Merge pull request #112 from wata727/abstract_hcl_access

Provide abstract HCL access
terraform-linters · Jun 18, 2017 · 2ad0bc6 · 2ad0bc6
2 parents c850699 + 1b4bece
commit 2ad0bc6
Show file tree

Hide file tree

Showing 91 changed files with 1,868 additions and 493 deletions.
diff --git a/cli.go b/cli.go
@@ -11,6 +11,7 @@ import (
 	"github.com/wata727/tflint/detector"
 	"github.com/wata727/tflint/loader"
 	"github.com/wata727/tflint/printer"
+	"github.com/wata727/tflint/schema"
 )
 
 // Exit codes are int values that represent an exit code for a particular error.
@@ -106,8 +107,17 @@ func (cli *CLI) Run(args []string) int {
 
 	// If disabled test mode, generates real detector
 	if !cli.testMode {
-		templates, state, tfvars := cli.loader.Dump()
-		cli.detector, err = detector.NewDetector(templates, state, tfvars, c)
+		templates, files, state, tfvars := cli.loader.Dump()
+		schema, err := schema.Make(files)
+		if err != nil {
+			fmt.Fprintln(cli.errStream, fmt.Errorf("ERROR: Parse error: %s", err))
+			return ExitCodeError
+		}
+		cli.detector, err = detector.NewDetector(templates, schema, state, tfvars, c)
+		if err != nil {
+			fmt.Fprintln(cli.errStream, err)
+			return ExitCodeError
+		}
 	}
 	if err != nil {
 		fmt.Fprintln(cli.errStream, err)

diff --git a/detector/aws_alb_duplicate_name.go b/detector/aws_alb_duplicate_name.go
@@ -3,8 +3,8 @@ package detector
 import (
 	"fmt"
 
-	"github.com/hashicorp/hcl/hcl/ast"
 	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/schema"
 )
 
 type AwsALBDuplicateNameDetector struct {
@@ -38,10 +38,9 @@ func (d *AwsALBDuplicateNameDetector) PreProcess() {
 	}
 }
 
-func (d *AwsALBDuplicateNameDetector) Detect(file string, item *ast.ObjectItem, issues *[]*issue.Issue) {
-	nameToken, err := hclLiteralToken(item, "name")
-	if err != nil {
-		d.Logger.Error(err)
+func (d *AwsALBDuplicateNameDetector) Detect(resource *schema.Resource, issues *[]*issue.Issue) {
+	nameToken, ok := resource.GetToken("name")
+	if !ok {
 		return
 	}
 	name, err := d.evalToString(nameToken.Text)
@@ -50,12 +49,12 @@ func (d *AwsALBDuplicateNameDetector) Detect(file string, item *ast.ObjectItem,
 		return
 	}
 
-	if d.loadBalancers[name] && !d.State.Exists(d.Target, hclObjectKeyText(item)) {
+	if d.loadBalancers[name] && !d.State.Exists(d.Target, resource.Id) {
 		issue := &issue.Issue{
 			Type:    d.IssueType,
 			Message: fmt.Sprintf("\"%s\" is duplicate name. It must be unique.", name),
 			Line:    nameToken.Pos.Line,
-			File:    file,
+			File:    nameToken.Pos.Filename,
 		}
 		*issues = append(*issues, issue)
 	}

diff --git a/detector/aws_alb_duplicate_name_test.go b/detector/aws_alb_duplicate_name_test.go
@@ -28,15 +28,15 @@ resource "aws_alb" "test" {
     name = "test-alb-tf"
 }`,
 			Response: []*elbv2.LoadBalancer{
-				&elbv2.LoadBalancer{
+				{
 					LoadBalancerName: aws.String("test-alb-tf"),
 				},
-				&elbv2.LoadBalancer{
+				{
 					LoadBalancerName: aws.String("production-alb-tf"),
 				},
 			},
 			Issues: []*issue.Issue{
-				&issue.Issue{
+				{
 					Type:    "ERROR",
 					Message: "\"test-alb-tf\" is duplicate name. It must be unique.",
 					Line:    3,
@@ -51,10 +51,10 @@ resource "aws_alb" "test" {
     name = "test-alb-tf"
 }`,
 			Response: []*elbv2.LoadBalancer{
-				&elbv2.LoadBalancer{
+				{
 					LoadBalancerName: aws.String("staging-alb-tf"),
 				},
-				&elbv2.LoadBalancer{
+				{
 					LoadBalancerName: aws.String("production-alb-tf"),
 				},
 			},
@@ -113,10 +113,10 @@ resource "aws_alb" "test" {
 }
 `,
 			Response: []*elbv2.LoadBalancer{
-				&elbv2.LoadBalancer{
+				{
 					LoadBalancerName: aws.String("test-alb-tf"),
 				},
-				&elbv2.LoadBalancer{
+				{
 					LoadBalancerName: aws.String("production-alb-tf"),
 				},
 			},

diff --git a/detector/aws_alb_invaid_security_group.go b/detector/aws_alb_invaid_security_group.go
@@ -3,9 +3,9 @@ package detector
 import (
 	"fmt"
 
