terraform-linters
diff --git a/‎aws/config.go
Lines changed: 6 additions & 10 deletions b/‎aws/config.go
Lines changed: 6 additions & 10 deletions
diff --git a/‎aws/provider.go
Lines changed: 72 additions & 162 deletions b/‎aws/provider.go
Lines changed: 72 additions & 162 deletions
diff --git a/‎aws/ruleset.go
Lines changed: 18 additions & 30 deletions b/‎aws/ruleset.go
Lines changed: 18 additions & 30 deletions
@@ -1,17 +1,13 @@
 package aws
 
-import "github.com/hashicorp/hcl/v2"
-
 // Config is the configuration for the ruleset.
 type Config struct {
-	DeepCheck             bool   `hcl:"deep_check,optional"`
-	AccessKey             string `hcl:"access_key,optional"`
-	SecretKey             string `hcl:"secret_key,optional"`
-	Region                string `hcl:"region,optional"`
-	Profile               string `hcl:"profile,optional"`
-	SharedCredentialsFile string `hcl:"shared_credentials_file,optional"`
-
-	Remain hcl.Body `hcl:",remain"`
+	DeepCheck             bool   `hclext:"deep_check,optional"`
+	AccessKey             string `hclext:"access_key,optional"`
+	SecretKey             string `hclext:"secret_key,optional"`
+	Region                string `hclext:"region,optional"`
+	Profile               string `hclext:"profile,optional"`
+	SharedCredentialsFile string `hclext:"shared_credentials_file,optional"`
 }
 
 func (c *Config) toCredentials() Credentials {
 
@@ -1,210 +1,120 @@
 package aws
 
 import (
-	"log"
-
-	"github.com/hashicorp/hcl/v2"
-	"github.com/terraform-linters/tflint-plugin-sdk/terraform/configs"
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
 	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
 )
 
 // AwsProviderBlockSchema is a schema of `aws` provider block
-var AwsProviderBlockSchema = &hcl.BodySchema{
-	Attributes: []hcl.AttributeSchema{
+var AwsProviderBlockSchema = &hclext.BodySchema{
+	Attributes: []hclext.AttributeSchema{
 		{Name: "access_key"},
 		{Name: "secret_key"},
 		{Name: "profile"},
 		{Name: "shared_credentials_file"},
 		{Name: "region"},
 	},
-	Blocks: []hcl.BlockHeaderSchema{
-		{Type: "assume_role"},
+	Blocks: []hclext.BlockSchema{
+		{
+			Type: "assume_role",
+			Body: AwsProviderAssumeRoleBlockShema,
+		},
 	},
 }
 
 // AwsProviderAssumeRoleBlockShema is a schema of `assume_role` block
-var AwsProviderAssumeRoleBlockShema = &hcl.BodySchema{
-	Attributes: []hcl.AttributeSchema{
+var AwsProviderAssumeRoleBlockShema = &hclext.BodySchema{
+	Attributes: []hclext.AttributeSchema{
 		{Name: "role_arn", Required: true},
 		{Name: "session_name"},
 		{Name: "external_id"},
 		{Name: "policy"},
 	},
 }
 
-// ProviderData represents a provider block with an eval context (runner)
-type ProviderData struct {
-	provider   *configs.Provider
-	runner     tflint.Runner
-	attributes hcl.Attributes
-	blocks     hcl.Blocks
-}
-
 // GetCredentialsFromProvider retrieves credentials from the "provider" block in the Terraform configuration
 func GetCredentialsFromProvider(runner tflint.Runner) (Credentials, error) {
 	creds := Credentials{}
 
-	providerConfig, err := runner.RootProvider("aws")
-	if err != nil || providerConfig == nil {
-		return creds, err
-	}
-
-	d, err := newProviderData(providerConfig, runner)
-	if err != nil {
-		return creds, err
-	}
-
-	accessKey, exists, err := d.Get("access_key")
-	if err != nil {
-		return creds, err
-	}
-	if exists {
-		creds.AccessKey = accessKey
-	}
-
-	secretKey, exists, err := d.Get("secret_key")
+	providers, err := runner.GetModuleContent(
+		&hclext.BodySchema{
+			Blocks: []hclext.BlockSchema{
+				{
+					Type:       "provider",
+					LabelNames: []string{"name"},
+					Body:       AwsProviderBlockSchema,
+				},
+			},
+		},
+		&tflint.GetModuleContentOption{ModuleCtx: tflint.RootModuleCtxType},
+	)
 	if err != nil {
 		return creds, err
 	}
-	if exists {
-		creds.SecretKey = secretKey
-	}
 
