terraform-linters · wata727 · Dec 23, 2021 · Dec 21, 2021 · Dec 21, 2021 · Dec 21, 2021
diff --git a/docs/rules/README.md b/docs/rules/README.md
@@ -79,6 +79,7 @@ These rules enforce best practices and naming conventions:
 |aws_alb_target_group_invalid_target_type|✔|
 |aws_ami_invalid_architecture|✔|
 |aws_api_gateway_authorizer_invalid_type|✔|
+|aws_api_gateway_domain_name_invalid_security_policy|✔|
 |aws_api_gateway_gateway_response_invalid_response_type|✔|
 |aws_api_gateway_gateway_response_invalid_status_code|✔|
 |aws_api_gateway_integration_invalid_connection_type|✔|

diff --git a/rules/models/aws_api_gateway_domain_name_invalid_security_policy.go b/rules/models/aws_api_gateway_domain_name_invalid_security_policy.go
@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsAPIGatewayDomainNameInvalidSecurityPolicyRule checks the pattern is valid
+type AwsAPIGatewayDomainNameInvalidSecurityPolicyRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayDomainNameInvalidSecurityPolicyRule returns new rule with default attributes
+func NewAwsAPIGatewayDomainNameInvalidSecurityPolicyRule() *AwsAPIGatewayDomainNameInvalidSecurityPolicyRule {
+	return &AwsAPIGatewayDomainNameInvalidSecurityPolicyRule{
+		resourceType:  "aws_api_gateway_domain_name",
+		attributeName: "security_policy",
+		enum: []string{
+			"TLS_1_0",
+			"TLS_1_2",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayDomainNameInvalidSecurityPolicyRule) Name() string {
+	return "aws_api_gateway_domain_name_invalid_security_policy"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayDomainNameInvalidSecurityPolicyRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsAPIGatewayDomainNameInvalidSecurityPolicyRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayDomainNameInvalidSecurityPolicyRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayDomainNameInvalidSecurityPolicyRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as security_policy`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/mappings/apigateway.hcl b/rules/models/mappings/apigateway.hcl
@@ -1,6 +1,17 @@
 import = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
 
+mapping "aws_api_gateway_documentation_part" {
+  location = DocumentationPartLocation
+}
+
+mapping "aws_api_gateway_domain_name" {
+  endpoint_configuration           = EndpointConfiguration
+  mutual_tls_authentication        = MutualTlsAuthenticationInput
+  security_policy                  = SecurityPolicy
+}
+
 mapping "aws_api_gateway_gateway_response" {
+  response_type = GatewayResponseType
   status_code = StatusCode
 }
 
@@ -14,18 +25,13 @@ mapping "aws_api_gateway_method_response" {
 }
 
 mapping "aws_api_gateway_authorizer" {
-  type = AuthorizerType
-}
-
-mapping "aws_api_gateway_gateway_response" {
-  response_type = GatewayResponseType
+  authorizer_result_ttl_in_seconds = NullableInteger
+  provider_arns                    = ListOfARNs
+  type                             = AuthorizerType
 }
 
 mapping "aws_api_gateway_integration" {
   type = IntegrationType
-}
-
-mapping "aws_api_gateway_integration" {
   connection_type  = ConnectionType
   content_handling = ContentHandlingStrategy
 }

diff --git a/rules/models/mappings/application-autoscaling.hcl b/rules/models/mappings/application-autoscaling.hcl
@@ -8,17 +8,14 @@ mapping "aws_appautoscaling_policy" {
 
 mapping "aws_appautoscaling_scheduled_action" {
   scalable_dimension = ScalableDimension
+  service_namespace = ServiceNamespace
 }
 
 mapping "aws_appautoscaling_target" {
   scalable_dimension = ScalableDimension
   service_namespace  = ServiceNamespace
 }
 
-mapping "aws_appautoscaling_scheduled_action" {
-  service_namespace = ServiceNamespace
-}
-
 test "aws_appautoscaling_policy" "policy_type" {
   ok = "StepScaling"
   ng = "StopScaling"

diff --git a/rules/models/provider.go b/rules/models/provider.go
@@ -17,6 +17,7 @@ var Rules = []tflint.Rule{
 	NewAwsALBTargetGroupInvalidTargetTypeRule(),
 	NewAwsAMIInvalidArchitectureRule(),
 	NewAwsAPIGatewayAuthorizerInvalidTypeRule(),
+	NewAwsAPIGatewayDomainNameInvalidSecurityPolicyRule(),
 	NewAwsAPIGatewayGatewayResponseInvalidResponseTypeRule(),
 	NewAwsAPIGatewayGatewayResponseInvalidStatusCodeRule(),
 	NewAwsAPIGatewayIntegrationInvalidConnectionTypeRule(),