awsrules: add tags package with generator (#803)

* awsrules: add tags package with generator * remove tools/tags-gen * remove use of vendoring with mockgen
terraform-linters · Jun 18, 2020 · 66b6d18 · 66b6d18
1 parent 02f8c30
commit 66b6d18
Show file tree

Hide file tree

Showing 18 changed files with 16,417 additions and 16,348 deletions.
diff --git a/.github/workflows/generated_code_checks.yml b/.github/workflows/generated_code_checks.yml
@@ -34,6 +34,3 @@ jobs:
     - name: go run ./model-rule-gen
       working-directory: ./tools
       run: go run ./model-rule-gen && git diff --exit-code
-    - name: go run ./tags-gen
-      working-directory: ./tools
-      run: go run ./tags-gen && git diff --exit-code
diff --git a/Makefile b/Makefile
@@ -1,7 +1,6 @@
 default: build
 
 prepare:
-	go mod vendor
 	cd tools; go run ./plugin-stub-gen; cd ../
 
 test: prepare

diff --git a/client/aws.go b/client/aws.go
@@ -26,13 +26,13 @@ import (
 	"github.com/zclconf/go-cty/cty"
 )
 
-//go:generate mockgen -source ../vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go -destination aws_ec2_mock.go -package client
-//go:generate mockgen -source ../vendor/github.com/aws/aws-sdk-go/service/elasticache/elasticacheiface/interface.go -destination aws_elasticache_mock.go -package client
-//go:generate mockgen -source ../vendor/github.com/aws/aws-sdk-go/service/elb/elbiface/interface.go -destination aws_elb_mock.go -package client
-//go:generate mockgen -source ../vendor/github.com/aws/aws-sdk-go/service/elbv2/elbv2iface/interface.go -destination aws_elbv2_mock.go -package client
-//go:generate mockgen -source ../vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go -destination aws_iam_mock.go -package client
-//go:generate mockgen -source ../vendor/github.com/aws/aws-sdk-go/service/rds/rdsiface/interface.go -destination aws_rds_mock.go -package client
-//go:generate mockgen -source ../vendor/github.com/aws/aws-sdk-go/service/ecs/ecsiface/interface.go -destination aws_ecs_mock.go -package client
+//go:generate mockgen -destination aws_ec2_mock.go -package client github.com/aws/aws-sdk-go/service/ec2/ec2iface EC2API
+//go:generate mockgen -destination aws_elasticache_mock.go -package client github.com/aws/aws-sdk-go/service/elasticache/elasticacheiface ElastiCacheAPI
+//go:generate mockgen -destination aws_elb_mock.go -package client github.com/aws/aws-sdk-go/service/elb/elbiface ELBAPI
+//go:generate mockgen -destination aws_elbv2_mock.go -package client github.com/aws/aws-sdk-go/service/elbv2/elbv2iface ELBV2API
+//go:generate mockgen -destination aws_iam_mock.go -package client github.com/aws/aws-sdk-go/service/iam/iamiface IAMAPI
+//go:generate mockgen -destination aws_rds_mock.go -package client github.com/aws/aws-sdk-go/service/rds/rdsiface RDSAPI
+//go:generate mockgen -destination aws_ecs_mock.go -package client github.com/aws/aws-sdk-go/service/ecs/ecsiface ECSAPI
 
 // AwsClient is a wrapper of the AWS SDK client
 // It has interfaces for each services to make testing easier

diff --git a/client/aws_ec2_mock.go b/client/aws_ec2_mock.go
diff --git a/client/aws_ecs_mock.go b/client/aws_ecs_mock.go
diff --git a/client/aws_elasticache_mock.go b/client/aws_elasticache_mock.go
diff --git a/client/aws_elb_mock.go b/client/aws_elb_mock.go
diff --git a/client/aws_elbv2_mock.go b/client/aws_elbv2_mock.go
diff --git a/client/aws_iam_mock.go b/client/aws_iam_mock.go
diff --git a/client/aws_rds_mock.go b/client/aws_rds_mock.go
diff --git a/go.mod b/go.mod
@@ -13,12 +13,16 @@ require (
 	github.com/hashicorp/hcl/v2 v2.6.0
 	github.com/hashicorp/logutils v1.0.0
 	github.com/hashicorp/terraform v0.12.26
+	github.com/hashicorp/terraform-plugin-sdk v1.14.0 // indirect
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/mattn/go-colorable v0.1.6
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/sourcegraph/go-lsp v0.0.0-20181119182933-0c7d621186c1
 	github.com/sourcegraph/jsonrpc2 v0.0.0-20190106185902-35a74f039c6a
 	github.com/spf13/afero v1.2.2
 	github.com/terraform-linters/tflint-plugin-sdk v0.1.2-0.20200615160547-c1d3caf80fe0
+	github.com/terraform-providers/terraform-provider-aws v2.65.0+incompatible // indirect
 	github.com/zclconf/go-cty v1.5.0
 )
+
+replace github.com/terraform-providers/terraform-provider-aws v2.65.0+incompatible => github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20200604234259-3853d337c01a
diff --git a/go.sum b/go.sum
diff --git a/rules/awsrules/aws_resource_missing_tags.go b/rules/awsrules/aws_resource_missing_tags.go
@@ -8,14 +8,13 @@ import (
 