-	profile, exists, err := d.Get("profile")
-	if err != nil {
-		return creds, err
-	}
-	if exists {
-		creds.Profile = profile
-	}
-
-	credsFile, exists, err := d.Get("shared_credentials_file")
-	if err != nil {
-		return creds, err
-	}
-	if exists {
-		creds.CredsFile = credsFile
-	}
+	for _, provider := range providers.Blocks {
+		if provider.Labels[0] != "aws" {
+			continue
+		}
 
-	region, exists, err := d.Get("region")
-	if err != nil {
-		return creds, err
-	}
-	if exists {
-		creds.Region = region
-	}
+		opts := &tflint.EvaluateExprOption{ModuleCtx: tflint.RootModuleCtxType}
 
-	assumeRole, exists, err := d.GetBlock("assume_role", AwsProviderAssumeRoleBlockShema)
-	if err != nil {
-		return creds, err
-	}
-	if exists {
-		roleARN, exists, err := assumeRole.Get("role_arn")
-		if err != nil {
-			return creds, err
-		}
-		if exists {
-			creds.AssumeRoleARN = roleARN
+		if attr, exists := provider.Body.Attributes["access_key"]; exists {
+			if err := runner.EvaluateExpr(attr.Expr, &creds.AccessKey, opts); err != nil {
+				return creds, err
+			}
 		}
 
-		sessionName, exists, err := assumeRole.Get("session_name")
-		if err != nil {
-			return creds, err
-		}
-		if exists {
-			creds.AssumeRoleSessionName = sessionName
+		if attr, exists := provider.Body.Attributes["secret_key"]; exists {
+			if err := runner.EvaluateExpr(attr.Expr, &creds.SecretKey, opts); err != nil {
+				return creds, err
+			}
 		}
 
-		externalID, exists, err := assumeRole.Get("external_id")
-		if err != nil {
-			return creds, err
-		}
-		if exists {
-			creds.AssumeRoleExternalID = externalID
+		if attr, exists := provider.Body.Attributes["profile"]; exists {
+			if err := runner.EvaluateExpr(attr.Expr, &creds.Profile, opts); err != nil {
+				return creds, err
+			}
 		}
 
-		policy, exists, err := assumeRole.Get("policy")
-		if err != nil {
-			return creds, err
-		}
-		if exists {
-			creds.AssumeRolePolicy = policy
+		if attr, exists := provider.Body.Attributes["shared_credentials_file"]; exists {
+			if err := runner.EvaluateExpr(attr.Expr, &creds.CredsFile, opts); err != nil {
+				return creds, err
+			}
 		}
-	}
 
-	return creds, nil
-}
-
-func newProviderData(provider *configs.Provider, runner tflint.Runner) (*ProviderData, error) {
-	providerData := &ProviderData{
-		provider:   provider,
-		runner:     runner,
-		attributes: map[string]*hcl.Attribute{},
-		blocks:     []*hcl.Block{},
-	}
-
-	if provider != nil {
-		content, _, diags := provider.Config.PartialContent(AwsProviderBlockSchema)
-		if diags.HasErrors() {
-			return nil, diags
+		if attr, exists := provider.Body.Attributes["region"]; exists {
+			if err := runner.EvaluateExpr(attr.Expr, &creds.Region, opts); err != nil {
+				return creds, err
+			}
 		}
 
