aws_acm_certificate: fix false positive for private CA (#455)

* `aws_acm_certificate`: fix false positive for private CA * Use "%s" instead of %q %q escapes tab char to \t --------- Co-authored-by: Kazuma Watanabe <watassbass@gmail.com>
terraform-linters · Mar 18, 2023 · 2ba747c · 2ba747c
1 parent bfee73b
commit 2ba747c
Show file tree

Hide file tree

Showing 149 changed files with 353 additions and 150 deletions.
diff --git a/rules/models/aws_acm_certificate_invalid_certificate_authority_arn.go b/rules/models/aws_acm_certificate_invalid_certificate_authority_arn.go
@@ -29,7 +29,7 @@ func NewAwsAcmCertificateInvalidCertificateAuthorityArnRule() *AwsAcmCertificate
 		attributeName: "certificate_authority_arn",
 		max:           2048,
 		min:           20,
-		pattern:       regexp.MustCompile(`^arn:[\w+=/,.@-]+:acm:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*$`),
+		pattern:       regexp.MustCompile(`^arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*$`),
 	}
 }
 
@@ -93,7 +93,7 @@ func (r *AwsAcmCertificateInvalidCertificateAuthorityArnRule) Check(runner tflin
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:[\w+=/,.@-]+:acm:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*$`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*$`),
 					attribute.Expr.Range(),
 				)
 			}

diff --git a/rules/models/aws_acm_certificate_invalid_certificate_authority_arn_test.go b/rules/models/aws_acm_certificate_invalid_certificate_authority_arn_test.go
@@ -0,0 +1,52 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"testing"
+	"fmt"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/helper"
+)
+
+func Test_AwsAcmCertificateInvalidCertificateAuthorityArnRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected helper.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	certificate_authority_arn = "arn:aws:unknown-service:us-east-1:0000000000:certificate-authority/xxxxxx-xxx-xxx-xxxx-xxxxxxxxx"
+}`,
+			Expected: helper.Issues{
+				{
+					Rule:    NewAwsAcmCertificateInvalidCertificateAuthorityArnRule(),
+					Message: fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage("arn:aws:unknown-service:us-east-1:0000000000:certificate-authority/xxxxxx-xxx-xxx-xxxx-xxxxxxxxx"), `^arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*$`),
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	certificate_authority_arn = "arn:aws:acm-pca:us-east-1:0000000000:certificate-authority/xxxxxx-xxx-xxx-xxxx-xxxxxxxxx"
+}`,
+			Expected: helper.Issues{},
+		},
+	}
+
+	rule := NewAwsAcmCertificateInvalidCertificateAuthorityArnRule()
+
+	for _, tc := range cases {
+		runner := helper.TestRunner(t, map[string]string{"resource.tf": tc.Content})
+
+		if err := rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		helper.AssertIssuesWithoutRange(t, tc.Expected, runner.Issues)
+	}
+}
diff --git a/rules/models/aws_acmpca_certificate_authority_invalid_type_test.go b/rules/models/aws_acmpca_certificate_authority_invalid_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_acmpca_certificate_authority" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAcmpcaCertificateAuthorityInvalidTypeRule(),
-					Message: `"ORDINATE" is an invalid value as type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("ORDINATE"), "type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_ami_invalid_architecture_test.go b/rules/models/aws_ami_invalid_architecture_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_ami" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAMIInvalidArchitectureRule(),
-					Message: `"x86" is an invalid value as architecture`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("x86"), "architecture"),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_authorizer_invalid_type_test.go b/rules/models/aws_api_gateway_authorizer_invalid_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_authorizer" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayAuthorizerInvalidTypeRule(),
-					Message: `"RESPONSE" is an invalid value as type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("RESPONSE"), "type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_gateway_response_invalid_response_type_test.go b/rules/models/aws_api_gateway_gateway_response_invalid_response_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_gateway_response" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayGatewayResponseInvalidResponseTypeRule(),
-					Message: `"4XX" is an invalid value as response_type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("4XX"), "response_type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_gateway_response_invalid_status_code_test.go b/rules/models/aws_api_gateway_gateway_response_invalid_status_code_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_gateway_response" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayGatewayResponseInvalidStatusCodeRule(),
-					Message: `"004" does not match valid pattern ^[1-5]\d\d$`,
+					Message: fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage("004"), `^[1-5]\d\d$`),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_integration_invalid_connection_type_test.go b/rules/models/aws_api_gateway_integration_invalid_connection_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_integration" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayIntegrationInvalidConnectionTypeRule(),
-					Message: `"INTRANET" is an invalid value as connection_type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("INTRANET"), "connection_type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_integration_invalid_content_handling_test.go b/rules/models/aws_api_gateway_integration_invalid_content_handling_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_integration" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayIntegrationInvalidContentHandlingRule(),
-					Message: `"CONVERT_TO_FILE" is an invalid value as content_handling`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("CONVERT_TO_FILE"), "content_handling"),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_integration_invalid_type_test.go b/rules/models/aws_api_gateway_integration_invalid_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_integration" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayIntegrationInvalidTypeRule(),
-					Message: `"AWS_HTTP" is an invalid value as type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("AWS_HTTP"), "type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_rest_api_invalid_api_key_source_test.go b/rules/models/aws_api_gateway_rest_api_invalid_api_key_source_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_rest_api" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayRestAPIInvalidAPIKeySourceRule(),
-					Message: `"BODY" is an invalid value as api_key_source`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("BODY"), "api_key_source"),
 				},
 			},
 		},

