From 1e50fb374afd0fa93cffde9159d461d06698f3c3 Mon Sep 17 00:00:00 2001
From: wata_mac <watassbass@gmail.com>
Date: Mon, 8 Jul 2019 22:36:10 +0900
Subject: [PATCH] Fix a false positive for `log-delivery-write` ACL

---
 rules/awsrules/{models => }/aws_s3_bucket_invalid_acl.go | 5 ++---
 rules/awsrules/models/mappings/s3.hcl                    | 2 +-
 rules/provider.go                                        | 1 +
 rules/provider_model.go                                  | 1 -
 4 files changed, 4 insertions(+), 5 deletions(-)
 rename rules/awsrules/{models => }/aws_s3_bucket_invalid_acl.go (95%)

diff --git a/rules/awsrules/models/aws_s3_bucket_invalid_acl.go b/rules/awsrules/aws_s3_bucket_invalid_acl.go
similarity index 95%
rename from rules/awsrules/models/aws_s3_bucket_invalid_acl.go
rename to rules/awsrules/aws_s3_bucket_invalid_acl.go
index 220db0475..bf1b79b9d 100644
--- a/rules/awsrules/models/aws_s3_bucket_invalid_acl.go
+++ b/rules/awsrules/aws_s3_bucket_invalid_acl.go
@@ -1,6 +1,4 @@
-// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
-
-package models
+package awsrules
 
 import (
 	"log"
@@ -27,6 +25,7 @@ func NewAwsS3BucketInvalidACLRule() *AwsS3BucketInvalidACLRule {
 			"public-read",
 			"public-read-write",
 			"authenticated-read",
+			"log-delivery-write",
 		},
 	}
 }
diff --git a/rules/awsrules/models/mappings/s3.hcl b/rules/awsrules/models/mappings/s3.hcl
index c14a95fc9..c6d491c46 100644
--- a/rules/awsrules/models/mappings/s3.hcl
+++ b/rules/awsrules/models/mappings/s3.hcl
@@ -11,7 +11,7 @@ mapping "aws_s3_account_public_access_block" {
 mapping "aws_s3_bucket" {
   bucket                               = BucketName
   bucket_prefix                        = any
-  acl                                  = BucketCannedACL
+  acl                                  = any // TODO: BucketCannedACL
   policy                               = Policy
   tags                                 = TagSet
   force_destroy                        = any
diff --git a/rules/provider.go b/rules/provider.go
index 281c40a6a..43dbcbaca 100644
--- a/rules/provider.go
+++ b/rules/provider.go
@@ -30,6 +30,7 @@ var manualRules = []Rule{
 	awsrules.NewAwsInstancePreviousTypeRule(),
 	awsrules.NewAwsRouteNotSpecifiedTargetRule(),
 	awsrules.NewAwsRouteSpecifiedMultipleTargetsRule(),
+	awsrules.NewAwsS3BucketInvalidACLRule(),
 	terraformrules.NewTerraformDocumentedOutputsRule(),
 	terraformrules.NewTerraformDocumentedVariablesRule(),
 	terraformrules.NewTerraformModulePinnedSourceRule(),
diff --git a/rules/provider_model.go b/rules/provider_model.go
index 06d8c9212..4abe5d245 100644
--- a/rules/provider_model.go
+++ b/rules/provider_model.go
@@ -520,7 +520,6 @@ var modelRules = []Rule{
 	awsmodelrules.NewAwsRoute53ZoneInvalidDelegationSetIDRule(),
 	awsmodelrules.NewAwsRoute53ZoneInvalidNameRule(),
 	awsmodelrules.NewAwsS3BucketInvalidAccelerationStatusRule(),
-	awsmodelrules.NewAwsS3BucketInvalidACLRule(),
 	awsmodelrules.NewAwsS3BucketInvalidRegionRule(),
 	awsmodelrules.NewAwsS3BucketInvalidRequestPayerRule(),
 	awsmodelrules.NewAwsS3BucketInventoryInvalidIncludedObjectVersionsRule(),