docs/rules/README.md
@@ -1132,6 +1132,8 @@ These rules enforce best practices and naming conventions:
 |aws_transfer_user_invalid_user_name|✔|
 |aws_vpc_endpoint_invalid_vpc_endpoint_type|✔|
 |aws_vpc_invalid_instance_tenancy|✔|
+|aws_vpc_ipam_pool_invalid_address_family|✔|
+|aws_vpc_ipam_pool_invalid_aws_service|✔|
 |aws_waf_byte_match_set_invalid_name|✔|
 |aws_waf_geo_match_set_invalid_name|✔|
 |aws_waf_ipset_invalid_name|✔|
diff --git a/rules/models/aws_vpc_ipam_pool_invalid_address_family.go b/rules/models/aws_vpc_ipam_pool_invalid_address_family.go
@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsVpcIpamPoolInvalidAddressFamilyRule checks the pattern is valid
+type AwsVpcIpamPoolInvalidAddressFamilyRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsVpcIpamPoolInvalidAddressFamilyRule returns new rule with default attributes
+func NewAwsVpcIpamPoolInvalidAddressFamilyRule() *AwsVpcIpamPoolInvalidAddressFamilyRule {
+	return &AwsVpcIpamPoolInvalidAddressFamilyRule{
+		resourceType:  "aws_vpc_ipam_pool",
+		attributeName: "address_family",
+		enum: []string{
+			"ipv4",
+			"ipv6",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsVpcIpamPoolInvalidAddressFamilyRule) Name() string {
+	return "aws_vpc_ipam_pool_invalid_address_family"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsVpcIpamPoolInvalidAddressFamilyRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsVpcIpamPoolInvalidAddressFamilyRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsVpcIpamPoolInvalidAddressFamilyRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsVpcIpamPoolInvalidAddressFamilyRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as address_family`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/aws_vpc_ipam_pool_invalid_aws_service.go b/rules/models/aws_vpc_ipam_pool_invalid_aws_service.go
@@ -0,0 +1,76 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsVpcIpamPoolInvalidAwsServiceRule checks the pattern is valid
+type AwsVpcIpamPoolInvalidAwsServiceRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsVpcIpamPoolInvalidAwsServiceRule returns new rule with default attributes
+func NewAwsVpcIpamPoolInvalidAwsServiceRule() *AwsVpcIpamPoolInvalidAwsServiceRule {
+	return &AwsVpcIpamPoolInvalidAwsServiceRule{
+		resourceType:  "aws_vpc_ipam_pool",
+		attributeName: "aws_service",
+		enum: []string{
+			"ec2",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsVpcIpamPoolInvalidAwsServiceRule) Name() string {
+	return "aws_vpc_ipam_pool_invalid_aws_service"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsVpcIpamPoolInvalidAwsServiceRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsVpcIpamPoolInvalidAwsServiceRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsVpcIpamPoolInvalidAwsServiceRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsVpcIpamPoolInvalidAwsServiceRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as aws_service`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/mappings/vpc.hcl b/rules/models/mappings/vpc.hcl
@@ -250,11 +250,45 @@ mapping "aws_vpc_endpoint_subnet_association" {
   subnet_id       = String
 }
 
+mapping "aws_vpc_ipam" {
+  operating_regions = AddIpamOperatingRegionSet
+}
+
+mapping "aws_vpc_ipam_pool" {
+  address_family = AddressFamily
+  allocation_default_netmask_length = IpamNetmaskLength
+  allocation_max_netmask_length = IpamNetmaskLength
+  allocation_min_netmask_length = IpamNetmaskLength
+  allocation_resource_tags = RequestIpamResourceTagList
+  aws_service = IpamPoolAwsService
+  ipam_scope_id = IpamScopeId
+  source_ipam_pool_id = IpamPoolId
+}
+
+mapping "aws_vpc_ipam_pool_cidr" {
+  cidr_authorization_context = IpamCidrAuthorizationContext
+  ipam_pool_id = IpamPoolId
+}
+
+mapping "aws_vpc_ipam_pool_cidr_allocation" {
+  ipam_pool_id = IpamPoolId
+}
+
+mapping "aws_vpc_ipam_scope" {
+  ipam_id = IpamId
+}
+
 mapping "aws_vpc_ipv4_cidr_block_association" {
   cidr_block = String
   vpc_id     = String
 }
 
+mapping "aws_vpc_ipv6_cidr_block_association" {
+  ipv6_ipam_pool_id = IpamPoolId
+  ipv6_netmask_length = NetmaskLength
+  vpc_id = VpcId
+}
+
 mapping "aws_vpc_peering_connection" {
   peer_owner_id = String
   peer_vpc_id   = String
diff --git a/rules/models/provider.go b/rules/models/provider.go
@@ -1060,6 +1060,8 @@ var Rules = []tflint.Rule{
 	NewAwsTransferUserInvalidUserNameRule(),
 	NewAwsVpcEndpointInvalidVpcEndpointTypeRule(),
 	NewAwsVpcInvalidInstanceTenancyRule(),
+	NewAwsVpcIpamPoolInvalidAddressFamilyRule(),
+	NewAwsVpcIpamPoolInvalidAwsServiceRule(),
 	NewAwsWafByteMatchSetInvalidNameRule(),
 	NewAwsWafGeoMatchSetInvalidNameRule(),
 	NewAwsWafIpsetInvalidNameRule(),
