Merge pull request #846 from terraform-linters/bump_aws_provider

Bump terraform-provider-aws to v2.70.0 from v2.68.0

Author: wata727

client/aws_ec2_mock.go

@@ -3,7 +3,7 @@
 Some inspections implicitly assume the behavior of a specific version of provider plugins or Terraform. This always assumes the latest version and is as follows:
 
 - Terraform v0.12.28
-- AWS Provider v2.68.0
+- AWS Provider v2.70.0
 
 Of course, TFLint may work correctly if you run it on other versions. But, false positives/negatives can occur based on this assumption.
 

docs/guides/compatibility.md

@@ -3,7 +3,7 @@ module github.com/terraform-linters/tflint
 go 1.14
 
 require (
-	github.com/aws/aws-sdk-go v1.32.11
+	github.com/aws/aws-sdk-go v1.32.12
 	github.com/fatih/color v1.9.0
 	github.com/golang/mock v1.4.3
 	github.com/google/go-cmp v0.5.0
@@ -22,9 +22,9 @@ require (
 	github.com/sourcegraph/jsonrpc2 v0.0.0-20190106185902-35a74f039c6a
 	github.com/spf13/afero v1.3.1
 	github.com/terraform-linters/tflint-plugin-sdk v0.3.0
-	github.com/terraform-providers/terraform-provider-aws v2.68.0+incompatible
+	github.com/terraform-providers/terraform-provider-aws v2.70.0+incompatible
 	github.com/zclconf/go-cty v1.5.1
 	golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f
 )
 
-replace github.com/terraform-providers/terraform-provider-aws v2.68.0+incompatible => github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200625234409-8688f3adfb43
+replace github.com/terraform-providers/terraform-provider-aws v2.70.0+incompatible => github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200710175044-2f23a59662cc

go.mod

@@ -76,9 +76,8 @@ github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3A
 github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.30.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.32.3/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.32.11 h1:1nYF+Tfccn/hnAZsuwPPMSCVUVnx3j6LKOpx/WhgH0A=
-github.com/aws/aws-sdk-go v1.32.11/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
+github.com/aws/aws-sdk-go v1.32.12 h1:l/djCeLI4ggBFWLlYUGTqkHraoLnVMubNlLXPdEtoYc=
+github.com/aws/aws-sdk-go v1.32.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
@@ -595,8 +594,8 @@ github.com/tencentcloud/tencentcloud-sdk-go v3.0.82+incompatible/go.mod h1:0PfYo
 github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190808065407-f07404cefc8c/go.mod h1:wk2XFUg6egk4tSDNZtXeKfe2G6690UVyt163PuUxBZk=
 github.com/terraform-linters/tflint-plugin-sdk v0.3.0 h1:TUMBlM17mZKMzaZtp1KLj6T6BHLTunVQ/8f2cWOaMjY=
 github.com/terraform-linters/tflint-plugin-sdk v0.3.0/go.mod h1:QoSqSV/8GSOrQy3OStK3EEdsA3yZm13My4BQcnx3Zic=
-github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200625234409-8688f3adfb43 h1:tt30KJTNH0vBqyvbVhW+QHa2I1ciwh1XmyIl/m5fjJ4=
-github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200625234409-8688f3adfb43/go.mod h1:0U3OgA2uDYSc7gNkdWA92+/BxWXwuYhWqqZ4UhM1RCw=
+github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200710175044-2f23a59662cc h1:RNa/U0gK3SnatBwk9t/bCqK03u7fSvBMZMOnovUoCd0=
+github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200710175044-2f23a59662cc/go.mod h1:tJCY7WQBTQPyFIf0JOkHSwTMS46J/JTa8dxhwtMcwdY=
 github.com/terraform-providers/terraform-provider-openstack v1.15.0/go.mod h1:2aQ6n/BtChAl1y2S60vebhyJyZXBsuAI5G4+lHrT1Ew=
 github.com/tetafro/godot v0.3.3/go.mod h1:pT6/T8+h6//L/LwQcFc4C0xpfy1euZwzS1sHdrFCms0=
 github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=

go.sum

@@ -3,7 +3,9 @@
 package models
 
 import (
+	"fmt"
 	"log"
+	"regexp"
 
 	hcl "github.com/hashicorp/hcl/v2"
 	"github.com/terraform-linters/tflint/tflint"
@@ -15,6 +17,7 @@ type AwsEfsFileSystemInvalidCreationTokenRule struct {
 	attributeName string
 	max           int
 	min           int
+	pattern       *regexp.Regexp
 }
 
 // NewAwsEfsFileSystemInvalidCreationTokenRule returns new rule with default attributes
@@ -24,6 +27,7 @@ func NewAwsEfsFileSystemInvalidCreationTokenRule() *AwsEfsFileSystemInvalidCreat
 		attributeName: "creation_token",
 		max:           64,
 		min:           1,
+		pattern:       regexp.MustCompile(`^.+$`),
 	}
 }
 
@@ -70,6 +74,13 @@ func (r *AwsEfsFileSystemInvalidCreationTokenRule) Check(runner *tflint.Runner)
 					attribute.Expr.Range(),
 				)
 			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.+$`),
+					attribute.Expr.Range(),
+				)
+			}
 			return nil
 		})
 	})

rules/awsrules/models/aws-sdk-go

@@ -3,7 +3,9 @@
 package models
 
 import (
+	"fmt"
 	"log"
+	"regexp"
 
 	hcl "github.com/hashicorp/hcl/v2"
 	"github.com/terraform-linters/tflint/tflint"
@@ -14,7 +16,7 @@ type AwsEfsFileSystemInvalidKmsKeyIDRule struct {
 	resourceType  string
 	attributeName string
 	max           int
-	min           int
+	pattern       *regexp.Regexp
 }
 
