mapping aws_lakeformation (#268)

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lakeformation_data_lake_settings
https://github.com/aws/aws-sdk-go/blob/main/models/apis/lakeformation/2017-03-31/api-2.json

* removing mappings hitting invalid character class

docs/rules/README.md

@@ -783,6 +783,7 @@ These rules enforce best practices and naming conventions:
 |aws_kms_key_invalid_description|✔|
 |aws_kms_key_invalid_key_usage|✔|
 |aws_kms_key_invalid_policy|✔|
+|aws_lakeformation_resource_invalid_role_arn|✔|
 |aws_lambda_alias_invalid_description|✔|
 |aws_lambda_alias_invalid_function_name|✔|
 |aws_lambda_alias_invalid_function_version|✔|

rules/models/aws_lakeformation_resource_invalid_role_arn.go

@@ -0,0 +1,69 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsLakeformationResourceInvalidRoleArnRule checks the pattern is valid
+type AwsLakeformationResourceInvalidRoleArnRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsLakeformationResourceInvalidRoleArnRule returns new rule with default attributes
+func NewAwsLakeformationResourceInvalidRoleArnRule() *AwsLakeformationResourceInvalidRoleArnRule {
+	return &AwsLakeformationResourceInvalidRoleArnRule{
+		resourceType:  "aws_lakeformation_resource",
+		attributeName: "role_arn",
+		pattern:       regexp.MustCompile(`^arn:aws:iam::[0-9]*:role/.*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsLakeformationResourceInvalidRoleArnRule) Name() string {
+	return "aws_lakeformation_resource_invalid_role_arn"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsLakeformationResourceInvalidRoleArnRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsLakeformationResourceInvalidRoleArnRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsLakeformationResourceInvalidRoleArnRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsLakeformationResourceInvalidRoleArnRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws:iam::[0-9]*:role/.*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/models/mappings/lakeformation.hcl

@@ -0,0 +1,26 @@
+import = "aws-sdk-go/models/apis/lakeformation/2017-03-31/api-2.json"
+
+mapping "aws_lakeformation_data_lake_settings" {
+  admins = DataLakePrincipalList
+  # catalog_id = CatalogIdString
+  create_database_default_permissions = PrincipalPermissionsList
+  create_table_default_permissions = PrincipalPermissionsList
+  trusted_resource_owners = TrustedResourceOwners
+}
+
+mapping "aws_lakeformation_permissions" {
+  permissions = PermissionList
+  principal = DataLakePrincipal
+  catalog_resource = CatalogResource
+  data_location = DataLocationResource
+  database = DatabaseResource
+  table = TableResource
+  table_with_columns = TableWithColumnsResource
+  # catalog_id = CatalogIdString
+  permissions_with_grant_option = PermissionList
+}
+
+mapping "aws_lakeformation_resource" {
+  arn = ResourceArnString
+  role_arn = IAMRoleArn
+}

rules/models/provider.go

@@ -711,6 +711,7 @@ var Rules = []tflint.Rule{
 	NewAwsKmsKeyInvalidDescriptionRule(),
 	NewAwsKmsKeyInvalidKeyUsageRule(),
 	NewAwsKmsKeyInvalidPolicyRule(),
+	NewAwsLakeformationResourceInvalidRoleArnRule(),
 	NewAwsLambdaAliasInvalidDescriptionRule(),
 	NewAwsLambdaAliasInvalidFunctionNameRule(),
 	NewAwsLambdaAliasInvalidFunctionVersionRule(),