-	"github.com/hashicorp/hcl/hcl/ast"
 	"github.com/hashicorp/hcl/hcl/token"
 	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/schema"
 )
 
 type AwsALBInvalidSecurityGroupDetector struct {
@@ -39,21 +39,20 @@ func (d *AwsALBInvalidSecurityGroupDetector) PreProcess() {
 	}
 }
 
-func (d *AwsALBInvalidSecurityGroupDetector) Detect(file string, item *ast.ObjectItem, issues *[]*issue.Issue) {
+func (d *AwsALBInvalidSecurityGroupDetector) Detect(resource *schema.Resource, issues *[]*issue.Issue) {
 	var varToken token.Token
 	var securityGroupTokens []token.Token
-	var err error
-	if varToken, err = hclLiteralToken(item, "security_groups"); err == nil {
+	var ok bool
+	if varToken, ok = resource.GetToken("security_groups"); ok {
+		var err error
 		securityGroupTokens, err = d.evalToStringTokens(varToken)
 		if err != nil {
 			d.Logger.Error(err)
 			return
 		}
 	} else {
-		d.Logger.Error(err)
-		securityGroupTokens, err = hclLiteralListToken(item, "security_groups")
-		if err != nil {
-			d.Logger.Error(err)
+		securityGroupTokens, ok = resource.GetListToken("security_groups")
+		if !ok {
 			return
 		}
 	}
@@ -65,12 +64,16 @@ func (d *AwsALBInvalidSecurityGroupDetector) Detect(file string, item *ast.Objec
 			continue
 		}
 
+		// If `security_groups` is interpolated by list variable, Filename is empty.
+		if securityGroupToken.Pos.Filename == "" {
+			securityGroupToken.Pos.Filename = varToken.Pos.Filename
+		}
 		if !d.securityGroups[securityGroup] {
 			issue := &issue.Issue{
 				Type:    d.IssueType,
 				Message: fmt.Sprintf("\"%s\" is invalid security group.", securityGroup),
 				Line:    securityGroupToken.Pos.Line,
-				File:    file,
+				File:    securityGroupToken.Pos.Filename,
 			}
 			*issues = append(*issues, issue)
 		}

diff --git a/detector/aws_alb_invalid_security_group_test.go b/detector/aws_alb_invalid_security_group_test.go
@@ -30,21 +30,21 @@ resource "aws_alb" "balancer" {
     ]
 }`,
 			Response: []*ec2.SecurityGroup{
-				&ec2.SecurityGroup{
+				{
 					GroupId: aws.String("sg-12345678"),
 				},
-				&ec2.SecurityGroup{
+				{
 					GroupId: aws.String("sg-abcdefgh"),
 				},
 			},
 			Issues: []*issue.Issue{
-				&issue.Issue{
+				{
 					Type:    "ERROR",
 					Message: "\"sg-1234abcd\" is invalid security group.",
 					Line:    4,
 					File:    "test.tf",
 				},
-				&issue.Issue{
+				{
 					Type:    "ERROR",
 					Message: "\"sg-abcd1234\" is invalid security group.",
 					Line:    5,
@@ -62,15 +62,48 @@ resource "aws_alb" "balancer" {
     ]
 }`,
 			Response: []*ec2.SecurityGroup{
-				&ec2.SecurityGroup{
+				{
 					GroupId: aws.String("sg-1234abcd"),
 				},
-				&ec2.SecurityGroup{
+				{
 					GroupId: aws.String("sg-abcd1234"),
 				},
 			},
 			Issues: []*issue.Issue{},
 		},
+		{
+			Name: "use list variables",
+			Src: `
+variable "security_groups" {
+    default = ["sg-1234abcd", "sg-abcd1234"]
+}
+
+resource "aws_alb" "balancer" {
+    security_groups = "${var.security_groups}"
+}`,
+			Response: []*ec2.SecurityGroup{
+				{
+					GroupId: aws.String("sg-12345678"),
+				},
+				{
+					GroupId: aws.String("sg-abcdefgh"),
+				},
+			},
+			Issues: []*issue.Issue{
+				{
+					Type:    "ERROR",
+					Message: "\"sg-1234abcd\" is invalid security group.",
+					Line:    7,
+					File:    "test.tf",
+				},
+				{
+					Type:    "ERROR",
+					Message: "\"sg-abcd1234\" is invalid security group.",
+					Line:    7,
+					File:    "test.tf",
+				},
+			},
+		},
 	}
 
 	for _, tc := range cases {

diff --git a/detector/aws_alb_invalid_subnet.go b/detector/aws_alb_invalid_subnet.go
@@ -3,9 +3,9 @@ package detector
 import (
 	"fmt"
 
-	"github.com/hashicorp/hcl/hcl/ast"
 	"github.com/hashicorp/hcl/hcl/token"
 	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/schema"
 )
 
 type AwsALBInvalidSubnetDetector struct {
@@ -39,21 +39,20 @@ func (d *AwsALBInvalidSubnetDetector) PreProcess() {
 	}
 }
 
