diff --git a/rules/magicmodules/api_definition.go b/rules/magicmodules/api_definition.go index 24eeb416..724531a7 100644 --- a/rules/magicmodules/api_definition.go +++ b/rules/magicmodules/api_definition.go @@ -43,6 +43,7 @@ var APIDefinition = map[string]string{ "google_apigee_app_group": "apigee.googleapis.com", "google_apigee_control_plane_access": "apigee.googleapis.com", "google_apigee_developer": "apigee.googleapis.com", + "google_apigee_developer_app": "apigee.googleapis.com", "google_apigee_dns_zone": "apigee.googleapis.com", "google_apigee_endpoint_attachment": "apigee.googleapis.com", "google_apigee_env_keystore": "apigee.googleapis.com", @@ -51,6 +52,7 @@ var APIDefinition = map[string]string{ "google_apigee_envgroup_attachment": "apigee.googleapis.com", "google_apigee_environment": "apigee.googleapis.com", "google_apigee_environment_addons_config": "apigee.googleapis.com", + "google_apigee_environment_api_revision_deployment": "apigee.googleapis.com", "google_apigee_environment_keyvaluemaps": "apigee.googleapis.com", "google_apigee_environment_keyvaluemaps_entries": "apigee.googleapis.com", "google_apigee_instance": "apigee.googleapis.com", @@ -135,6 +137,8 @@ var APIDefinition = map[string]string{ "google_cloud_run_v2_service": "run.googleapis.com", "google_cloud_run_v2_worker_pool": "run.googleapis.com", "google_cloud_scheduler_job": "cloudscheduler.googleapis.com", + "google_cloud_security_compliance_cloud_control": "cloudsecuritycompliance.googleapis.com", + "google_cloud_security_compliance_framework": "cloudsecuritycompliance.googleapis.com", "google_cloud_tasks_queue": "cloudtasks.googleapis.com", "google_cloudbuild_bitbucket_server_config": "cloudbuild.googleapis.com", "google_cloudbuild_trigger": "cloudbuild.googleapis.com", @@ -193,6 +197,7 @@ var APIDefinition = map[string]string{ "google_compute_node_template": "compute.googleapis.com", "google_compute_packet_mirroring": "compute.googleapis.com", "google_compute_per_instance_config": "compute.googleapis.com", + "google_compute_preview_feature": "compute.googleapis.com", "google_compute_project_cloud_armor_tier": "compute.googleapis.com", "google_compute_public_advertised_prefix": "compute.googleapis.com", "google_compute_public_delegated_prefix": "compute.googleapis.com", @@ -267,6 +272,7 @@ var APIDefinition = map[string]string{ "google_dataplex_datascan": "dataplex.googleapis.com", "google_dataplex_entry": "dataplex.googleapis.com", "google_dataplex_entry_group": "dataplex.googleapis.com", + "google_dataplex_entry_link": "dataplex.googleapis.com", "google_dataplex_entry_type": "dataplex.googleapis.com", "google_dataplex_glossary": "dataplex.googleapis.com", "google_dataplex_glossary_category": "dataplex.googleapis.com", @@ -335,6 +341,7 @@ var APIDefinition = map[string]string{ "google_firestore_document": "firestore.googleapis.com", "google_firestore_field": "firestore.googleapis.com", "google_firestore_index": "firestore.googleapis.com", + "google_firestore_user_creds": "firestore.googleapis.com", "google_folder_access_approval_settings": "accessapproval.googleapis.com", "google_gemini_code_repository_index": "cloudaicompanion.googleapis.com", "google_gemini_code_tools_setting": "cloudaicompanion.googleapis.com", @@ -383,6 +390,7 @@ var APIDefinition = map[string]string{ "google_iam_workforce_pool": "iam.googleapis.com", "google_iam_workforce_pool_provider": "iam.googleapis.com", "google_iam_workforce_pool_provider_key": "iam.googleapis.com", + "google_iam_workforce_pool_provider_scim_tenant": "iam.googleapis.com", "google_iam_workload_identity_pool": "iam.googleapis.com", "google_iam_workload_identity_pool_provider": "iam.googleapis.com", "google_iap_brand": "iap.googleapis.com", @@ -500,6 +508,7 @@ var APIDefinition = map[string]string{ "google_oracle_database_autonomous_database": "oracledatabase.googleapis.com", "google_oracle_database_cloud_exadata_infrastructure": "oracledatabase.googleapis.com", "google_oracle_database_cloud_vm_cluster": "oracledatabase.googleapis.com", + "google_oracle_database_db_system": "oracledatabase.googleapis.com", "google_oracle_database_odb_network": "oracledatabase.googleapis.com", "google_oracle_database_odb_subnet": "oracledatabase.googleapis.com", "google_org_policy_custom_constraint": "orgpolicy.googleapis.com", diff --git a/rules/magicmodules/google_beyondcorp_security_gateway_application_invalid_schema.go b/rules/magicmodules/google_beyondcorp_security_gateway_application_invalid_schema.go new file mode 100644 index 00000000..8352ea8a --- /dev/null +++ b/rules/magicmodules/google_beyondcorp_security_gateway_application_invalid_schema.