From 303416410c9a795cd5189ccbc36d6cff7d087cbf Mon Sep 17 00:00:00 2001 From: Kazuma Watanabe Date: Sun, 12 Nov 2023 15:56:02 +0000 Subject: [PATCH] Update Magic Modules --- ... => google_alloydb_backup_invalid_type.go} | 28 ++-- ...le_alloydb_cluster_invalid_cluster_type.go | 91 +++++++++++ ..._alloydb_instance_invalid_instance_type.go | 2 +- .../google_alloydb_user_invalid_user_type.go | 91 +++++++++++ .../google_apigee_environment_invalid_type.go | 91 +++++++++++ ..._big_query_routine_invalid_routine_type.go | 2 +- ...int_group_invalid_network_endpoint_type.go | 2 +- ...uter_nat_invalid_nat_ip_allocate_option.go | 2 +- ...curity_settings_invalid_redaction_scope.go | 91 +++++++++++ ...ity_settings_invalid_redaction_strategy.go | 91 +++++++++++ ...ity_settings_invalid_retention_strategy.go | 91 +++++++++++ ...ntainer_cluster_invalid_release_channel.go | 91 +++++++++++ ...atabase_invalid_delete_protection_state.go | 91 +++++++++++ ...valid_point_in_time_recovery_enablement.go | 91 +++++++++++ ...ogle_firestore_index_invalid_api_scope.go} | 28 ++-- ...gle_firestore_index_invalid_query_scope.go | 2 +- ...ection_invalid_eventing_enablement_type.go | 91 +++++++++++ ...ooker_instance_invalid_platform_edition.go | 2 +- ...oring_custom_service_invalid_service_id.go | 2 +- .../google_monitoring_slo_invalid_slo_id.go | 2 +- ...sed_route_invalid_next_hop_other_routes.go | 91 +++++++++++ ...y_custom_constraint_invalid_action_type.go | 91 +++++++++++ ...edis_cluster_invalid_authorization_mode.go | 91 +++++++++++ ...cluster_invalid_transit_encryption_mode.go | 91 +++++++++++ ..._custom_module_invalid_enablement_state.go | 91 +++++++++++ ..._custom_module_invalid_enablement_state.go | 91 +++++++++++ ..._custom_module_invalid_enablement_state.go | 91 +++++++++++ rules/magicmodules/product.go | 149 +++++++++++++++--- rules/magicmodules/provider.go | 21 ++- tools/magic-modules | 2 +- 30 files changed, 1731 insertions(+), 60 deletions(-) rename rules/magicmodules/{google_cloudiot_registry_invalid_log_level.go => google_alloydb_backup_invalid_type.go} (64%) create mode 100644 rules/magicmodules/google_alloydb_cluster_invalid_cluster_type.go create mode 100644 rules/magicmodules/google_alloydb_user_invalid_user_type.go create mode 100644 rules/magicmodules/google_apigee_environment_invalid_type.go create mode 100644 rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_scope.go create mode 100644 rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_strategy.go create mode 100644 rules/magicmodules/google_dialogflow_cx_security_settings_invalid_retention_strategy.go create mode 100644 rules/magicmodules/google_edgecontainer_cluster_invalid_release_channel.go create mode 100644 rules/magicmodules/google_firestore_database_invalid_delete_protection_state.go create mode 100644 rules/magicmodules/google_firestore_database_invalid_point_in_time_recovery_enablement.go rename rules/magicmodules/{google_cloud_iot_device_invalid_log_level.go => google_firestore_index_invalid_api_scope.go} (67%) create mode 100644 rules/magicmodules/google_integration_connectors_connection_invalid_eventing_enablement_type.go create mode 100644 rules/magicmodules/google_network_connectivity_policy_based_route_invalid_next_hop_other_routes.go create mode 100644 rules/magicmodules/google_org_policy_custom_constraint_invalid_action_type.go create mode 100644 rules/magicmodules/google_redis_cluster_invalid_authorization_mode.go create mode 100644 rules/magicmodules/google_redis_cluster_invalid_transit_encryption_mode.go create mode 100644 rules/magicmodules/google_security_center_folder_custom_module_invalid_enablement_state.go create mode 100644 rules/magicmodules/google_security_center_organization_custom_module_invalid_enablement_state.go create mode 100644 rules/magicmodules/google_security_center_project_custom_module_invalid_enablement_state.go diff --git a/rules/magicmodules/google_cloudiot_registry_invalid_log_level.go b/rules/magicmodules/google_alloydb_backup_invalid_type.go similarity index 64% rename from rules/magicmodules/google_cloudiot_registry_invalid_log_level.go rename to rules/magicmodules/google_alloydb_backup_invalid_type.go index a730c57..a7bc6f3 100644 --- a/rules/magicmodules/google_cloudiot_registry_invalid_log_level.go +++ b/rules/magicmodules/google_alloydb_backup_invalid_type.go @@ -20,44 +20,44 @@ import ( "github.com/terraform-linters/tflint-plugin-sdk/tflint" ) -// GoogleCloudiotRegistryInvalidLogLevelRule checks the pattern is valid -type GoogleCloudiotRegistryInvalidLogLevelRule struct { +// GoogleAlloydbBackupInvalidTypeRule checks the pattern is valid +type GoogleAlloydbBackupInvalidTypeRule struct { tflint.DefaultRule resourceType string attributeName string } -// NewGoogleCloudiotRegistryInvalidLogLevelRule returns new rule with default attributes -func NewGoogleCloudiotRegistryInvalidLogLevelRule() *GoogleCloudiotRegistryInvalidLogLevelRule { - return &GoogleCloudiotRegistryInvalidLogLevelRule{ - resourceType: "google_cloudiot_registry", - attributeName: "log_level", +// NewGoogleAlloydbBackupInvalidTypeRule returns new rule with default attributes +func NewGoogleAlloydbBackupInvalidTypeRule() *GoogleAlloydbBackupInvalidTypeRule { + return &GoogleAlloydbBackupInvalidTypeRule{ + resourceType: "google_alloydb_backup", + attributeName: "type", } } // Name returns the rule name -func (r *GoogleCloudiotRegistryInvalidLogLevelRule) Name() string { - return "google_cloudiot_registry_invalid_log_level" +func (r *GoogleAlloydbBackupInvalidTypeRule) Name() string { + return "google_alloydb_backup_invalid_type" } // Enabled returns whether the rule is enabled by default -func (r *GoogleCloudiotRegistryInvalidLogLevelRule) Enabled() bool { +func (r *GoogleAlloydbBackupInvalidTypeRule) Enabled() bool { return true } // Severity returns the rule severity -func (r *GoogleCloudiotRegistryInvalidLogLevelRule) Severity() tflint.Severity { +func (r *GoogleAlloydbBackupInvalidTypeRule) Severity() tflint.Severity { return tflint.ERROR } // Link returns the rule reference link -func (r *GoogleCloudiotRegistryInvalidLogLevelRule) Link() string { +func (r *GoogleAlloydbBackupInvalidTypeRule) Link() string { return "" } // Check checks the pattern is valid -func (r *GoogleCloudiotRegistryInvalidLogLevelRule) Check(runner tflint.Runner) error { +func (r *GoogleAlloydbBackupInvalidTypeRule) Check(runner tflint.Runner) error { resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, }, nil) @@ -72,7 +72,7 @@ func (r *GoogleCloudiotRegistryInvalidLogLevelRule) Check(runner tflint.Runner) } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"NONE", "ERROR", "INFO", "DEBUG", ""}, false) + validateFunc := validation.StringInSlice([]string{"TYPE_UNSPECIFIED", "ON_DEMAND", "AUTOMATED", "CONTINUOUS", ""}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_alloydb_cluster_invalid_cluster_type.go b/rules/magicmodules/google_alloydb_cluster_invalid_cluster_type.go new file mode 100644 index 0000000..54e52fd --- /dev/null +++ b/rules/magicmodules/google_alloydb_cluster_invalid_cluster_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleAlloydbClusterInvalidClusterTypeRule checks the pattern is valid +type GoogleAlloydbClusterInvalidClusterTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleAlloydbClusterInvalidClusterTypeRule returns new rule with default attributes +func NewGoogleAlloydbClusterInvalidClusterTypeRule() *GoogleAlloydbClusterInvalidClusterTypeRule { + return &GoogleAlloydbClusterInvalidClusterTypeRule{ + resourceType: "google_alloydb_cluster", + attributeName: "cluster_type", + } +} + +// Name returns the rule name +func (r *GoogleAlloydbClusterInvalidClusterTypeRule) Name() string { + return "google_alloydb_cluster_invalid_cluster_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleAlloydbClusterInvalidClusterTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleAlloydbClusterInvalidClusterTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleAlloydbClusterInvalidClusterTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleAlloydbClusterInvalidClusterTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"PRIMARY", "SECONDARY", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_alloydb_instance_invalid_instance_type.go b/rules/magicmodules/google_alloydb_instance_invalid_instance_type.go index acd8803..7910556 100644 --- a/rules/magicmodules/google_alloydb_instance_invalid_instance_type.go +++ b/rules/magicmodules/google_alloydb_instance_invalid_instance_type.go @@ -72,7 +72,7 @@ func (r *GoogleAlloydbInstanceInvalidInstanceTypeRule) Check(runner tflint.Runne } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"PRIMARY", "READ_POOL"}, false) + validateFunc := validation.StringInSlice([]string{"PRIMARY", "READ_POOL", "SECONDARY"}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_alloydb_user_invalid_user_type.go b/rules/magicmodules/google_alloydb_user_invalid_user_type.go new file mode 100644 index 0000000..3d71aa1 --- /dev/null +++ b/rules/magicmodules/google_alloydb_user_invalid_user_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleAlloydbUserInvalidUserTypeRule checks the pattern is valid +type GoogleAlloydbUserInvalidUserTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleAlloydbUserInvalidUserTypeRule returns new rule with default attributes +func NewGoogleAlloydbUserInvalidUserTypeRule() *GoogleAlloydbUserInvalidUserTypeRule { + return &GoogleAlloydbUserInvalidUserTypeRule{ + resourceType: "google_alloydb_user", + attributeName: "user_type", + } +} + +// Name returns the rule name +func (r *GoogleAlloydbUserInvalidUserTypeRule) Name() string { + return "google_alloydb_user_invalid_user_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleAlloydbUserInvalidUserTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleAlloydbUserInvalidUserTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleAlloydbUserInvalidUserTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleAlloydbUserInvalidUserTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"ALLOYDB_BUILT_IN", "ALLOYDB_IAM_USER"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_apigee_environment_invalid_type.go b/rules/magicmodules/google_apigee_environment_invalid_type.go new file mode 100644 index 0000000..15e75db --- /dev/null +++ b/rules/magicmodules/google_apigee_environment_invalid_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleApigeeEnvironmentInvalidTypeRule checks the pattern is valid +type GoogleApigeeEnvironmentInvalidTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleApigeeEnvironmentInvalidTypeRule returns new rule with default attributes +func NewGoogleApigeeEnvironmentInvalidTypeRule() *GoogleApigeeEnvironmentInvalidTypeRule { + return &GoogleApigeeEnvironmentInvalidTypeRule{ + resourceType: "google_apigee_environment", + attributeName: "type", + } +} + +// Name returns the rule name +func (r *GoogleApigeeEnvironmentInvalidTypeRule) Name() string { + return "google_apigee_environment_invalid_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleApigeeEnvironmentInvalidTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleApigeeEnvironmentInvalidTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleApigeeEnvironmentInvalidTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleApigeeEnvironmentInvalidTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"ENVIRONMENT_TYPE_UNSPECIFIED", "BASE", "INTERMEDIATE", "COMPREHENSIVE", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_big_query_routine_invalid_routine_type.go b/rules/magicmodules/google_big_query_routine_invalid_routine_type.go index 13be654..c6b096b 100644 --- a/rules/magicmodules/google_big_query_routine_invalid_routine_type.go +++ b/rules/magicmodules/google_big_query_routine_invalid_routine_type.go @@ -72,7 +72,7 @@ func (r *GoogleBigQueryRoutineInvalidRoutineTypeRule) Check(runner tflint.Runner } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"SCALAR_FUNCTION", "PROCEDURE", "TABLE_VALUED_FUNCTION", ""}, false) + validateFunc := validation.StringInSlice([]string{"SCALAR_FUNCTION", "PROCEDURE", "TABLE_VALUED_FUNCTION"}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_compute_network_endpoint_group_invalid_network_endpoint_type.go b/rules/magicmodules/google_compute_network_endpoint_group_invalid_network_endpoint_type.go index ecdc863..b0347bb 100644 --- a/rules/magicmodules/google_compute_network_endpoint_group_invalid_network_endpoint_type.go +++ b/rules/magicmodules/google_compute_network_endpoint_group_invalid_network_endpoint_type.go @@ -72,7 +72,7 @@ func (r *GoogleComputeNetworkEndpointGroupInvalidNetworkEndpointTypeRule) Check( } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT", ""}, false) + validateFunc := validation.StringInSlice([]string{"GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT", "INTERNET_IP_PORT", "INTERNET_FQDN_PORT", "SERVERLESS", "PRIVATE_SERVICE_CONNECT", ""}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_compute_router_nat_invalid_nat_ip_allocate_option.go b/rules/magicmodules/google_compute_router_nat_invalid_nat_ip_allocate_option.go index 67c974e..c277d46 100644 --- a/rules/magicmodules/google_compute_router_nat_invalid_nat_ip_allocate_option.go +++ b/rules/magicmodules/google_compute_router_nat_invalid_nat_ip_allocate_option.go @@ -72,7 +72,7 @@ func (r *GoogleComputeRouterNatInvalidNatIpAllocateOptionRule) Check(runner tfli } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"MANUAL_ONLY", "AUTO_ONLY"}, false) + validateFunc := validation.StringInSlice([]string{"MANUAL_ONLY", "AUTO_ONLY", ""}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_scope.go b/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_scope.go new file mode 100644 index 0000000..850f03b --- /dev/null +++ b/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_scope.