generated from terraform-linters/tflint-ruleset-template
-
Notifications
You must be signed in to change notification settings - Fork 75
/
Copy pathaws_elasticache_cluster_invalid_security_group.go
107 lines (90 loc) · 2.97 KB
/
aws_elasticache_cluster_invalid_security_group.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
// This file generated by `generator/main.go`. DO NOT EDIT
package api
import (
"fmt"
hcl "github.com/hashicorp/hcl/v2"
"github.com/terraform-linters/tflint-plugin-sdk/hclext"
"github.com/terraform-linters/tflint-plugin-sdk/logger"
"github.com/terraform-linters/tflint-plugin-sdk/tflint"
"github.com/terraform-linters/tflint-ruleset-aws/aws"
)
// AwsElastiCacheClusterInvalidSecurityGroupRule checks whether attribute value actually exists
type AwsElastiCacheClusterInvalidSecurityGroupRule struct {
tflint.DefaultRule
resourceType string
attributeName string
data map[string]bool
dataPrepared bool
}
// NewAwsElastiCacheClusterInvalidSecurityGroupRule returns new rule with default attributes
func NewAwsElastiCacheClusterInvalidSecurityGroupRule() *AwsElastiCacheClusterInvalidSecurityGroupRule {
return &AwsElastiCacheClusterInvalidSecurityGroupRule{
resourceType: "aws_elasticache_cluster",
attributeName: "security_group_ids",
data: map[string]bool{},
dataPrepared: false,
}
}
// Name returns the rule name
func (r *AwsElastiCacheClusterInvalidSecurityGroupRule) Name() string {
return "aws_elasticache_cluster_invalid_security_group"
}
// Enabled returns whether the rule is enabled by default
func (r *AwsElastiCacheClusterInvalidSecurityGroupRule) Enabled() bool {
return true
}
// Severity returns the rule severity
func (r *AwsElastiCacheClusterInvalidSecurityGroupRule) Severity() tflint.Severity {
return tflint.ERROR
}
// Link returns the rule reference link
func (r *AwsElastiCacheClusterInvalidSecurityGroupRule) Link() string {
return ""
}
// Metadata returns the metadata about deep checking
func (r *AwsElastiCacheClusterInvalidSecurityGroupRule) Metadata() interface{} {
return map[string]bool{"deep": true}
}
// Check checks whether the attributes are included in the list retrieved by DescribeSecurityGroups
func (r *AwsElastiCacheClusterInvalidSecurityGroupRule) Check(rr tflint.Runner) error {
runner := rr.(*aws.Runner)
resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
Attributes: []hclext.AttributeSchema{
{Name: r.attributeName},
{Name: "provider"},
},
}, nil)
if err != nil {
return err
}
for _, resource := range resources.Blocks {
attribute, exists := resource.Body.Attributes[r.attributeName]
if !exists {
continue
}
if !r.dataPrepared {
awsClient, err := runner.AwsClient(resource.Body.Attributes)
if err != nil {
return err
}
logger.Debug("invoking DescribeSecurityGroups")
r.data, err = awsClient.DescribeSecurityGroups()
if err != nil {
err := fmt.Errorf("An error occurred while invoking DescribeSecurityGroups; %w", err)
logger.Error("%s", err)
return err
}
r.dataPrepared = true
}
return runner.EachStringSliceExprs(attribute.Expr, func(val string, expr hcl.Expression) {
if !r.data[val] {
runner.EmitIssue(
r,
fmt.Sprintf(`"%s" is invalid security group.`, val),
expr.Range(),
)
}
})
}
return nil
}