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule checks the pattern is valid +type GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule returns new rule with default attributes +func NewGoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule() *GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule { + return &GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule{ + resourceType: "google_beyondcorp_security_gateway_application", + attributeName: "schema", + } +} + +// Name returns the rule name +func (r *GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule) Name() string { + return "google_beyondcorp_security_gateway_application_invalid_schema" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"PROXY_GATEWAY", "API_GATEWAY", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_compute_network_firewall_policy_invalid_policy_type.go b/rules/magicmodules/google_compute_network_firewall_policy_invalid_policy_type.go new file mode 100644 index 00000000..8e70d3d5 --- /dev/null +++ b/rules/magicmodules/google_compute_network_firewall_policy_invalid_policy_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule checks the pattern is valid +type GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule returns new rule with default attributes +func NewGoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule() *GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule { + return &GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule{ + resourceType: "google_compute_network_firewall_policy", + attributeName: "policy_type", + } +} + +// Name returns the rule name +func (r *GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule) Name() string { + return "google_compute_network_firewall_policy_invalid_policy_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"VPC_POLICY", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_compute_network_firewall_policy_with_rules_invalid_policy_type.go b/rules/magicmodules/google_compute_network_firewall_policy_with_rules_invalid_policy_type.go new file mode 100644 index 00000000..5e75b51b --- /dev/null +++ b/rules/magicmodules/google_compute_network_firewall_policy_with_rules_invalid_policy_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule checks the pattern is valid +type GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule returns new rule with default attributes +func NewGoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule() *GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule { + return &GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule{ + resourceType: "google_compute_network_firewall_policy_with_rules", + attributeName: "policy_type", + } +} + +// Name returns the rule name +func (r *GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Name() string { + return "google_compute_network_firewall_policy_with_rules_invalid_policy_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"VPC_POLICY", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_compute_preview_feature_invalid_activation_status.go b/rules/magicmodules/google_compute_preview_feature_invalid_activation_status.go new file mode 100644 index 00000000..d94efcbf --- /dev/null +++ b/rules/magicmodules/google_compute_preview_feature_invalid_activation_status.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleComputePreviewFeatureInvalidActivationStatusRule checks the pattern is valid +type GoogleComputePreviewFeatureInvalidActivationStatusRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleComputePreviewFeatureInvalidActivationStatusRule returns new rule with default attributes +func NewGoogleComputePreviewFeatureInvalidActivationStatusRule() *GoogleComputePreviewFeatureInvalidActivationStatusRule { + return &GoogleComputePreviewFeatureInvalidActivationStatusRule{ + resourceType: "google_compute_preview_feature", + attributeName: "activation_status", + } +} + +// Name returns the rule name +func (r *GoogleComputePreviewFeatureInvalidActivationStatusRule) Name() string { + return "google_compute_preview_feature_invalid_activation_status" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleComputePreviewFeatureInvalidActivationStatusRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleComputePreviewFeatureInvalidActivationStatusRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleComputePreviewFeatureInvalidActivationStatusRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleComputePreviewFeatureInvalidActivationStatusRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"ENABLED", "ACTIVATION_STATE_UNSPECIFIED"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_compute_region_network_firewall_policy_invalid_policy_type.go b/rules/magicmodules/google_compute_region_network_firewall_policy_invalid_policy_type.go new file mode 100644 index 00000000..674f6e47 --- /dev/null +++ b/rules/magicmodules/google_compute_region_network_firewall_policy_invalid_policy_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule checks the pattern is valid +type GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule returns new rule with default attributes +func NewGoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule() *GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule { + return &GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule{ + resourceType: "google_compute_region_network_firewall_policy", + attributeName: "policy_type", + } +} + +// Name returns the rule name +func (r *GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule) Name() string { + return "google_compute_region_network_firewall_policy_invalid_policy_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"VPC_POLICY", "RDMA_ROCE_POLICY", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_compute_region_network_firewall_policy_with_rules_invalid_policy_type.go b/rules/magicmodules/google_compute_region_network_firewall_policy_with_rules_invalid_policy_type.go new file mode 100644 index 00000000..11a2e7f1 --- /dev/null +++ b/rules/magicmodules/google_compute_region_network_firewall_policy_with_rules_invalid_policy_type.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule checks the pattern is valid +type GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule returns new rule with default attributes +func NewGoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule() *GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule { + return &GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule{ + resourceType: "google_compute_region_network_firewall_policy_with_rules", + attributeName: "policy_type", + } +} + +// Name returns the rule name +func (r *GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Name() string { + return "google_compute_region_network_firewall_policy_with_rules_invalid_policy_type" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"VPC_POLICY", "RDMA_ROCE_POLICY", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_dataplex_aspect_type_invalid_data_classification.go b/rules/magicmodules/google_dataplex_aspect_type_invalid_data_classification.go new file mode 100644 index 00000000..b9f006d8 --- /dev/null +++ b/rules/magicmodules/google_dataplex_aspect_type_invalid_data_classification.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleDataplexAspectTypeInvalidDataClassificationRule checks the pattern is valid +type GoogleDataplexAspectTypeInvalidDataClassificationRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleDataplexAspectTypeInvalidDataClassificationRule returns new rule with default attributes +func NewGoogleDataplexAspectTypeInvalidDataClassificationRule() *GoogleDataplexAspectTypeInvalidDataClassificationRule { + return &GoogleDataplexAspectTypeInvalidDataClassificationRule{ + resourceType: "google_dataplex_aspect_type", + attributeName: "data_classification", + } +} + +// Name returns the rule name +func (r *GoogleDataplexAspectTypeInvalidDataClassificationRule) Name() string { + return "google_dataplex_aspect_type_invalid_data_classification" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleDataplexAspectTypeInvalidDataClassificationRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleDataplexAspectTypeInvalidDataClassificationRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleDataplexAspectTypeInvalidDataClassificationRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleDataplexAspectTypeInvalidDataClassificationRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"DATA_CLASSIFICATION_UNSPECIFIED", "METADATA_AND_DATA", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_discovery_engine_license_config_invalid_subscription_term.go b/rules/magicmodules/google_discovery_engine_license_config_invalid_subscription_term.go new file mode 100644 index 00000000..a21e509a --- /dev/null +++ b/rules/magicmodules/google_discovery_engine_license_config_invalid_subscription_term.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule checks the pattern is valid +type GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule returns new rule with default attributes +func NewGoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule() *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule { + return &GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule{ + resourceType: "google_discovery_engine_license_config", + attributeName: "subscription_term", + } +} + +// Name returns the rule name +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule) Name() string { + return "google_discovery_engine_license_config_invalid_subscription_term" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"SUBSCRIPTION_TERM_UNSPECIFIED", "SUBSCRIPTION_TERM_ONE_MONTH", "SUBSCRIPTION_TERM_ONE_YEAR", "SUBSCRIPTION_TERM_THREE_YEARS", "SUBSCRIPTION_TERM_THREE_MONTHS", "SUBSCRIPTION_TERM_FOURTEEN_DAYS", "SUBSCRIPTION_TERM_CUSTOM"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_discovery_engine_license_config_invalid_subscription_tier.go b/rules/magicmodules/google_discovery_engine_license_config_invalid_subscription_tier.go new file mode 100644 index 00000000..c88c5118 --- /dev/null +++ b/rules/magicmodules/google_discovery_engine_license_config_invalid_subscription_tier.