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule checks the pattern is valid +type GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule returns new rule with default attributes +func NewGoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule() *GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule { + return &GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule{ + resourceType: "google_dialogflow_cx_security_settings", + attributeName: "redaction_scope", + } +} + +// Name returns the rule name +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule) Name() string { + return "google_dialogflow_cx_security_settings_invalid_redaction_scope" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"REDACT_DISK_STORAGE", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_strategy.go b/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_strategy.go new file mode 100644 index 0000000..c83a80c --- /dev/null +++ b/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_redaction_strategy.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule checks the pattern is valid +type GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule returns new rule with default attributes +func NewGoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule() *GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule { + return &GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule{ + resourceType: "google_dialogflow_cx_security_settings", + attributeName: "redaction_strategy", + } +} + +// Name returns the rule name +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule) Name() string { + return "google_dialogflow_cx_security_settings_invalid_redaction_strategy" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"REDACT_WITH_SERVICE", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_retention_strategy.go b/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_retention_strategy.go new file mode 100644 index 0000000..6c06ea6 --- /dev/null +++ b/rules/magicmodules/google_dialogflow_cx_security_settings_invalid_retention_strategy.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule checks the pattern is valid +type GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule returns new rule with default attributes +func NewGoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule() *GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule { + return &GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule{ + resourceType: "google_dialogflow_cx_security_settings", + attributeName: "retention_strategy", + } +} + +// Name returns the rule name +func (r *GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule) Name() string { + return "google_dialogflow_cx_security_settings_invalid_retention_strategy" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"REMOVE_AFTER_CONVERSATION", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_edgecontainer_cluster_invalid_release_channel.go b/rules/magicmodules/google_edgecontainer_cluster_invalid_release_channel.go new file mode 100644 index 0000000..93e2971 --- /dev/null +++ b/rules/magicmodules/google_edgecontainer_cluster_invalid_release_channel.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleEdgecontainerClusterInvalidReleaseChannelRule checks the pattern is valid +type GoogleEdgecontainerClusterInvalidReleaseChannelRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleEdgecontainerClusterInvalidReleaseChannelRule returns new rule with default attributes +func NewGoogleEdgecontainerClusterInvalidReleaseChannelRule() *GoogleEdgecontainerClusterInvalidReleaseChannelRule { + return &GoogleEdgecontainerClusterInvalidReleaseChannelRule{ + resourceType: "google_edgecontainer_cluster", + attributeName: "release_channel", + } +} + +// Name returns the rule name +func (r *GoogleEdgecontainerClusterInvalidReleaseChannelRule) Name() string { + return "google_edgecontainer_cluster_invalid_release_channel" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleEdgecontainerClusterInvalidReleaseChannelRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleEdgecontainerClusterInvalidReleaseChannelRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleEdgecontainerClusterInvalidReleaseChannelRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleEdgecontainerClusterInvalidReleaseChannelRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"RELEASE_CHANNEL_UNSPECIFIED", "NONE", "REGULAR", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_firestore_database_invalid_delete_protection_state.go b/rules/magicmodules/google_firestore_database_invalid_delete_protection_state.go new file mode 100644 index 0000000..6c043f9 --- /dev/null +++ b/rules/magicmodules/google_firestore_database_invalid_delete_protection_state.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule checks the pattern is valid +type GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleFirestoreDatabaseInvalidDeleteProtectionStateRule returns new rule with default attributes +func NewGoogleFirestoreDatabaseInvalidDeleteProtectionStateRule() *GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule { + return &GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule{ + resourceType: "google_firestore_database", + attributeName: "delete_protection_state", + } +} + +// Name returns the rule name +func (r *GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule) Name() string { + return "google_firestore_database_invalid_delete_protection_state" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleFirestoreDatabaseInvalidDeleteProtectionStateRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"DELETE_PROTECTION_STATE_UNSPECIFIED", "DELETE_PROTECTION_ENABLED", "DELETE_PROTECTION_DISABLED", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_firestore_database_invalid_point_in_time_recovery_enablement.go b/rules/magicmodules/google_firestore_database_invalid_point_in_time_recovery_enablement.go new file mode 100644 index 0000000..320cb31 --- /dev/null +++ b/rules/magicmodules/google_firestore_database_invalid_point_in_time_recovery_enablement.