github.com/wata727/tflint@v0.12.2-0.20191013070026-96dd0d36f385/rules/awsrules/aws_s3_bucket_invalid_acl.go (about)

     1  package awsrules
     2  
     3  import (
     4  	"log"
     5  
     6  	hcl "github.com/hashicorp/hcl/v2"
     7  	"github.com/wata727/tflint/tflint"
     8  )
     9  
    10  // AwsS3BucketInvalidACLRule checks the pattern is valid
    11  type AwsS3BucketInvalidACLRule struct {
    12  	resourceType  string
    13  	attributeName string
    14  	enum          []string
    15  }
    16  
    17  // NewAwsS3BucketInvalidACLRule returns new rule with default attributes
    18  func NewAwsS3BucketInvalidACLRule() *AwsS3BucketInvalidACLRule {
    19  	return &AwsS3BucketInvalidACLRule{
    20  		resourceType:  "aws_s3_bucket",
    21  		attributeName: "acl",
    22  		enum: []string{
    23  			"private",
    24  			"public-read",
    25  			"public-read-write",
    26  			"aws-exec-read",
    27  			"authenticated-read",
    28  			"log-delivery-write",
    29  		},
    30  	}
    31  }
    32  
    33  // Name returns the rule name
    34  func (r *AwsS3BucketInvalidACLRule) Name() string {
    35  	return "aws_s3_bucket_invalid_acl"
    36  }
    37  
    38  // Enabled returns whether the rule is enabled by default
    39  func (r *AwsS3BucketInvalidACLRule) Enabled() bool {
    40  	return true
    41  }
    42  
    43  // Severity returns the rule severity
    44  func (r *AwsS3BucketInvalidACLRule) Severity() string {
    45  	return tflint.ERROR
    46  }
    47  
    48  // Link returns the rule reference link
    49  func (r *AwsS3BucketInvalidACLRule) Link() string {
    50  	return ""
    51  }
    52  
    53  // Check checks the pattern is valid
    54  func (r *AwsS3BucketInvalidACLRule) Check(runner *tflint.Runner) error {
    55  	log.Printf("[TRACE] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
    56  
    57  	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
    58  		var val string
    59  		err := runner.EvaluateExpr(attribute.Expr, &val)
    60  
    61  		return runner.EnsureNoError(err, func() error {
    62  			found := false
    63  			for _, item := range r.enum {
    64  				if item == val {
    65  					found = true
    66  				}
    67  			}
    68  			if !found {
    69  				runner.EmitIssue(
    70  					r,
    71  					`acl is not a valid value`,
    72  					attribute.Expr.Range(),
    73  				)
    74  			}
    75  			return nil
    76  		})
    77  	})
    78  }