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule checks the pattern is valid +type GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule returns new rule with default attributes +func NewGoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule() *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule { + return &GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule{ + resourceType: "google_discovery_engine_license_config", + attributeName: "subscription_tier", + } +} + +// Name returns the rule name +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule) Name() string { + return "google_discovery_engine_license_config_invalid_subscription_tier" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"SUBSCRIPTION_TIER_UNSPECIFIED", "SUBSCRIPTION_TIER_SEARCH", "SUBSCRIPTION_TIER_SEARCH_AND_ASSISTANT", "SUBSCRIPTION_TIER_NOTEBOOK_LM", "SUBSCRIPTION_TIER_FRONTLINE_WORKER", "SUBSCRIPTION_TIER_AGENTSPACE_STARTER", "SUBSCRIPTION_TIER_AGENTSPACE_BUSINESS", "SUBSCRIPTION_TIER_ENTERPRISE", "SUBSCRIPTION_TIER_EDU", "SUBSCRIPTION_TIER_EDU_PRO"}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_iam_workforce_pool_provider_invalid_scim_usage.go b/rules/magicmodules/google_iam_workforce_pool_provider_invalid_scim_usage.go new file mode 100644 index 00000000..e1fd7dc5 --- /dev/null +++ b/rules/magicmodules/google_iam_workforce_pool_provider_invalid_scim_usage.go @@ -0,0 +1,91 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package magicmodules + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// GoogleIamWorkforcePoolProviderInvalidScimUsageRule checks the pattern is valid +type GoogleIamWorkforcePoolProviderInvalidScimUsageRule struct { + tflint.DefaultRule + + resourceType string + attributeName string +} + +// NewGoogleIamWorkforcePoolProviderInvalidScimUsageRule returns new rule with default attributes +func NewGoogleIamWorkforcePoolProviderInvalidScimUsageRule() *GoogleIamWorkforcePoolProviderInvalidScimUsageRule { + return &GoogleIamWorkforcePoolProviderInvalidScimUsageRule{ + resourceType: "google_iam_workforce_pool_provider", + attributeName: "scim_usage", + } +} + +// Name returns the rule name +func (r *GoogleIamWorkforcePoolProviderInvalidScimUsageRule) Name() string { + return "google_iam_workforce_pool_provider_invalid_scim_usage" +} + +// Enabled returns whether the rule is enabled by default +func (r *GoogleIamWorkforcePoolProviderInvalidScimUsageRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *GoogleIamWorkforcePoolProviderInvalidScimUsageRule) Severity() tflint.Severity { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *GoogleIamWorkforcePoolProviderInvalidScimUsageRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *GoogleIamWorkforcePoolProviderInvalidScimUsageRule) Check(runner tflint.Runner) error { + resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{ + Attributes: []hclext.AttributeSchema{{Name: r.attributeName}}, + }, nil) + if err != nil { + return err + } + + for _, resource := range resources.Blocks { + attribute, exists := resource.Body.Attributes[r.attributeName] + if !exists { + continue + } + + err := runner.EvaluateExpr(attribute.Expr, func(val string) error { + validateFunc := validation.StringInSlice([]string{"SCIM_USAGE_UNSPECIFIED", "ENABLED_FOR_GROUPS", ""}, false) + + _, errors := validateFunc(val, r.attributeName) + for _, err := range errors { + if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil { + return err + } + } + return nil + }, nil) + if err != nil { + return err + } + } + + return nil +} diff --git a/rules/magicmodules/google_network_connectivity_hub_invalid_preset_topology.go b/rules/magicmodules/google_network_connectivity_hub_invalid_preset_topology.go index 78a50d93..6446636b 100644 --- a/rules/magicmodules/google_network_connectivity_hub_invalid_preset_topology.go +++ b/rules/magicmodules/google_network_connectivity_hub_invalid_preset_topology.go @@ -72,7 +72,7 @@ func (r *GoogleNetworkConnectivityHubInvalidPresetTopologyRule) Check(runner tfl } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"MESH", "STAR", ""}, false) + validateFunc := validation.StringInSlice([]string{"MESH", "STAR", "HYBRID_INSPECTION", ""}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/google_network_security_security_profile_invalid_type.go