-func (d *AwsALBInvalidSubnetDetector) Detect(file string, item *ast.ObjectItem, issues *[]*issue.Issue) {
+func (d *AwsALBInvalidSubnetDetector) Detect(resource *schema.Resource, issues *[]*issue.Issue) {
 	var varToken token.Token
 	var subnetTokens []token.Token
-	var err error
-	if varToken, err = hclLiteralToken(item, "subnets"); err == nil {
+	var ok bool
+	if varToken, ok = resource.GetToken("subnets"); ok {
+		var err error
 		subnetTokens, err = d.evalToStringTokens(varToken)
 		if err != nil {
 			d.Logger.Error(err)
 			return
 		}
 	} else {
-		d.Logger.Error(err)
-		subnetTokens, err = hclLiteralListToken(item, "subnets")
-		if err != nil {
-			d.Logger.Error(err)
+		subnetTokens, ok = resource.GetListToken("subnets")
+		if !ok {
 			return
 		}
 	}
@@ -65,12 +64,16 @@ func (d *AwsALBInvalidSubnetDetector) Detect(file string, item *ast.ObjectItem,
 			continue
 		}
 
+		// If `subnets` is interpolated by list variable, Filename is empty.
+		if subnetToken.Pos.Filename == "" {
+			subnetToken.Pos.Filename = varToken.Pos.Filename
+		}
 		if !d.subnets[subnet] {
 			issue := &issue.Issue{
 				Type:    d.IssueType,
 				Message: fmt.Sprintf("\"%s\" is invalid subnet ID.", subnet),
 				Line:    subnetToken.Pos.Line,
-				File:    file,
+				File:    subnetToken.Pos.Filename,
 			}
 			*issues = append(*issues, issue)
 		}

diff --git a/detector/aws_alb_invalid_subnet_test.go b/detector/aws_alb_invalid_subnet_test.go
@@ -30,21 +30,21 @@ resource "aws_alb" "balancer" {
     ]
 }`,
 			Response: []*ec2.Subnet{
-				&ec2.Subnet{
+				{
 					SubnetId: aws.String("subnet-12345678"),
 				},
-				&ec2.Subnet{
+				{
 					SubnetId: aws.String("subnet-abcdefgh"),
 				},
 			},
 			Issues: []*issue.Issue{
-				&issue.Issue{
+				{
 					Type:    "ERROR",
 					Message: "\"subnet-1234abcd\" is invalid subnet ID.",
 					Line:    4,
 					File:    "test.tf",
 				},
-				&issue.Issue{
+				{
 					Type:    "ERROR",
 					Message: "\"subnet-abcd1234\" is invalid subnet ID.",
 					Line:    5,
@@ -62,10 +62,30 @@ resource "aws_alb" "balancer" {
     ]
 }`,
 			Response: []*ec2.Subnet{
-				&ec2.Subnet{
+				{
 					SubnetId: aws.String("subnet-1234abcd"),
 				},
-				&ec2.Subnet{
+				{
+					SubnetId: aws.String("subnet-abcd1234"),
+				},
+			},
+			Issues: []*issue.Issue{},
+		},
+		{
+			Name: "use list variables",
+			Src: `
+varaible "subnets" {
+    default = ["subnet-1234abcd", "subnet-abcd1234"]
+}
+
+resource "aws_alb" "balancer" {
+    subnets = "${var.subnets}"
+}`,
+			Response: []*ec2.Subnet{
+				{
+					SubnetId: aws.String("subnet-1234abcd"),
+				},
+				{
 					SubnetId: aws.String("subnet-abcd1234"),
 				},
 			},

diff --git a/detector/aws_cloudwatch_metric_alarm_invalid_unit.go b/detector/aws_cloudwatch_metric_alarm_invalid_unit.go
@@ -3,8 +3,8 @@ package detector
 import (
 	"fmt"
 
-	"github.com/hashicorp/hcl/hcl/ast"
 	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/schema"
 )
 
 type AwsCloudWatchMetricAlarmInvalidUnitDetector struct {
@@ -58,10 +58,9 @@ func (d *AwsCloudWatchMetricAlarmInvalidUnitDetector) PreProcess() {
 	}
 }
 
-func (d *AwsCloudWatchMetricAlarmInvalidUnitDetector) Detect(file string, item *ast.ObjectItem, issues *[]*issue.Issue) {
-	unitToken, err := hclLiteralToken(item, "unit")
-	if err != nil {
-		d.Logger.Error(err)
+func (d *AwsCloudWatchMetricAlarmInvalidUnitDetector) Detect(resource *schema.Resource, issues *[]*issue.Issue) {
+	unitToken, ok := resource.GetToken("unit")
+	if !ok {
 		return
 	}
 	unit, err := d.evalToString(unitToken.Text)
@@ -75,7 +74,7 @@ func (d *AwsCloudWatchMetricAlarmInvalidUnitDetector) Detect(file string, item *
 			Type:    d.IssueType,
 			Message: fmt.Sprintf("\"%s\" is invalid unit.", unit),
 			Line:    unitToken.Pos.Line,
-			File:    file,
+			File:    unitToken.Pos.Filename,
 		}
 		*issues = append(*issues, issue)
 	}