 	hcl "github.com/hashicorp/hcl/v2"
 	"github.com/hashicorp/terraform/configs"
+	"github.com/terraform-linters/tflint/rules/awsrules/tags"
 	"github.com/terraform-linters/tflint/tflint"
 	"github.com/zclconf/go-cty/cty"
 )
 
-// AwsResourceMissingTagsRule checks whether the resource is tagged correctly
-type AwsResourceMissingTagsRule struct {
-	resourceTypes []string
-}
+// AwsResourceMissingTagsRule checks whether resources are tagged correctly
+type AwsResourceMissingTagsRule struct{}
 
 type awsResourceTagsRuleConfig struct {
 	Tags    []string `hcl:"tags"`
@@ -29,265 +28,7 @@ const (
 
 // NewAwsResourceMissingTagsRule returns new rules for all resources that support tags
 func NewAwsResourceMissingTagsRule() *AwsResourceMissingTagsRule {
-	resourceTypes := []string{
-		"aws_accessanalyzer_analyzer",
-		"aws_acm_certificate",
-		"aws_acmpca_certificate_authority",
-		"aws_alb",
-		"aws_alb_target_group",
-		"aws_ami",
-		"aws_ami_copy",
-		"aws_ami_from_instance",
-		"aws_api_gateway_api_key",
-		"aws_api_gateway_client_certificate",
-		"aws_api_gateway_domain_name",
-		"aws_api_gateway_rest_api",
-		"aws_api_gateway_stage",
-		"aws_api_gateway_usage_plan",
-		"aws_api_gateway_vpc_link",
-		"aws_apigatewayv2_api",
-		"aws_apigatewayv2_domain_name",
-		"aws_apigatewayv2_stage",
-		"aws_apigatewayv2_vpc_link",
-		"aws_appmesh_mesh",
-		"aws_appmesh_route",
-		"aws_appmesh_virtual_node",
-		"aws_appmesh_virtual_router",
-		"aws_appmesh_virtual_service",
-		"aws_appsync_graphql_api",
-		"aws_athena_workgroup",
-		"aws_autoscaling_group",
-		"aws_backup_plan",
-		"aws_backup_vault",
-		"aws_cloud9_environment_ec2",
-		"aws_cloudformation_stack",
-		"aws_cloudformation_stack_set",
-		"aws_cloudfront_distribution",
-		"aws_cloudhsm_v2_cluster",
-		"aws_cloudtrail",
-		"aws_cloudwatch_event_rule",
-		"aws_cloudwatch_log_group",
-		"aws_cloudwatch_metric_alarm",
-		"aws_codebuild_project",
-		"aws_codecommit_repository",
-		"aws_codepipeline",
-		"aws_codepipeline_webhook",
-		"aws_codestarnotifications_notification_rule",
-		"aws_cognito_identity_pool",
-		"aws_cognito_user_pool",
-		"aws_config_aggregate_authorization",
-		"aws_config_config_rule",
-		"aws_config_configuration_aggregator",
-		"aws_customer_gateway",
-		"aws_datapipeline_pipeline",
-		"aws_datasync_agent",
-		"aws_datasync_location_efs",
-		"aws_datasync_location_nfs",
-		"aws_datasync_location_s3",
-		"aws_datasync_location_smb",
-		"aws_datasync_task",
-		"aws_dax_cluster",
-		"aws_db_cluster_snapshot",
-		"aws_db_event_subscription",
-		"aws_db_instance",
-		"aws_db_option_group",
-		"aws_db_parameter_group",
-		"aws_db_security_group",
-		"aws_db_snapshot",
-		"aws_db_subnet_group",
-		"aws_default_network_acl",
-		"aws_default_route_table",
-		"aws_default_security_group",
-		"aws_default_subnet",
-		"aws_default_vpc",
-		"aws_default_vpc_dhcp_options",
-		"aws_directory_service_directory",
-		"aws_dlm_lifecycle_policy",
-		"aws_dms_endpoint",
-		"aws_dms_event_subscription",