 // NewAwsEfsFileSystemInvalidKmsKeyIDRule returns new rule with default attributes
@@ -23,7 +25,7 @@ func NewAwsEfsFileSystemInvalidKmsKeyIDRule() *AwsEfsFileSystemInvalidKmsKeyIDRu
 		resourceType:  "aws_efs_file_system",
 		attributeName: "kms_key_id",
 		max:           2048,
-		min:           1,
+		pattern:       regexp.MustCompile(`^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|alias/[a-zA-Z0-9/_-]+|(arn:aws[-a-z]*:kms:[a-z0-9-]+:\d{12}:((key/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(alias/[a-zA-Z0-9/_-]+))))$`),
 	}
 }
 
@@ -63,10 +65,10 @@ func (r *AwsEfsFileSystemInvalidKmsKeyIDRule) Check(runner *tflint.Runner) error
 					attribute.Expr.Range(),
 				)
 			}
-			if len(val) < r.min {
+			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					"kms_key_id must be 1 characters or higher",
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|alias/[a-zA-Z0-9/_-]+|(arn:aws[-a-z]*:kms:[a-z0-9-]+:\d{12}:((key/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(alias/[a-zA-Z0-9/_-]+))))$`),
 					attribute.Expr.Range(),
 				)
 			}

rules/awsrules/models/aws_efs_file_system_invalid_creation_token.go

@@ -0,0 +1,78 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint/tflint"
+)
+
+// AwsEfsMountTargetInvalidFileSystemIDRule checks the pattern is valid
+type AwsEfsMountTargetInvalidFileSystemIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsEfsMountTargetInvalidFileSystemIDRule returns new rule with default attributes
+func NewAwsEfsMountTargetInvalidFileSystemIDRule() *AwsEfsMountTargetInvalidFileSystemIDRule {
+	return &AwsEfsMountTargetInvalidFileSystemIDRule{
+		resourceType:  "aws_efs_mount_target",
+		attributeName: "file_system_id",
+		max:           128,
+		pattern:       regexp.MustCompile(`^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsEfsMountTargetInvalidFileSystemIDRule) Name() string {
+	return "aws_efs_mount_target_invalid_file_system_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsEfsMountTargetInvalidFileSystemIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsEfsMountTargetInvalidFileSystemIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsEfsMountTargetInvalidFileSystemIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsEfsMountTargetInvalidFileSystemIDRule) Check(runner *tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"file_system_id must be 128 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$`),
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}

rules/awsrules/models/aws_efs_file_system_invalid_kms_key_id.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint/tflint"
+)
+
+// AwsEfsMountTargetInvalidIPAddressRule checks the pattern is valid
+type AwsEfsMountTargetInvalidIPAddressRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsEfsMountTargetInvalidIPAddressRule returns new rule with default attributes
+func NewAwsEfsMountTargetInvalidIPAddressRule() *AwsEfsMountTargetInvalidIPAddressRule {
+	return &AwsEfsMountTargetInvalidIPAddressRule{
+		resourceType:  "aws_efs_mount_target",
+		attributeName: "ip_address",
+		max:           15,
+		min:           7,
+		pattern:       regexp.MustCompile(`^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsEfsMountTargetInvalidIPAddressRule) Name() string {
+	return "aws_efs_mount_target_invalid_ip_address"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsEfsMountTargetInvalidIPAddressRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsEfsMountTargetInvalidIPAddressRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsEfsMountTargetInvalidIPAddressRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsEfsMountTargetInvalidIPAddressRule) Check(runner *tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"ip_address must be 15 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"ip_address must be 7 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$`),
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}

rules/awsrules/models/aws_efs_mount_target_invalid_file_system_id.go

@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint/tflint"
+)
+
+// AwsEfsMountTargetInvalidSubnetIDRule checks the pattern is valid
+type AwsEfsMountTargetInvalidSubnetIDRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsEfsMountTargetInvalidSubnetIDRule returns new rule with default attributes
+func NewAwsEfsMountTargetInvalidSubnetIDRule() *AwsEfsMountTargetInvalidSubnetIDRule {
+	return &AwsEfsMountTargetInvalidSubnetIDRule{
+		resourceType:  "aws_efs_mount_target",
+		attributeName: "subnet_id",
+		max:           47,
+		min:           15,
+		pattern:       regexp.MustCompile(`^subnet-[0-9a-f]{8,40}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsEfsMountTargetInvalidSubnetIDRule) Name() string {
+	return "aws_efs_mount_target_invalid_subnet_id"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsEfsMountTargetInvalidSubnetIDRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsEfsMountTargetInvalidSubnetIDRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsEfsMountTargetInvalidSubnetIDRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsEfsMountTargetInvalidSubnetIDRule) Check(runner *tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"subnet_id must be 47 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"subnet_id must be 15 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^subnet-[0-9a-f]{8,40}$`),
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}

rules/awsrules/models/aws_efs_mount_target_invalid_ip_address.go

@@ -26,6 +26,7 @@ func NewAwsOrganizationsPolicyInvalidTypeRule() *AwsOrganizationsPolicyInvalidTy
 			"SERVICE_CONTROL_POLICY",
 			"TAG_POLICY",
 			"BACKUP_POLICY",
+			"AISERVICES_OPT_OUT_POLICY",
 		},
 	}
 }