generated from terraform-linters/tflint-ruleset-template
-
Notifications
You must be signed in to change notification settings - Fork 75
/
Copy pathaws_launch_configuration_invalid_iam_profile.go
110 lines (93 loc) · 2.95 KB
/
aws_launch_configuration_invalid_iam_profile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
// This file generated by `generator/main.go`. DO NOT EDIT
package api
import (
"fmt"
"github.com/terraform-linters/tflint-plugin-sdk/hclext"
"github.com/terraform-linters/tflint-plugin-sdk/logger"
"github.com/terraform-linters/tflint-plugin-sdk/tflint"
"github.com/terraform-linters/tflint-ruleset-aws/aws"
)
// AwsLaunchConfigurationInvalidIAMProfileRule checks whether attribute value actually exists
type AwsLaunchConfigurationInvalidIAMProfileRule struct {
tflint.DefaultRule
resourceType string
attributeName string
data map[string]bool
dataPrepared bool
}
// NewAwsLaunchConfigurationInvalidIAMProfileRule returns new rule with default attributes
func NewAwsLaunchConfigurationInvalidIAMProfileRule() *AwsLaunchConfigurationInvalidIAMProfileRule {
return &AwsLaunchConfigurationInvalidIAMProfileRule{
resourceType: "aws_launch_configuration",
attributeName: "iam_instance_profile",
data: map[string]bool{},
dataPrepared: false,
}
}
// Name returns the rule name
func (r *AwsLaunchConfigurationInvalidIAMProfileRule) Name() string {
return "aws_launch_configuration_invalid_iam_profile"
}
// Enabled returns whether the rule is enabled by default
func (r *AwsLaunchConfigurationInvalidIAMProfileRule) Enabled() bool {
return true
}
// Severity returns the rule severity
func (r *AwsLaunchConfigurationInvalidIAMProfileRule) Severity() tflint.Severity {
return tflint.ERROR
}
// Link returns the rule reference link
func (r *AwsLaunchConfigurationInvalidIAMProfileRule) Link() string {
return ""
}
// Metadata returns the metadata about deep checking
func (r *AwsLaunchConfigurationInvalidIAMProfileRule) Metadata() interface{} {
return map[string]bool{"deep": true}
}
// Check checks whether the attributes are included in the list retrieved by ListInstanceProfiles
func (r *AwsLaunchConfigurationInvalidIAMProfileRule) Check(rr tflint.Runner) error {
runner := rr.(*aws.Runner)
resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
Attributes: []hclext.AttributeSchema{
{Name: r.attributeName},
{Name: "provider"},
},
}, nil)
if err != nil {
return err
}
for _, resource := range resources.Blocks {
attribute, exists := resource.Body.Attributes[r.attributeName]
if !exists {
continue
}
if !r.dataPrepared {
awsClient, err := runner.AwsClient(resource.Body.Attributes)
if err != nil {
return err
}
logger.Debug("invoking ListInstanceProfiles")
r.data, err = awsClient.ListInstanceProfiles()
if err != nil {
err := fmt.Errorf("An error occurred while invoking ListInstanceProfiles; %w", err)
logger.Error("%s", err)
return err
}
r.dataPrepared = true
}
err := runner.EvaluateExpr(attribute.Expr, func (val string) error {
if !r.data[val] {
runner.EmitIssue(
r,
fmt.Sprintf(`"%s" is invalid IAM profile name.`, val),
attribute.Expr.Range(),
)
}
return nil
}, nil)
if err != nil {
return err
}
}
return nil
}