-		"aws_dms_replication_instance",
-		"aws_dms_replication_subnet_group",
-		"aws_dms_replication_task",
-		"aws_docdb_cluster",
-		"aws_docdb_cluster_instance",
-		"aws_docdb_cluster_parameter_group",
-		"aws_docdb_subnet_group",
-		"aws_dx_connection",
-		"aws_dx_hosted_private_virtual_interface_accepter",
-		"aws_dx_hosted_public_virtual_interface_accepter",
-		"aws_dx_hosted_transit_virtual_interface_accepter",
-		"aws_dx_lag",
-		"aws_dx_private_virtual_interface",
-		"aws_dx_public_virtual_interface",
-		"aws_dx_transit_virtual_interface",
-		"aws_dynamodb_table",
-		"aws_ebs_snapshot",
-		"aws_ebs_snapshot_copy",
-		"aws_ebs_volume",
-		"aws_ec2_capacity_reservation",
-		"aws_ec2_client_vpn_endpoint",
-		"aws_ec2_fleet",
-		"aws_ec2_traffic_mirror_filter",
-		"aws_ec2_traffic_mirror_session",
-		"aws_ec2_traffic_mirror_target",
-		"aws_ec2_transit_gateway",
-		"aws_ec2_transit_gateway_peering_attachment",
-		"aws_ec2_transit_gateway_peering_attachment_accepter",
-		"aws_ec2_transit_gateway_route_table",
-		"aws_ec2_transit_gateway_vpc_attachment",
-		"aws_ec2_transit_gateway_vpc_attachment_accepter",
-		"aws_ecr_repository",
-		"aws_ecs_capacity_provider",
-		"aws_ecs_cluster",
-		"aws_ecs_service",
-		"aws_ecs_task_definition",
-		"aws_efs_access_point",
-		"aws_efs_file_system",
-		"aws_egress_only_internet_gateway",
-		"aws_eip",
-		"aws_eks_cluster",
-		"aws_eks_fargate_profile",
-		"aws_eks_node_group",
-		"aws_elastic_beanstalk_application",
-		"aws_elastic_beanstalk_application_version",
-		"aws_elastic_beanstalk_environment",
-		"aws_elasticache_cluster",
-		"aws_elasticache_replication_group",
-		"aws_elasticsearch_domain",
-		"aws_elb",
-		"aws_emr_cluster",
-		"aws_flow_log",
-		"aws_fsx_lustre_file_system",
-		"aws_fsx_windows_file_system",
-		"aws_gamelift_alias",
-		"aws_gamelift_build",
-		"aws_gamelift_fleet",
-		"aws_gamelift_game_session_queue",
-		"aws_glacier_vault",
-		"aws_globalaccelerator_accelerator",
-		"aws_glue_crawler",
-		"aws_glue_job",
-		"aws_glue_trigger",
-		"aws_iam_role",
-		"aws_iam_user",
-		"aws_inspector_assessment_template",
-		"aws_inspector_resource_group",
-		"aws_instance",
-		"aws_internet_gateway",
-		"aws_iot_topic_rule",
-		"aws_key_pair",
-		"aws_kinesis_analytics_application",
-		"aws_kinesis_firehose_delivery_stream",
-		"aws_kinesis_stream",
-		"aws_kinesis_video_stream",
-		"aws_kms_external_key",
-		"aws_kms_key",
-		"aws_lambda_function",
-		"aws_launch_template",
-		"aws_lb",
-		"aws_lb_target_group",
-		"aws_licensemanager_license_configuration",
-		"aws_lightsail_instance",
-		"aws_media_convert_queue",
-		"aws_media_package_channel",
-		"aws_media_store_container",
-		"aws_mq_broker",
-		"aws_mq_configuration",
-		"aws_msk_cluster",
-		"aws_nat_gateway",
-		"aws_neptune_cluster",
-		"aws_neptune_cluster_instance",
-		"aws_neptune_cluster_parameter_group",
-		"aws_neptune_event_subscription",
-		"aws_neptune_parameter_group",
-		"aws_neptune_subnet_group",
-		"aws_network_acl",