-		providerData.attributes = content.Attributes
-		providerData.blocks = content.Blocks
-	}
-
-	return providerData, nil
-}
-
-// Get returns a value corresponding to the given key
-// It should be noted that the value is evaluated if it is evaluable
-// The second return value is a flag that determines whether a value exists
-// We assume the provider has only simple attributes, so it just returns string
-func (d *ProviderData) Get(key string) (string, bool, error) {
-	attribute, exists := d.attributes[key]
-	if !exists {
-		log.Printf("[INFO] `%s` is not found in the provider block.", key)
-		return "", false, nil
-	}
-
-	var val string
-	err := d.runner.EvaluateExprOnRootCtx(attribute.Expr, &val, nil)
-
-	err = d.runner.EnsureNoError(err, func() error { return nil })
-	if err != nil {
-		return "", true, err
-	}
-	return val, true, nil
-}
-
-// GetBlock returns a value just like Get.
-// The difference is that GetBlock returns ProviderData rather than a string value.
-func (d *ProviderData) GetBlock(key string, schema *hcl.BodySchema) (*ProviderData, bool, error) {
-	providerData := &ProviderData{
-		provider:   d.provider,
-		runner:     d.runner,
-		attributes: map[string]*hcl.Attribute{},
-		blocks:     []*hcl.Block{},
-	}
-
-	var ret *hcl.Block
-	for _, block := range d.blocks {
-		if block.Type == key {
-			ret = block
+		for _, assumeRole := range provider.Body.Blocks {
+			if attr, exists := assumeRole.Body.Attributes["role_arn"]; exists {
+				if err := runner.EvaluateExpr(attr.Expr, &creds.AssumeRoleARN, opts); err != nil {
+					return creds, err
+				}
+			}
+
+			if attr, exists := assumeRole.Body.Attributes["session_name"]; exists {
+				if err := runner.EvaluateExpr(attr.Expr, &creds.AssumeRoleSessionName, opts); err != nil {
+					return creds, err
+				}
+			}
+
+			if attr, exists := assumeRole.Body.Attributes["external_id"]; exists {
+				if err := runner.EvaluateExpr(attr.Expr, &creds.AssumeRoleExternalID, opts); err != nil {
+					return creds, err
+				}
+			}
+
+			if attr, exists := assumeRole.Body.Attributes["policy"]; exists {
+				if err := runner.EvaluateExpr(attr.Expr, &creds.AssumeRolePolicy, opts); err != nil {
+					return creds, err
+				}
+			}
 		}
 	}
-	if ret == nil {
-		log.Printf("[INFO] `%s` is not found in the provider block.", key)
-		return providerData, false, nil
-	}
 
-	content, _, diags := ret.Body.PartialContent(schema)
-	if diags.HasErrors() {
-		return providerData, true, diags
-	}
-
-	providerData.attributes = content.Attributes
-	providerData.blocks = content.Blocks
-
-	return providerData, true, nil
+	return creds, nil
 }
@@ -3,54 +3,42 @@ package aws
 import (
 	"fmt"
 
-	"github.com/hashicorp/hcl/v2/gohcl"
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
 	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
 )
 
 // RuleSet is the custom ruleset for the AWS provider plugin.
 type RuleSet struct {
 	tflint.BuiltinRuleSet
-	APIRules []tflint.Rule
-	config   *Config
+	config *Config
 }
 
-// RuleNames is a list of rule names provided by the plugin.
-func (r *RuleSet) RuleNames() []string {
-	names := []string{}
-	for _, rule := range r.Rules {
-		names = append(names, rule.Name())
-	}
-	for _, rule := range r.APIRules {
-		names = append(names, rule.Name())
-	}
-	return names
+func (r *RuleSet) ConfigSchema() *hclext.BodySchema {
+	r.config = &Config{}
+	return hclext.ImpliedBodySchema(r.config)
 }
 
 // ApplyConfig reflects the plugin configuration to the ruleset.
-func (r *RuleSet) ApplyConfig(config *tflint.Config) error {
-	r.ApplyCommonConfig(config)
-
-	// Apply "plugin" block config
-	cfg := Config{}
-	diags := gohcl.DecodeBody(config.Body, nil, &cfg)
+func (r *RuleSet) ApplyConfig(body *hclext.BodyContent) error {
+	diags := hclext.DecodeBody(body, nil, r.config)
 	if diags.HasErrors() {
 		return diags
 	}
-	r.config = &cfg
 
-	// Apply config for API rules
-	for _, rule := range r.APIRules {
-		enabled := rule.Enabled()
-		if cfg := config.Rules[rule.Name()]; cfg != nil {
-			enabled = cfg.Enabled
-		} else if config.DisabledByDefault {
-			enabled = false
-		}
+	if r.config.DeepCheck {
+		return nil
+	}
 
-		if cfg.DeepCheck && enabled {
-			r.EnabledRules = append(r.EnabledRules, rule)
+	// Disable deep checking rules
+	enabledRules := []tflint.Rule{}
+	for _, rule := range r.EnabledRules {
+		meta := rule.Metadata()
+		// Deep checking rules must have metadata like `map[string]bool{"deep": true}``
+		if meta == nil {
+			enabledRules = append(enabledRules, rule)
 		}
 	}
+	r.EnabledRules = enabledRules
 
 	return nil
 }