b/rules/magicmodules/google_network_security_security_profile_invalid_type.go index 3ad4bc1f..d6c906b3 100644 --- a/rules/magicmodules/google_network_security_security_profile_invalid_type.go +++ b/rules/magicmodules/google_network_security_security_profile_invalid_type.go @@ -72,7 +72,7 @@ func (r *GoogleNetworkSecuritySecurityProfileInvalidTypeRule) Check(runner tflin } err := runner.EvaluateExpr(attribute.Expr, func(val string) error { - validateFunc := validation.StringInSlice([]string{"THREAT_PREVENTION", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT"}, false) + validateFunc := validation.StringInSlice([]string{"THREAT_PREVENTION", "URL_FILTERING", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT"}, false) _, errors := validateFunc(val, r.attributeName) for _, err := range errors { diff --git a/rules/magicmodules/provider.go b/rules/magicmodules/provider.go index 5e6e8edd..90537afa 100644 --- a/rules/magicmodules/provider.go +++ b/rules/magicmodules/provider.go @@ -53,6 +53,7 @@ var Rules = []tflint.Rule{ NewGoogleBackupDrManagementServerInvalidTypeRule(), NewGoogleBeyondcorpAppGatewayInvalidHostTypeRule(), NewGoogleBeyondcorpAppGatewayInvalidTypeRule(), + NewGoogleBeyondcorpSecurityGatewayApplicationInvalidSchemaRule(), NewGoogleBeyondcorpSecurityGatewayInvalidLocationRule(), NewGoogleBiglakeTableInvalidTypeRule(), NewGoogleBigqueryAnalyticsHubDataExchangeInvalidDiscoveryTypeRule(), @@ -126,9 +127,12 @@ var Rules = []tflint.Rule{ NewGoogleComputeManagedSslCertificateInvalidTypeRule(), NewGoogleComputeNetworkAttachmentInvalidConnectionPreferenceRule(), NewGoogleComputeNetworkEndpointGroupInvalidNetworkEndpointTypeRule(), + NewGoogleComputeNetworkFirewallPolicyInvalidPolicyTypeRule(), NewGoogleComputeNetworkFirewallPolicyRuleInvalidDirectionRule(), + NewGoogleComputeNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule(), NewGoogleComputeNetworkInvalidNetworkFirewallPolicyEnforcementOrderRule(), NewGoogleComputeNodeTemplateInvalidCpuOvercommitTypeRule(), + NewGoogleComputePreviewFeatureInvalidActivationStatusRule(), NewGoogleComputeProjectCloudArmorTierInvalidCloudArmorTierRule(), NewGoogleComputePublicAdvertisedPrefixInvalidPdpScopeRule(), NewGoogleComputePublicDelegatedPrefixInvalidModeRule(), @@ -140,7 +144,9 @@ var Rules = []tflint.Rule{ NewGoogleComputeRegionCommitmentInvalidCategoryRule(), NewGoogleComputeRegionCommitmentInvalidPlanRule(), NewGoogleComputeRegionNetworkEndpointGroupInvalidNetworkEndpointTypeRule(), + NewGoogleComputeRegionNetworkFirewallPolicyInvalidPolicyTypeRule(), NewGoogleComputeRegionNetworkFirewallPolicyRuleInvalidDirectionRule(), + NewGoogleComputeRegionNetworkFirewallPolicyWithRulesInvalidPolicyTypeRule(), NewGoogleComputeRegionSecurityPolicyInvalidTypeRule(), NewGoogleComputeRegionSslPolicyInvalidMinTlsVersionRule(), NewGoogleComputeRegionSslPolicyInvalidProfileRule(), @@ -176,6 +182,7 @@ var Rules = []tflint.Rule{ NewGoogleDataPipelinePipelineInvalidTypeRule(), NewGoogleDatabaseMigrationServiceMigrationJobInvalidDumpTypeRule(), NewGoogleDatabaseMigrationServiceMigrationJobInvalidTypeRule(), + NewGoogleDataplexAspectTypeInvalidDataClassificationRule(), NewGoogleDataprocMetastoreServiceInvalidDatabaseTypeRule(), NewGoogleDataprocMetastoreServiceInvalidReleaseChannelRule(), NewGoogleDataprocMetastoreServiceInvalidTierRule(), @@ -195,6 +202,8 @@ var Rules = []tflint.Rule{ NewGoogleDiscoveryEngineChatEngineInvalidIndustryVerticalRule(), NewGoogleDiscoveryEngineDataStoreInvalidContentConfigRule(), NewGoogleDiscoveryEngineDataStoreInvalidIndustryVerticalRule(), + NewGoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTermRule(), + NewGoogleDiscoveryEngineLicenseConfigInvalidSubscriptionTierRule(), NewGoogleDiscoveryEngineRecommendationEngineInvalidIndustryVerticalRule(), NewGoogleDiscoveryEngineSearchEngineInvalidIndustryVerticalRule(), NewGoogleDiscoveryEngineTargetSiteInvalidTypeRule(), @@ -220,6 +229,7 @@ var Rules = []tflint.Rule{ NewGoogleGeminiReleaseChannelSettingBindingInvalidProductRule(), NewGoogleHealthcareFhirStoreInvalidComplexDataTypeReferenceParsingRule(), NewGoogleHealthcareFhirStoreInvalidVersionRule(), + NewGoogleIamWorkforcePoolProviderInvalidScimUsageRule(), NewGoogleIamWorkforcePoolProviderKeyInvalidUseRule(), NewGoogleIntegrationConnectorsConnectionInvalidEventingEnablementTypeRule(), NewGoogleIntegrationsAuthConfigInvalidVisibilityRule(), diff --git a/tools/magic-modules b/tools/magic-modules index 8c809e45..d3a48f39 160000 --- a/tools/magic-modules +++ b/tools/magic-modules @@ -1 +1 @@ -Subproject commit 8c809e4509a15b8b1b835ef2318356139e2c4f09 +Subproject commit d3a48f39aaea4df5b18c2ebfe91a036a55ff54af