From e85f1b944a7c641d77318840c11e689d24c12337 Mon Sep 17 00:00:00 2001
From: Pat Myron <pat.myron@stedi.com>
Date: Wed, 22 Dec 2021 13:46:45 -0500
Subject: [PATCH 1/2] mapping aws_accessanalyzer_analyzer

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/accessanalyzer_analyzer
---
 rules/models/mappings/access-analyzer.hcl | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 rules/models/mappings/access-analyzer.hcl

diff --git a/rules/models/mappings/access-analyzer.hcl b/rules/models/mappings/access-analyzer.hcl
new file mode 100644
index 00000000..8655ddf3
--- /dev/null
+++ b/rules/models/mappings/access-analyzer.hcl
@@ -0,0 +1,7 @@
+import = "aws-sdk-go/models/apis/accessanalyzer/2019-11-01/api-2.json"
+
+mapping "aws_accessanalyzer_analyzer" {
+  analyzer_name = Name
+  tags = TagsMap
+  type = Type
+}

From 946ec23618ca1c68ab84e500e74d72425fa52ae2 Mon Sep 17 00:00:00 2001
From: Pat Myron <pat.myron@stedi.com>
Date: Wed, 22 Dec 2021 13:48:00 -0500
Subject: [PATCH 2/2] go generate

---
 docs/rules/README.md                          |  2 +
 ...analyzer_analyzer_invalid_analyzer_name.go | 87 +++++++++++++++++++
 ...ws_accessanalyzer_analyzer_invalid_type.go | 77 ++++++++++++++++
 rules/models/provider.go                      |  2 +
 4 files changed, 168 insertions(+)
 create mode 100644 rules/models/aws_accessanalyzer_analyzer_invalid_analyzer_name.go
 create mode 100644 rules/models/aws_accessanalyzer_analyzer_invalid_type.go

diff --git a/docs/rules/README.md b/docs/rules/README.md
index 0f7b9e4b..0a081f98 100644
--- a/docs/rules/README.md
+++ b/docs/rules/README.md
@@ -68,6 +68,8 @@ These rules enforce best practices and naming conventions:
 
 |Rule|Enabled by default|
 | --- | --- |
+|aws_accessanalyzer_analyzer_invalid_analyzer_name|✔|
+|aws_accessanalyzer_analyzer_invalid_type|✔|
 |aws_acm_certificate_invalid_certificate_body|✔|
 |aws_acm_certificate_invalid_certificate_chain|✔|
 |aws_acm_certificate_invalid_private_key|✔|
diff --git a/rules/models/aws_accessanalyzer_analyzer_invalid_analyzer_name.go b/rules/models/aws_accessanalyzer_analyzer_invalid_analyzer_name.go
new file mode 100644
index 00000000..4270693f
--- /dev/null
+++ b/rules/models/aws_accessanalyzer_analyzer_invalid_analyzer_name.go
@@ -0,0 +1,87 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule checks the pattern is valid
+type AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule returns new rule with default attributes
+func NewAwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule() *AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule {
+	return &AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule{
+		resourceType:  "aws_accessanalyzer_analyzer",
+		attributeName: "analyzer_name",
+		max:           255,
+		min:           1,
+		pattern:       regexp.MustCompile(`^[A-Za-z][A-Za-z0-9_.-]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule) Name() string {
+	return "aws_accessanalyzer_analyzer_invalid_analyzer_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssueOnExpr(
+					r,
+					"analyzer_name must be 255 characters or less",
+					attribute.Expr,
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssueOnExpr(
+					r,
+					"analyzer_name must be 1 characters or higher",
+					attribute.Expr,
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[A-Za-z][A-Za-z0-9_.-]*$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/aws_accessanalyzer_analyzer_invalid_type.go b/rules/models/aws_accessanalyzer_analyzer_invalid_type.go
new file mode 100644
index 00000000..38d54d59
--- /dev/null
+++ b/rules/models/aws_accessanalyzer_analyzer_invalid_type.go
@@ -0,0 +1,77 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+	"log"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsAccessanalyzerAnalyzerInvalidTypeRule checks the pattern is valid
+type AwsAccessanalyzerAnalyzerInvalidTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAccessanalyzerAnalyzerInvalidTypeRule returns new rule with default attributes
+func NewAwsAccessanalyzerAnalyzerInvalidTypeRule() *AwsAccessanalyzerAnalyzerInvalidTypeRule {
+	return &AwsAccessanalyzerAnalyzerInvalidTypeRule{
+		resourceType:  "aws_accessanalyzer_analyzer",
+		attributeName: "type",
+		enum: []string{
+			"ACCOUNT",
+			"ORGANIZATION",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAccessanalyzerAnalyzerInvalidTypeRule) Name() string {
+	return "aws_accessanalyzer_analyzer_invalid_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAccessanalyzerAnalyzerInvalidTypeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsAccessanalyzerAnalyzerInvalidTypeRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAccessanalyzerAnalyzerInvalidTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAccessanalyzerAnalyzerInvalidTypeRule) Check(runner tflint.Runner) error {
+	log.Printf("[TRACE] Check `%s` rule", r.Name())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val, nil)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as type`, truncateLongMessage(val)),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/models/provider.go b/rules/models/provider.go
index db20e6d8..fd964569 100644
--- a/rules/models/provider.go
+++ b/rules/models/provider.go
@@ -6,6 +6,8 @@ import "github.com/terraform-linters/tflint-plugin-sdk/tflint"
 
 // Rules is a list of rules generated from aws-sdk-go
 var Rules = []tflint.Rule{
+	NewAwsAccessanalyzerAnalyzerInvalidAnalyzerNameRule(),
+	NewAwsAccessanalyzerAnalyzerInvalidTypeRule(),
 	NewAwsAcmCertificateInvalidCertificateBodyRule(),
 	NewAwsAcmCertificateInvalidCertificateChainRule(),
 	NewAwsAcmCertificateInvalidPrivateKeyRule(),