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule checks the pattern is valid +type GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule returns new rule with default attributes +func NewGoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule() *GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule { + return &GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule{ + resourceType: "google_firestore_database", + attributeName: "point_in_time_recovery_enablement", + } +} + +// Name returns the rule name +func (r *GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule) Name() string { + return "google_firestore_database_invalid_point_in_time_recovery_enablement" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"POINT_IN_TIME_RECOVERY_ENABLED", "POINT_IN_TIME_RECOVERY_DISABLED", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_cloud_iot_device_invalid_log_level.go b/rules/magicmodules/google_firestore_index_invalid_api_scope.go similarity index 67% rename from rules/magicmodules/google_cloud_iot_device_invalid_log_level.go rename to rules/magicmodules/google_firestore_index_invalid_api_scope.go index 6faf175..a865cea 100644 --- a/rules/magicmodules/google_cloud_iot_device_invalid_log_level.go +++ b/rules/magicmodules/google_firestore_index_invalid_api_scope.go @@ -20,44 +20,44 @@ import ( "github.com/terraform-linters/tflint-plugin-sdk/tflint" ) -// GoogleCloudIotDeviceInvalidLogLevelRule checks the pattern is valid -type GoogleCloudIotDeviceInvalidLogLevelRule struct { +// GoogleFirestoreIndexInvalidApiScopeRule checks the pattern is valid +type GoogleFirestoreIndexInvalidApiScopeRule struct { tflint.DefaultRule resourceType string attributeName string } -// NewGoogleCloudIotDeviceInvalidLogLevelRule returns new rule with default attributes -func NewGoogleCloudIotDeviceInvalidLogLevelRule() *GoogleCloudIotDeviceInvalidLogLevelRule { - return &GoogleCloudIotDeviceInvalidLogLevelRule{ - resourceType: "google_cloud_iot_device", - attributeName: "log_level", +// NewGoogleFirestoreIndexInvalidApiScopeRule returns new rule with default attributes +func NewGoogleFirestoreIndexInvalidApiScopeRule() *GoogleFirestoreIndexInvalidApiScopeRule { + return &GoogleFirestoreIndexInvalidApiScopeRule{ + resourceType: "google_firestore_index", + attributeName: "api_scope", } } // Name returns the rule name -func (r *GoogleCloudIotDeviceInvalidLogLevelRule) Name() string { - return "google_cloud_iot_device_invalid_log_level" +func (r *GoogleFirestoreIndexInvalidApiScopeRule) Name() string { + return "google_firestore_index_invalid_api_scope" } // Enabled returns whether the rule is enabled by default -func (r *GoogleCloudIotDeviceInvalidLogLevelRule) Enabled() bool { +func (r *GoogleFirestoreIndexInvalidApiScopeRule) Enabled() bool { return true } // Severity returns the rule severity -func (r *GoogleCloudIotDeviceInvalidLogLevelRule) Severity() tflint.Severity { +func (r *GoogleFirestoreIndexInvalidApiScopeRule) Severity() tflint.Severity { return tflint.ERROR } // Link returns the rule reference link -func (r *GoogleCloudIotDeviceInvalidLogLevelRule) Link() string { +func (r *GoogleFirestoreIndexInvalidApiScopeRule) Link() string { return "" } // Check checks the pattern is valid -func (r *GoogleCloudIotDeviceInvalidLogLevelRule) Check(runner tflint.Runner) error { +func (r *GoogleFirestoreIndexInvalidApiScopeRule) Check(runner tflint.Runner) error { resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, }, nil) @@ -72,7 +72,7 @@ func (r *GoogleCloudIotDeviceInvalidLogLevelRule) Check(runner tflint.Runner) er } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"NONE", "ERROR", "INFO", "DEBUG", ""}, false) + validateFunc := validation.StringInSlice([]string{"ANY_API", "DATASTORE_MODE_API", ""}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_firestore_index_invalid_query_scope.go b/rules/magicmodules/google_firestore_index_invalid_query_scope.go index 04aa4a6..a45051b 100644 --- a/rules/magicmodules/google_firestore_index_invalid_query_scope.go +++ b/rules/magicmodules/google_firestore_index_invalid_query_scope.go @@ -72,7 +72,7 @@ func (r *GoogleFirestoreIndexInvalidQueryScopeRule) Check(runner tflint.Runner) } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"COLLECTION", "COLLECTION_GROUP", ""}, false) + validateFunc := validation.StringInSlice([]string{"COLLECTION", "COLLECTION_GROUP", "COLLECTION_RECURSIVE", ""}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_integration_connectors_connection_invalid_eventing_enablement_type.go b/rules/magicmodules/google_integration_connectors_connection_invalid_eventing_enablement_type.go new file mode 100644 index 0000000..ed31140 --- /dev/null +++ b/rules/magicmodules/google_integration_connectors_connection_invalid_eventing_enablement_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule checks the pattern is valid +type GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule returns new rule with default attributes +func NewGoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule() *GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule { + return &GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule{ + resourceType: "google_integration_connectors_connection", + attributeName: "eventing_enablement_type", + } +} + +// Name returns the rule name +func (r *GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule) Name() string { + return "google_integration_connectors_connection_invalid_eventing_enablement_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"EVENTING_AND_CONNECTION", "ONLY_EVENTING", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_looker_instance_invalid_platform_edition.go b/rules/magicmodules/google_looker_instance_invalid_platform_edition.go index 23d1ab5..cccd441 100644 --- a/rules/magicmodules/google_looker_instance_invalid_platform_edition.go +++ b/rules/magicmodules/google_looker_instance_invalid_platform_edition.go @@ -72,7 +72,7 @@ func (r *GoogleLookerInstanceInvalidPlatformEditionRule) Check(runner tflint.Run } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_MODELER", ""}, false) + validateFunc := validation.StringInSlice([]string{"LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", ""}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_monitoring_custom_service_invalid_service_id.go b/rules/magicmodules/google_monitoring_custom_service_invalid_service_id.go index 63d0685..3b06828 100644 --- a/rules/magicmodules/google_monitoring_custom_service_invalid_service_id.go +++ b/rules/magicmodules/google_monitoring_custom_service_invalid_service_id.go @@ -71,7 +71,7 @@ func (r *GoogleMonitoringCustomServiceInvalidServiceIdRule) Check(runner tflint. } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validateRegexp(`^[a-z0-9\-]+$`) + validateFunc := validateRegexp(`^[a-zA-Z0-9\-_:.]