linters: Update AWSR002 for default tags or replace with Semgrep check #18721
Labels
enhancement
Requests to existing resources that expand the functionality or scope.
linter
Pertains to changes to or issues with the various linters.
Comments
gdavison
added
enhancement
|
👍 Migrating this from go/analysis to semgrep since the checking needs to be contextually aware, which is hard to do correctly in AST-land and the lack of Go type matching shouldn't be too much of an issue. |
|
Not sure if we want to bundle with this issue here, but we should also add other - id: UpdateContextFunc-GetChange
fix: d.GetChange("tags_all")
languages: [go]
message: Update GetChange attribute in UpdateContextFunc
paths:
exclude:
- 'aws/resource_aws_inspector_resource_group.go'
include:
- 'aws/'
patterns:
- pattern: d.GetChange("tags")
- pattern-inside: func $FUNCNAME(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { ... }
- metavariable-regex:
metavariable: "$FUNCNAME"
regex: "^resource.*Update$"
severity: WARNING
- id: UpdateFunc-GetChange
fix: d.GetChange("tags_all")
languages: [go]
message: Update GetChange attribute in UpdateFunc
paths:
exclude:
- 'aws/resource_aws_inspector_resource_group.go'
include:
- 'aws/'
patterns:
- pattern: d.GetChange("tags")
- pattern-inside: func $FUNCNAME(d *schema.ResourceData, meta interface{}) error { ... }
- metavariable-regex:
metavariable: "$FUNCNAME"
regex: "^resource.*Update$"
severity: WARNING
- id: UpdateContextFunc-HasChange
fix: d.HasChange("tags_all")
languages: [go]
message: Update HasChange attribute in UpdateContextFunc
paths:
exclude:
- 'aws/resource_aws_inspector_resource_group.go'
include:
- 'aws/'
patterns:
- pattern: d.HasChange("tags")
- pattern-inside: func $FUNCNAME(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { ... }
- metavariable-regex:
metavariable: "$FUNCNAME"
regex: "^resource.*Update$"
severity: WARNING
- id: UpdateFunc-HasChange
fix: d.HasChange("tags_all")
languages: [go]
message: Update HasChange attribute in UpdateFunc
paths:
exclude:
- 'aws/resource_aws_inspector_resource_group.go'
include:
- 'aws/'
patterns:
- pattern: d.HasChange("tags")
- pattern-inside: func $FUNCNAME(d *schema.ResourceData, meta interface{}) error { ... }
- metavariable-regex:
metavariable: "$FUNCNAME"
regex: "^resource.*Update$"
severity: WARNING
- id: UpdateContextFunc-HasChangesExcept
fix: d.HasChangesExcept("tags", "tags_all")
languages: [go]
message: Update HasChange attribute in UpdateContextFunc
paths:
exclude:
- 'aws/resource_aws_inspector_resource_group.go'
include:
- 'aws/'
patterns:
- pattern-either:
- pattern: d.HasChangeExcept("tags")
- pattern: d.HasChangesExcept("tags")
- pattern-inside: func $FUNCNAME(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { ... }
- metavariable-regex:
metavariable: "$FUNCNAME"
regex: "^resource.*Update$"
severity: WARNING
- id: UpdateFunc-HasChangesExcept
fix: d.HasChangesExcept("tags", "tags_all")
languages: [go]
message: Update HasChange attribute in UpdateFunc
paths:
exclude:
- 'aws/resource_aws_inspector_resource_group.go'
include:
- 'aws/'
patterns:
- pattern-either:
- pattern: d.HasChangeExcept("tags")
- pattern: d.HasChangesExcept("tags")
- pattern-inside: func $FUNCNAME(d *schema.ResourceData, meta interface{}) error { ... }
- metavariable-regex:
metavariable: "$FUNCNAME"
regex: "^resource.*Update$"
severity: WARNINGet al. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
awsproviderlintcheck AWSR002 checks for the use ofIgnoreAws()on thetagsvariable passed tod.Set("tags", ...). With support for default tags, the call theIgnoreAws()is typically no longer inline with the call tod.Set("tags", ...), so the check will fail.Either update the check to validate that
IgnoreAws()is called on the variable at some point prior to callingd.Set("tags", ...)or create a Semgrep rule to do the same.The following code should pass the check
The text was updated successfully, but these errors were encountered: