terraform-linters · wata727 · Jun 27, 2019 · Jun 26, 2019 · ricoli · Jul 4, 2019
diff --git a/rules/awsrules/aws_s3_bucket_invalid_acl_test.go b/rules/awsrules/aws_s3_bucket_invalid_acl_test.go
diff --git a/rules/awsrules/aws_s3_bucket_invalid_acl.go → ...rules/models/aws_s3_bucket_invalid_acl.go b/rules/awsrules/aws_s3_bucket_invalid_acl.go → ...rules/models/aws_s3_bucket_invalid_acl.go
@@ -1,35 +1,32 @@
-package awsrules
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
 
 import (
-	"fmt"
 	"log"
 
 	"github.com/hashicorp/hcl2/hcl"
 	"github.com/wata727/tflint/issue"
 	"github.com/wata727/tflint/tflint"
 )
 
-// AwsS3BucketInvalidACLRule checks whether "aws_s3_bucket" has invalid ACL setting.
+// AwsS3BucketInvalidACLRule checks the pattern is valid
 type AwsS3BucketInvalidACLRule struct {
 	resourceType  string
 	attributeName string
-	aclTypes      map[string]bool
+	enum          []string
 }
 
 // NewAwsS3BucketInvalidACLRule returns new rule with default attributes
 func NewAwsS3BucketInvalidACLRule() *AwsS3BucketInvalidACLRule {
 	return &AwsS3BucketInvalidACLRule{
 		resourceType:  "aws_s3_bucket",
 		attributeName: "acl",
-		aclTypes: map[string]bool{
-			"private":                   true,
-			"public-read":               true,
-			"public-read-write":         true,
-			"aws-exec-read":             true,
-			"authenticated-read":        true,
-			"bucket-owner-read":         true,
-			"bucket-owner-full-control": true,
-			"log-delivery-write":        true,
+		enum: []string{
+			"private",
+			"public-read",
+			"public-read-write",
+			"authenticated-read",
 		},
 	}
 }
@@ -54,19 +51,25 @@ func (r *AwsS3BucketInvalidACLRule) Link() string {
 	return ""
 }
 
-// Check checks whether "aws_s3_bucket" has invalid ACL type.
+// Check checks the pattern is valid
 func (r *AwsS3BucketInvalidACLRule) Check(runner *tflint.Runner) error {
 	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
 
 	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
-		var acl string
-		err := runner.EvaluateExpr(attribute.Expr, &acl)
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
 
 		return runner.EnsureNoError(err, func() error {
-			if !r.aclTypes[acl] {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf("\"%s\" is invalid canned ACL type.", acl),
+					`acl is not a valid value`,
 					attribute.Expr.Range(),
 				)
 			}

diff --git a/rules/awsrules/models/mappings/s3.hcl b/rules/awsrules/models/mappings/s3.hcl
@@ -11,7 +11,7 @@ mapping "aws_s3_account_public_access_block" {
 mapping "aws_s3_bucket" {
   bucket                               = BucketName
   bucket_prefix                        = any
-  acl                                  = any // TODO: BucketCannedACL
+  acl                                  = BucketCannedACL
   policy                               = Policy
   tags                                 = TagSet
   force_destroy                        = any

diff --git a/rules/provider.go b/rules/provider.go
@@ -33,7 +33,6 @@ var manualRules = []Rule{
 	awsrules.NewAwsLaunchConfigurationInvalidTypeRule(),
 	awsrules.NewAwsRouteNotSpecifiedTargetRule(),
 	awsrules.NewAwsRouteSpecifiedMultipleTargetsRule(),
-	awsrules.NewAwsS3BucketInvalidACLRule(),
 	terraformrules.NewTerraformModulePinnedSourceRule(),
 }
 

diff --git a/rules/provider_model.go b/rules/provider_model.go
@@ -517,6 +517,7 @@ var modelRules = []Rule{
 	awsmodelrules.NewAwsRoute53ZoneInvalidDelegationSetIDRule(),
 	awsmodelrules.NewAwsRoute53ZoneInvalidNameRule(),
 	awsmodelrules.NewAwsS3BucketInvalidAccelerationStatusRule(),
+	awsmodelrules.NewAwsS3BucketInvalidACLRule(),
 	awsmodelrules.NewAwsS3BucketInvalidRegionRule(),
 	awsmodelrules.NewAwsS3BucketInvalidRequestPayerRule(),
 	awsmodelrules.NewAwsS3BucketInventoryInvalidIncludedObjectVersionsRule(),