+$`) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_monitoring_slo_invalid_slo_id.go b/rules/magicmodules/google_monitoring_slo_invalid_slo_id.go index 3b9073d..7d7eb91 100644 --- a/rules/magicmodules/google_monitoring_slo_invalid_slo_id.go +++ b/rules/magicmodules/google_monitoring_slo_invalid_slo_id.go @@ -71,7 +71,7 @@ func (r *GoogleMonitoringSloInvalidSloIdRule) Check(runner tflint.Runner) error } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validateRegexp(`^[a-z0-9\-]+$`) + validateFunc := validateRegexp(`^[a-zA-Z0-9\-_:.]+$`) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_network_connectivity_policy_based_route_invalid_next_hop_other_routes.go b/rules/magicmodules/google_network_connectivity_policy_based_route_invalid_next_hop_other_routes.go new file mode 100644 index 0000000..791ba5b --- /dev/null +++ b/rules/magicmodules/google_network_connectivity_policy_based_route_invalid_next_hop_other_routes.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule checks the pattern is valid +type GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule returns new rule with default attributes +func NewGoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule() *GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule { + return &GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule{ + resourceType: "google_network_connectivity_policy_based_route", + attributeName: "next_hop_other_routes", + } +} + +// Name returns the rule name +func (r *GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule) Name() string { + return "google_network_connectivity_policy_based_route_invalid_next_hop_other_routes" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"DEFAULT_ROUTING", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_org_policy_custom_constraint_invalid_action_type.go b/rules/magicmodules/google_org_policy_custom_constraint_invalid_action_type.go new file mode 100644 index 0000000..87e10a0 --- /dev/null +++ b/rules/magicmodules/google_org_policy_custom_constraint_invalid_action_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleOrgPolicyCustomConstraintInvalidActionTypeRule checks the pattern is valid +type GoogleOrgPolicyCustomConstraintInvalidActionTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleOrgPolicyCustomConstraintInvalidActionTypeRule returns new rule with default attributes +func NewGoogleOrgPolicyCustomConstraintInvalidActionTypeRule() *GoogleOrgPolicyCustomConstraintInvalidActionTypeRule { + return &GoogleOrgPolicyCustomConstraintInvalidActionTypeRule{ + resourceType: "google_org_policy_custom_constraint", + attributeName: "action_type", + } +} + +// Name returns the rule name +func (r *GoogleOrgPolicyCustomConstraintInvalidActionTypeRule) Name() string { + return "google_org_policy_custom_constraint_invalid_action_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleOrgPolicyCustomConstraintInvalidActionTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleOrgPolicyCustomConstraintInvalidActionTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleOrgPolicyCustomConstraintInvalidActionTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleOrgPolicyCustomConstraintInvalidActionTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"ALLOW", "DENY"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_redis_cluster_invalid_authorization_mode.go b/rules/magicmodules/google_redis_cluster_invalid_authorization_mode.go new file mode 100644 index 0000000..2dbb9c1 --- /dev/null +++ b/rules/magicmodules/google_redis_cluster_invalid_authorization_mode.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleRedisClusterInvalidAuthorizationModeRule checks the pattern is valid +type GoogleRedisClusterInvalidAuthorizationModeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleRedisClusterInvalidAuthorizationModeRule returns new rule with default attributes +func NewGoogleRedisClusterInvalidAuthorizationModeRule() *GoogleRedisClusterInvalidAuthorizationModeRule { + return &GoogleRedisClusterInvalidAuthorizationModeRule{ + resourceType: "google_redis_cluster", + attributeName: "authorization_mode", + } +} + +// Name returns the rule name +func (r *GoogleRedisClusterInvalidAuthorizationModeRule) Name() string { + return "google_redis_cluster_invalid_authorization_mode" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleRedisClusterInvalidAuthorizationModeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleRedisClusterInvalidAuthorizationModeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleRedisClusterInvalidAuthorizationModeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleRedisClusterInvalidAuthorizationModeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"AUTH_MODE_UNSPECIFIED", "AUTH_MODE_IAM_AUTH", "AUTH_MODE_DISABLED", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_redis_cluster_invalid_transit_encryption_mode.go b/rules/magicmodules/google_redis_cluster_invalid_transit_encryption_mode.go new file mode 100644 index 0000000..4d6ab0f --- /dev/null +++ b/rules/magicmodules/google_redis_cluster_invalid_transit_encryption_mode.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleRedisClusterInvalidTransitEncryptionModeRule checks the pattern is valid +type GoogleRedisClusterInvalidTransitEncryptionModeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleRedisClusterInvalidTransitEncryptionModeRule returns new rule with default attributes +func NewGoogleRedisClusterInvalidTransitEncryptionModeRule() *GoogleRedisClusterInvalidTransitEncryptionModeRule { + return &GoogleRedisClusterInvalidTransitEncryptionModeRule{ + resourceType: "google_redis_cluster", + attributeName: "transit_encryption_mode", + } +} + +// Name returns the rule name +func (r *GoogleRedisClusterInvalidTransitEncryptionModeRule) Name() string { + return "google_redis_cluster_invalid_transit_encryption_mode" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleRedisClusterInvalidTransitEncryptionModeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleRedisClusterInvalidTransitEncryptionModeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleRedisClusterInvalidTransitEncryptionModeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleRedisClusterInvalidTransitEncryptionModeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"TRANSIT_ENCRYPTION_MODE_UNSPECIFIED", "TRANSIT_ENCRYPTION_MODE_DISABLED", "TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_security_center_folder_custom_module_invalid_enablement_state.go b/rules/magicmodules/google_security_center_folder_custom_module_invalid_enablement_state.go new file mode 100644 index 0000000..d60bc83 --- /dev/null +++ b/rules/magicmodules/google_security_center_folder_custom_module_invalid_enablement_state.