forked from terraform-linters/tflint
/
aws_route_invalid_egress_only_gateway.go
89 lines (77 loc) · 2.63 KB
/
aws_route_invalid_egress_only_gateway.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package awsrules
import (
"fmt"
"log"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/hashicorp/hcl2/hcl"
"github.com/wata727/tflint/issue"
"github.com/wata727/tflint/tflint"
)
// AwsRouteInvalidEgressOnlyGatewayRule checks whether egress only gateway actually exists
type AwsRouteInvalidEgressOnlyGatewayRule struct {
resourceType string
attributeName string
egateways map[string]bool
dataPrepared bool
}
// NewAwsRouteInvalidEgressOnlyGatewayRule returns new rule with default attributes
func NewAwsRouteInvalidEgressOnlyGatewayRule() *AwsRouteInvalidEgressOnlyGatewayRule {
return &AwsRouteInvalidEgressOnlyGatewayRule{
resourceType: "aws_route",
attributeName: "egress_only_gateway_id",
egateways: map[string]bool{},
dataPrepared: false,
}
}
// Name returns the rule name
func (r *AwsRouteInvalidEgressOnlyGatewayRule) Name() string {
return "aws_route_invalid_egress_only_gateway"
}
// Enabled returns whether the rule is enabled by default
func (r *AwsRouteInvalidEgressOnlyGatewayRule) Enabled() bool {
return true
}
// Type returns the rule severity
func (r *AwsRouteInvalidEgressOnlyGatewayRule) Type() string {
return issue.ERROR
}
// Link returns the rule reference link
func (r *AwsRouteInvalidEgressOnlyGatewayRule) Link() string {
return ""
}
// Check checks whether `egress_only_gateway_id` are included in the list retrieved by `DescribeEgressOnlyInternetGateways`
func (r *AwsRouteInvalidEgressOnlyGatewayRule) Check(runner *tflint.Runner) error {
log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
if !r.dataPrepared {
log.Print("[DEBUG] Fetch egress only internet gateways")
resp, err := runner.AwsClient.EC2.DescribeEgressOnlyInternetGateways(&ec2.DescribeEgressOnlyInternetGatewaysInput{})
if err != nil {
err := &tflint.Error{
Code: tflint.ExternalAPIError,
Level: tflint.ErrorLevel,
Message: "An error occurred while describing egress only internet gateways",
Cause: err,
}
log.Printf("[ERROR] %s", err)
return err
}
for _, egateway := range resp.EgressOnlyInternetGateways {
r.egateways[*egateway.EgressOnlyInternetGatewayId] = true
}
r.dataPrepared = true
}
var egateway string
err := runner.EvaluateExpr(attribute.Expr, &egateway)
return runner.EnsureNoError(err, func() error {
if !r.egateways[egateway] {
runner.EmitIssue(
r,
fmt.Sprintf("\"%s\" is invalid egress only internet gateway ID.", egateway),
attribute.Expr.Range(),
)
}
return nil
})
})
}