-		"aws_network_interface",
-		"aws_opsworks_custom_layer",
-		"aws_opsworks_ganglia_layer",
-		"aws_opsworks_haproxy_layer",
-		"aws_opsworks_java_app_layer",
-		"aws_opsworks_memcached_layer",
-		"aws_opsworks_mysql_layer",
-		"aws_opsworks_nodejs_app_layer",
-		"aws_opsworks_php_app_layer",
-		"aws_opsworks_rails_app_layer",
-		"aws_opsworks_stack",
-		"aws_opsworks_static_web_layer",
-		"aws_organizations_account",
-		"aws_pinpoint_app",
-		"aws_placement_group",
-		"aws_qldb_ledger",
-		"aws_ram_resource_share",
-		"aws_rds_cluster",
-		"aws_rds_cluster_endpoint",
-		"aws_rds_cluster_instance",
-		"aws_rds_cluster_parameter_group",
-		"aws_redshift_cluster",
-		"aws_redshift_event_subscription",
-		"aws_redshift_parameter_group",
-		"aws_redshift_snapshot_copy_grant",
-		"aws_redshift_snapshot_schedule",
-		"aws_redshift_subnet_group",
-		"aws_resourcegroups_group",
-		"aws_route53_health_check",
-		"aws_route53_resolver_endpoint",
-		"aws_route53_resolver_rule",
-		"aws_route53_zone",
-		"aws_route_table",
-		"aws_s3_bucket",
-		"aws_s3_bucket_object",
-		"aws_sagemaker_endpoint",
-		"aws_sagemaker_endpoint_configuration",
-		"aws_sagemaker_model",
-		"aws_sagemaker_notebook_instance",
-		"aws_secretsmanager_secret",
-		"aws_security_group",
-		"aws_servicecatalog_portfolio",
-		"aws_sfn_activity",
-		"aws_sfn_state_machine",
-		"aws_sns_topic",
-		"aws_spot_fleet_request",
-		"aws_spot_instance_request",
-		"aws_sqs_queue",
-		"aws_ssm_activation",
-		"aws_ssm_document",
-		"aws_ssm_maintenance_window",
-		"aws_ssm_parameter",
-		"aws_ssm_patch_baseline",
-		"aws_storagegateway_cached_iscsi_volume",
-		"aws_storagegateway_gateway",
-		"aws_storagegateway_nfs_file_share",
-		"aws_storagegateway_smb_file_share",
-		"aws_subnet",
-		"aws_swf_domain",
-		"aws_transfer_server",
-		"aws_transfer_user",
-		"aws_vpc",
-		"aws_vpc_dhcp_options",
-		"aws_vpc_endpoint",
-		"aws_vpc_endpoint_service",
-		"aws_vpc_peering_connection",
-		"aws_vpc_peering_connection_accepter",
-		"aws_vpn_connection",
-		"aws_vpn_gateway",
-		"aws_waf_rate_based_rule",
-		"aws_waf_rule",
-		"aws_waf_rule_group",
-		"aws_waf_web_acl",
-		"aws_wafregional_rate_based_rule",
-		"aws_wafregional_rule",
-		"aws_wafregional_rule_group",
-		"aws_wafregional_web_acl",
-		"aws_wafv2_ip_set",
-		"aws_wafv2_regex_pattern_set",
-		"aws_workspaces_directory",
-		"aws_workspaces_ip_group",
-		"aws_workspaces_workspace",
-	}
-	return &AwsResourceMissingTagsRule{
-		resourceTypes: resourceTypes,
-	}
+	return &AwsResourceMissingTagsRule{}
 }
 
 // Name returns the rule name
@@ -317,7 +58,7 @@ func (r *AwsResourceMissingTagsRule) Check(runner *tflint.Runner) error {
 		return err
 	}
 
-	for _, resourceType := range r.resourceTypes {
+	for _, resourceType := range tags.Resources {
 		// Skip this resource if its type is excluded in configuration
 		if stringInSlice(resourceType, config.Exclude) {
 			continue
@@ -527,4 +268,3 @@ func stringInSlice(a string, list []string) bool {
 	}
 	return false
 }
-