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule checks the pattern is valid +type GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule returns new rule with default attributes +func NewGoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule() *GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule { + return &GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule{ + resourceType: "google_security_center_folder_custom_module", + attributeName: "enablement_state", + } +} + +// Name returns the rule name +func (r *GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule) Name() string { + return "google_security_center_folder_custom_module_invalid_enablement_state" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"ENABLED", "DISABLED"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_security_center_organization_custom_module_invalid_enablement_state.go b/rules/magicmodules/google_security_center_organization_custom_module_invalid_enablement_state.go new file mode 100644 index 0000000..5dfea08 --- /dev/null +++ b/rules/magicmodules/google_security_center_organization_custom_module_invalid_enablement_state.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule checks the pattern is valid +type GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule returns new rule with default attributes +func NewGoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule() *GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule { + return &GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule{ + resourceType: "google_security_center_organization_custom_module", + attributeName: "enablement_state", + } +} + +// Name returns the rule name +func (r *GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule) Name() string { + return "google_security_center_organization_custom_module_invalid_enablement_state" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"ENABLED", "DISABLED"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_security_center_project_custom_module_invalid_enablement_state.go b/rules/magicmodules/google_security_center_project_custom_module_invalid_enablement_state.go new file mode 100644 index 0000000..4cdbafc --- /dev/null +++ b/rules/magicmodules/google_security_center_project_custom_module_invalid_enablement_state.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule checks the pattern is valid +type GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule returns new rule with default attributes +func NewGoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule() *GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule { + return &GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule{ + resourceType: "google_security_center_project_custom_module", + attributeName: "enablement_state", + } +} + +// Name returns the rule name +func (r *GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule) Name() string { + return "google_security_center_project_custom_module_invalid_enablement_state" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"ENABLED", "DISABLED"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/product.go b/rules/magicmodules/product.go index 359e0e7..08466c3 100644 --- a/rules/magicmodules/product.go +++ b/rules/magicmodules/product.go @@ -442,6 +442,11 @@ var Products = map[string]Product{ {Name: "AlloyDB API", URL: "https://console.cloud.google.com/apis/library/alloydb.googleapis.com"}, }, }, + "google_alloydb_user": { + APIsRequired: []APIReference{ + {Name: "AlloyDB API", URL: "https://console.cloud.google.com/apis/library/alloydb.googleapis.com"}, + }, + }, "google_apigee_addons_config": { APIsRequired: []APIReference{ {Name: "Apigee API", URL: "https://console.cloud.google.com/apis/library/apigee.googleapis.com/"}, @@ -738,12 +743,6 @@ var Products = map[string]Product{ {Name: "Cloud Intrusion Detection Service (IDS) API", URL: "https://console.cloud.google.com/apis/library/ids.googleapis.com/"}, }, }, - "google_cloud_iot_device": { - APIsRequired: []APIReference{}, - }, - "google_cloudiot_registry": { - APIsRequired: []APIReference{}, - }, "google_cloud_run_domain_mapping": { APIsRequired: []APIReference{}, }, @@ -784,6 +783,11 @@ var Products = map[string]Product{ {Name: "Database Migration API", URL: "https://console.cloud.google.com/apis/library/datamigration.googleapis.com"}, }, }, + "google_database_migration_service_private_connection": { + APIsRequired: []APIReference{ + {Name: "Database Migration API", URL: "https://console.cloud.google.com/apis/library/datamigration.googleapis.com"}, + }, + }, "google_data_catalog_entry": { APIsRequired: []APIReference{ {Name: "Google Cloud Data Catalog API", URL: "https://console.cloud.google.com/apis/library/datacatalog.googleapis.com"}, @@ -892,6 +896,11 @@ var Products = map[string]Product{ {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, }, }, + "google_dialogflow_cx_environment": { + APIsRequired: []APIReference{ + {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, + }, + }, "google_dialogflow_cx_flow": { APIsRequired: []APIReference{ {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, @@ -907,6 +916,21 @@ var Products = map[string]Product{ {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, }, }, + "google_dialogflow_cx_security_settings": { + APIsRequired: []APIReference{ + {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, + }, + }, + "google_dialogflow_cx_test_case": { + APIsRequired: []APIReference{ + {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, + }, + }, + "google_dialogflow_cx_version": { + APIsRequired: []APIReference{ + {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, + }, + }, "google_dialogflow_cx_webhook": { APIsRequired: []APIReference{ {Name: "Dialogflow API", URL: "https://console.cloud.google.com/apis/library/dialogflow.googleapis.com"}, @@ -964,6 +988,31 @@ var Products = map[string]Product{ {Name: "Document AI Warehouse API", URL: "https://console.cloud.google.com/apis/library/contentwarehouse.googleapis.com/"}, }, }, + "google_edgecontainer_cluster": { + APIsRequired: []APIReference{ + {Name: "Edgecontainer API", URL: "https://console.cloud.google.com/apis/library/edgecontainer.googleapis.com"}, + }, + }, + "google_edgecontainer_node_pool": { + APIsRequired: []APIReference{ + {Name: "Edgecontainer API", URL: "https://console.cloud.google.com/apis/library/edgecontainer.googleapis.com"}, + }, + }, + "google_edgecontainer_vpn_connection": { + APIsRequired: []APIReference{ + {Name: "Edgecontainer API", URL: "https://console.cloud.google.com/apis/library/edgecontainer.googleapis.com"}, + }, + }, + "google_edgenetwork_network": { + APIsRequired: []APIReference{ + {Name: "Distributed Cloud Edge Network API", URL: "https://console.cloud.google.com/apis/library/edgenetwork.googleapis.com"}, + }, + }, + "google_edgenetwork_subnet": { + APIsRequired: []APIReference{ + {Name: "Distributed Cloud Edge Network API", URL: "https://console.cloud.google.com/apis/library/edgenetwork.googleapis.com"}, + }, + }, "google_essential_contacts_contact": { APIsRequired: []APIReference{ {Name: "Essential Contacts API", URL: "https://console.cloud.google.com/apis/api/essentialcontacts.googleapis.com/overview"}, @@ -978,6 +1027,11 @@ var Products = map[string]Product{ "google_filestore_snapshot": { APIsRequired: []APIReference{}, }, + "google_firestore_backup_schedule": { + APIsRequired: []APIReference{ + {Name: "Google Cloud Firestore API", URL: "https://console.cloud.google.com/apis/library/firestore.googleapis.com"}, + }, + }, "google_firestore_database": { APIsRequired: []APIReference{ {Name: "Google Cloud Firestore API", URL: "https://console.cloud.google.com/apis/library/firestore.googleapis.com"}, @@ -998,26 +1052,16 @@ var Products = map[string]Product{ {Name: "Google Cloud Firestore API", URL: "https://console.cloud.google.com/apis/library/firestore.googleapis.com"}, }, }, - "google_game_services_game_server_cluster": { - APIsRequired: []APIReference{}, - }, - "google_game_services_game_server_config": { - APIsRequired: []APIReference{}, - }, - "google_game_services_game_server_deployment": { - APIsRequired: []APIReference{}, - }, - "google_game_services_game_server_deployment_rollout": { - APIsRequired: []APIReference{}, - }, - "google_game_services_realm": { - APIsRequired: []APIReference{}, - }, "google_gke_backup_backup_plan": { APIsRequired: []APIReference{ {Name: "Backup for GKE API", URL: "https://console.cloud.google.com/apis/library/gkebackup.googleapis.com"}, }, }, + "google_gke_backup_restore_plan": { + APIsRequired: []APIReference{ + {Name: "Backup for GKE API", URL: "https://console.cloud.google.com/apis/library/gkebackup.googleapis.com"}, + }, + }, "google_gke_hub_membership": { APIsRequired: []APIReference{ {Name: "GKEHub API", URL: "https://console.cloud.google.com/apis/library/gkehub.googleapis.com"}, @@ -1028,6 +1072,11 @@ var Products = map[string]Product{ {Name: "GKEHub API", URL: "https://console.cloud.google.com/apis/library/gkehub.googleapis.com"}, }, }, + "google_gke_hub2_fleet": { + APIsRequired: []APIReference{ + {Name: "GKEHub API", URL: "https://console.cloud.google.com/apis/library/gkehub.googleapis.com"}, + }, + }, "google_gke_hub2_membership_binding": { APIsRequired: []APIReference{ {Name: "GKEHub API", URL: "https://console.cloud.google.com/apis/library/gkehub.googleapis.com"}, @@ -1048,6 +1097,31 @@ var Products = map[string]Product{ {Name: "GKEHub API", URL: "https://console.cloud.google.com/apis/library/gkehub.googleapis.com"}, }, }, + "google_gkeonprem_bare_metal_admin_cluster": { + APIsRequired: []APIReference{ + {Name: "Anthos On-Prem API", URL: "https://console.cloud.google.com/apis/library/gkeonprem.googleapis.com"}, + }, + }, + "google_gkeonprem_bare_metal_cluster": { + APIsRequired: []APIReference{ + {Name: "Anthos On-Prem API", URL: "https://console.cloud.google.com/apis/library/gkeonprem.googleapis.com"}, + }, + }, + "google_gkeonprem_bare_metal_node_pool": { + APIsRequired: []APIReference{ + {Name: "Anthos On-Prem API", URL: "https://console.cloud.google.com/apis/library/gkeonprem.googleapis.com"}, + }, + }, + "google_gkeonprem_vmware_cluster": { + APIsRequired: []APIReference{ + {Name: "Anthos On-Prem API", URL: "https://console.cloud.google.com/apis/library/gkeonprem.googleapis.com"}, + }, + }, + "google_gkeonprem_vmware_node_pool": { + APIsRequired: []APIReference{ + {Name: "Anthos On-Prem API", URL: "https://console.cloud.google.com/apis/library/gkeonprem.googleapis.com"}, + }, + }, "google_healthcare_consent_store": { APIsRequired: []APIReference{ {Name: "Cloud Healthcare API", URL: "https://console.cloud.google.com/apis/library/healthcare.googleapis.com/"}, @@ -1158,6 +1232,11 @@ var Products = map[string]Product{ {Name: "Google Identity Platform", URL: "https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity/"}, }, }, + "google_integration_connectors_connection": { + APIsRequired: []APIReference{ + {Name: "Connectors API", URL: "https://console.cloud.google.com/apis/api/connectors.googleapis.com/"}, + }, + }, "google_kms_crypto_key": { APIsRequired: []APIReference{ {Name: "Cloud Key Management Service (KMS) API", URL: "https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/"}, @@ -1261,6 +1340,11 @@ var Products = map[string]Product{ {Name: "Stackdriver Monitoring API", URL: "https://console.cloud.google.com/apis/library/monitoring.googleapis.com/"}, }, }, + "google_network_connectivity_policy_based_route": { + APIsRequired: []APIReference{ + {Name: "Network Connectivity API", URL: "https://console.cloud.google.com/apis/library/networkconnectivity.googleapis.com/"}, + }, + }, "google_network_connectivity_service_connection_policy": { APIsRequired: []APIReference{ {Name: "Network Connectivity API", URL: "https://console.cloud.google.com/apis/library/networkconnectivity.googleapis.com/"}, @@ -1331,6 +1415,11 @@ var Products = map[string]Product{ {Name: "Cloud Notebooks API", URL: "https://console.cloud.google.com/apis/api/notebooks.googleapis.com"}, }, }, + "google_org_policy_custom_constraint": { + APIsRequired: []APIReference{ + {Name: "Organization Policy API", URL: "https://console.cloud.google.com/apis/api/orgpolicy.googleapis.com/overview"}, + }, + }, "google_os_config_patch_deployment": { APIsRequired: []APIReference{ {Name: "Identity and Access Management (IAM) API", URL: "https://console.cloud.google.com/apis/library/iam.googleapis.com/"}, @@ -1391,6 +1480,9 @@ var Products = map[string]Product{ {Name: "Cloud Pub/Sub Lite API", URL: "https://console.cloud.google.com/apis/library/pubsublite.googleapis.com/"}, }, }, + "google_redis_cluster": { + APIsRequired: []APIReference{}, + }, "google_redis_instance": { APIsRequired: []APIReference{}, }, @@ -1409,12 +1501,21 @@ var Products = map[string]Product{ {Name: "Secret Manager API", URL: "https://console.cloud.google.com/apis/library/secretmanager.googleapis.com/"}, }, }, + "google_security_center_folder_custom_module": { + APIsRequired: []APIReference{}, + }, "google_security_center_mute_config": { APIsRequired: []APIReference{}, }, "google_security_center_notification_config": { APIsRequired: []APIReference{}, }, + "google_security_center_organization_custom_module": { + APIsRequired: []APIReference{}, + }, + "google_security_center_project_custom_module": { + APIsRequired: []APIReference{}, + }, "google_security_center_source": { APIsRequired: []APIReference{}, }, @@ -1463,6 +1564,12 @@ var Products = map[string]Product{ {Name: "Google Cloud Storage", URL: "https://console.cloud.google.com/apis/library/storage-component.googleapis.com/"}, }, }, + "google_storage_insights_report_config": { + APIsRequired: []APIReference{ + {Name: "Google Cloud Storage", URL: "https://console.cloud.google.com/apis/library/storage-component.googleapis.com/"}, + {Name: "Google Cloud Storage Insights", URL: "https://console.cloud.google.com/apis/library/storageinsights.googleapis.com/"}, + }, + }, "google_storage_transfer_agent_pool": { APIsRequired: []APIReference{ {Name: "Storage Transfer API", URL: "https://console.cloud.google.com/apis/library/storagetransfer.googleapis.com/"}, diff --git a/rules/magicmodules/provider.go b/rules/magicmodules/provider.go index bd029d4..cfeea87 100644 --- a/rules/magicmodules/provider.go +++ b/rules/magicmodules/provider.go @@ -26,10 +26,14 @@ var Rules = []tflint.Rule{ NewGoogleAccessContextManagerServicePerimeterInvalidPerimeterTypeRule(), NewGoogleActiveDirectoryDomainTrustInvalidTrustDirectionRule(), NewGoogleActiveDirectoryDomainTrustInvalidTrustTypeRule(), + NewGoogleAlloydbBackupInvalidTypeRule(), + NewGoogleAlloydbClusterInvalidClusterTypeRule(), NewGoogleAlloydbInstanceInvalidAvailabilityTypeRule(), NewGoogleAlloydbInstanceInvalidInstanceTypeRule(), + NewGoogleAlloydbUserInvalidUserTypeRule(), NewGoogleApigeeEnvironmentInvalidApiProxyTypeRule(), NewGoogleApigeeEnvironmentInvalidDeploymentTypeRule(), + NewGoogleApigeeEnvironmentInvalidTypeRule(), NewGoogleApigeeOrganizationInvalidRetentionRule(), NewGoogleApigeeOrganizationInvalidRuntimeTypeRule(), NewGoogleApigeeTargetServerInvalidProtocolRule(), @@ -52,11 +56,9 @@ var Rules = []tflint.Rule{ NewGoogleCloudBuildTriggerInvalidIncludeBuildLogsRule(), NewGoogleCloudIdentityGroupInvalidInitialGroupConfigRule(), NewGoogleCloudIdsEndpointInvalidSeverityRule(), - NewGoogleCloudIotDeviceInvalidLogLevelRule(), NewGoogleCloudRunV2JobInvalidLaunchStageRule(), NewGoogleCloudRunV2ServiceInvalidIngressRule(), NewGoogleCloudRunV2ServiceInvalidLaunchStageRule(), - NewGoogleCloudiotRegistryInvalidLogLevelRule(), NewGoogleComputeAddressInvalidAddressTypeRule(), NewGoogleComputeAddressInvalidIpVersionRule(), NewGoogleComputeAddressInvalidIpv6EndpointTypeRule(), @@ -135,18 +137,26 @@ var Rules = []tflint.Rule{ NewGoogleDialogflowAgentInvalidTierRule(), NewGoogleDialogflowCxEntityTypeInvalidAutoExpansionModeRule(), NewGoogleDialogflowCxEntityTypeInvalidKindRule(), + NewGoogleDialogflowCxSecuritySettingsInvalidRedactionScopeRule(), + NewGoogleDialogflowCxSecuritySettingsInvalidRedactionStrategyRule(), + NewGoogleDialogflowCxSecuritySettingsInvalidRetentionStrategyRule(), NewGoogleDialogflowEntityTypeInvalidKindRule(), NewGoogleDialogflowIntentInvalidWebhookStateRule(), NewGoogleDnsManagedZoneInvalidVisibilityRule(), NewGoogleDocumentAiWarehouseLocationInvalidAccessControlModeRule(), NewGoogleDocumentAiWarehouseLocationInvalidDatabaseTypeRule(), NewGoogleDocumentAiWarehouseLocationInvalidDocumentCreatorDefaultRoleRule(), + NewGoogleEdgecontainerClusterInvalidReleaseChannelRule(), NewGoogleFirestoreDatabaseInvalidAppEngineIntegrationModeRule(), NewGoogleFirestoreDatabaseInvalidConcurrencyModeRule(), + NewGoogleFirestoreDatabaseInvalidDeleteProtectionStateRule(), + NewGoogleFirestoreDatabaseInvalidPointInTimeRecoveryEnablementRule(), NewGoogleFirestoreDatabaseInvalidTypeRule(), + NewGoogleFirestoreIndexInvalidApiScopeRule(), NewGoogleFirestoreIndexInvalidQueryScopeRule(), NewGoogleHealthcareFhirStoreInvalidComplexDataTypeReferenceParsingRule(), NewGoogleHealthcareFhirStoreInvalidVersionRule(), + NewGoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule(), NewGoogleKmsCryptoKeyVersionInvalidStateRule(), NewGoogleKmsKeyRingImportJobInvalidImportMethodRule(), NewGoogleKmsKeyRingImportJobInvalidProtectionLevelRule(), @@ -161,6 +171,7 @@ var Rules = []tflint.Rule{ NewGoogleMonitoringSloInvalidCalendarPeriodRule(), NewGoogleMonitoringSloInvalidSloIdRule(), NewGoogleMonitoringUptimeCheckConfigInvalidCheckerTypeRule(), + NewGoogleNetworkConnectivityPolicyBasedRouteInvalidNextHopOtherRoutesRule(), NewGoogleNetworkSecurityAddressGroupInvalidTypeRule(), NewGoogleNetworkSecurityGatewaySecurityPolicyRuleInvalidBasicProfileRule(), NewGoogleNetworkServicesEdgeCacheOriginInvalidProtocolRule(), @@ -169,15 +180,21 @@ var Rules = []tflint.Rule{ NewGoogleNotebooksInstanceInvalidDataDiskTypeRule(), NewGoogleNotebooksInstanceInvalidDiskEncryptionRule(), NewGoogleNotebooksInstanceInvalidNicTypeRule(), + NewGoogleOrgPolicyCustomConstraintInvalidActionTypeRule(), NewGoogleOsConfigPatchDeploymentInvalidPatchDeploymentIdRule(), NewGooglePrivatecaCaPoolInvalidTierRule(), NewGooglePrivatecaCertificateAuthorityInvalidTypeRule(), NewGooglePubsubSchemaInvalidTypeRule(), + NewGoogleRedisClusterInvalidAuthorizationModeRule(), + NewGoogleRedisClusterInvalidTransitEncryptionModeRule(), NewGoogleRedisInstanceInvalidConnectModeRule(), NewGoogleRedisInstanceInvalidNameRule(), NewGoogleRedisInstanceInvalidReadReplicasModeRule(), NewGoogleRedisInstanceInvalidTierRule(), NewGoogleRedisInstanceInvalidTransitEncryptionModeRule(), + NewGoogleSecurityCenterFolderCustomModuleInvalidEnablementStateRule(), + NewGoogleSecurityCenterOrganizationCustomModuleInvalidEnablementStateRule(), + NewGoogleSecurityCenterProjectCustomModuleInvalidEnablementStateRule(), NewGoogleSecurityCenterSourceInvalidDisplayNameRule(), NewGoogleSpannerDatabaseInvalidDatabaseDialectRule(), NewGoogleSpannerDatabaseInvalidNameRule(), diff --git a/tools/magic-modules b/tools/magic-modules index e70e863..7ea6b9f 160000 --- a/tools/magic-modules +++ b/tools/magic-modules @@ -1 +1 @@ -Subproject commit e70e8636274e5638b68cbb8fbfb114e2347689a0 +Subproject commit 7ea6b9fdb26196aae25a9e59b5204b3fc00fb507