diff --git a/rules/models/aws_api_gateway_stage_invalid_cache_cluster_size_test.go b/rules/models/aws_api_gateway_stage_invalid_cache_cluster_size_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_api_gateway_stage" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAPIGatewayStageInvalidCacheClusterSizeRule(),
-					Message: `"6.2" is an invalid value as cache_cluster_size`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("6.2"), "cache_cluster_size"),
 				},
 			},
 		},

diff --git a/rules/models/aws_appautoscaling_policy_invalid_policy_type_test.go b/rules/models/aws_appautoscaling_policy_invalid_policy_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_appautoscaling_policy" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAppautoscalingPolicyInvalidPolicyTypeRule(),
-					Message: `"StopScaling" is an invalid value as policy_type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("StopScaling"), "policy_type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_appautoscaling_policy_invalid_scalable_dimension_test.go b/rules/models/aws_appautoscaling_policy_invalid_scalable_dimension_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_appautoscaling_policy" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAppautoscalingPolicyInvalidScalableDimensionRule(),
-					Message: `"ecs:service:DesireCount" is an invalid value as scalable_dimension`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("ecs:service:DesireCount"), "scalable_dimension"),
 				},
 			},
 		},

diff --git a/rules/models/aws_appautoscaling_policy_invalid_service_namespace_test.go b/rules/models/aws_appautoscaling_policy_invalid_service_namespace_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_appautoscaling_policy" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAppautoscalingPolicyInvalidServiceNamespaceRule(),
-					Message: `"eks" is an invalid value as service_namespace`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("eks"), "service_namespace"),
 				},
 			},
 		},

diff --git a/rules/models/aws_appsync_datasource_invalid_name_test.go b/rules/models/aws_appsync_datasource_invalid_name_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_appsync_datasource" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAppsyncDatasourceInvalidNameRule(),
-					Message: `"01_tf_example" does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					Message: fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage("01_tf_example"), `^[_A-Za-z][_0-9A-Za-z]*$`),
 				},
 			},
 		},

diff --git a/rules/models/aws_appsync_datasource_invalid_type_test.go b/rules/models/aws_appsync_datasource_invalid_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_appsync_datasource" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAppsyncDatasourceInvalidTypeRule(),
-					Message: `"AMAZON_SIMPLEDB" is an invalid value as type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("AMAZON_SIMPLEDB"), "type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_appsync_graphql_api_invalid_authentication_type_test.go b/rules/models/aws_appsync_graphql_api_invalid_authentication_type_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_appsync_graphql_api" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule(),
-					Message: `"AWS_KEY" is an invalid value as authentication_type`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("AWS_KEY"), "authentication_type"),
 				},
 			},
 		},

diff --git a/rules/models/aws_backup_selection_invalid_name_test.go b/rules/models/aws_backup_selection_invalid_name_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_backup_selection" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsBackupSelectionInvalidNameRule(),
-					Message: `"tf_example_backup_selection_tf_example_backup_selection" does not match valid pattern ^[a-zA-Z0-9\-\_\.]{1,50}$`,
+					Message: fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage("tf_example_backup_selection_tf_example_backup_selection"), `^[a-zA-Z0-9\-\_\.]{1,50}$`),
 				},
 			},
 		},

diff --git a/rules/models/aws_backup_vault_invalid_name_test.go b/rules/models/aws_backup_vault_invalid_name_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_backup_vault" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsBackupVaultInvalidNameRule(),
-					Message: `"example_backup_vault_example_backup_vault_example_backup_vault" does not match valid pattern ^[a-zA-Z0-9\-\_]{2,50}$`,
+					Message: fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage("example_backup_vault_example_backup_vault_example_backup_vault"), `^[a-zA-Z0-9\-\_]{2,50}$`),
 				},
 			},
 		},

diff --git a/rules/models/aws_batch_compute_environment_invalid_state_test.go b/rules/models/aws_batch_compute_environment_invalid_state_test.go
@@ -4,6 +4,7 @@ package models
 
 import (
 	"testing"
+	"fmt"
 
 	"github.com/terraform-linters/tflint-plugin-sdk/helper"
 )
@@ -23,7 +24,7 @@ resource "aws_batch_compute_environment" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsBatchComputeEnvironmentInvalidStateRule(),
-					Message: `"ON" is an invalid value as state`,
+					Message: fmt.Sprintf(`"%s" is an invalid value as %s`, truncateLongMessage("ON"), "state"),
 				},
 			},
 		},