github.com/wata727/tflint@v0.12.2-0.20191013070026-96dd0d36f385/rules/awsrules/aws_s3_bucket_invalid_acl.go (about) 1 package awsrules 2 3 import ( 4 "log" 5 6 hcl "github.com/hashicorp/hcl/v2" 7 "github.com/wata727/tflint/tflint" 8 ) 9 10 // AwsS3BucketInvalidACLRule checks the pattern is valid 11 type AwsS3BucketInvalidACLRule struct { 12 resourceType string 13 attributeName string 14 enum []string 15 } 16 17 // NewAwsS3BucketInvalidACLRule returns new rule with default attributes 18 func NewAwsS3BucketInvalidACLRule() *AwsS3BucketInvalidACLRule { 19 return &AwsS3BucketInvalidACLRule{ 20 resourceType: "aws_s3_bucket", 21 attributeName: "acl", 22 enum: []string{ 23 "private", 24 "public-read", 25 "public-read-write", 26 "aws-exec-read", 27 "authenticated-read", 28 "log-delivery-write", 29 }, 30 } 31 } 32 33 // Name returns the rule name 34 func (r *AwsS3BucketInvalidACLRule) Name() string { 35 return "aws_s3_bucket_invalid_acl" 36 } 37 38 // Enabled returns whether the rule is enabled by default 39 func (r *AwsS3BucketInvalidACLRule) Enabled() bool { 40 return true 41 } 42 43 // Severity returns the rule severity 44 func (r *AwsS3BucketInvalidACLRule) Severity() string { 45 return tflint.ERROR 46 } 47 48 // Link returns the rule reference link 49 func (r *AwsS3BucketInvalidACLRule) Link() string { 50 return "" 51 } 52 53 // Check checks the pattern is valid 54 func (r *AwsS3BucketInvalidACLRule) Check(runner *tflint.Runner) error { 55 log.Printf("[TRACE] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath()) 56 57 return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { 58 var val string 59 err := runner.EvaluateExpr(attribute.Expr, &val) 60 61 return runner.EnsureNoError(err, func() error { 62 found := false 63 for _, item := range r.enum { 64 if item == val { 65 found = true 66 } 67 } 68 if !found { 69 runner.EmitIssue( 70 r, 71 `acl is not a valid value`, 72 attribute.Expr.Range(), 73 ) 74 } 75 return nil 76 }) 77 }) 78 }