diff --git a/docs/rules/README.md b/docs/rules/README.md index 40dc67d8..971c436d 100644 --- a/docs/rules/README.md +++ b/docs/rules/README.md @@ -1155,6 +1155,22 @@ These rules enforce best practices and naming conventions: |aws_wafregional_web_acl_invalid_metric_name|✔| |aws_wafregional_web_acl_invalid_name|✔| |aws_wafregional_xss_match_set_invalid_name|✔| +|aws_wafv2_ip_set_invalid_description|✔| +|aws_wafv2_ip_set_invalid_ip_address_version|✔| +|aws_wafv2_ip_set_invalid_name|✔| +|aws_wafv2_ip_set_invalid_scope|✔| +|aws_wafv2_regex_pattern_set_invalid_description|✔| +|aws_wafv2_regex_pattern_set_invalid_name|✔| +|aws_wafv2_regex_pattern_set_invalid_scope|✔| +|aws_wafv2_rule_group_invalid_description|✔| +|aws_wafv2_rule_group_invalid_name|✔| +|aws_wafv2_rule_group_invalid_scope|✔| +|aws_wafv2_web_acl_association_invalid_resource_arn|✔| +|aws_wafv2_web_acl_association_invalid_web_acl_arn|✔| +|aws_wafv2_web_acl_invalid_description|✔| +|aws_wafv2_web_acl_invalid_name|✔| +|aws_wafv2_web_acl_invalid_scope|✔| +|aws_wafv2_web_acl_logging_configuration_invalid_resource_arn|✔| |aws_worklink_fleet_invalid_audit_stream_arn|✔| |aws_worklink_fleet_invalid_device_ca_certificate|✔| |aws_worklink_fleet_invalid_display_name|✔| diff --git a/rules/models/aws_wafv2_ip_set_invalid_description.go b/rules/models/aws_wafv2_ip_set_invalid_description.go new file mode 100644 index 00000000..ab805c70 --- /dev/null +++ b/rules/models/aws_wafv2_ip_set_invalid_description.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2IPSetInvalidDescriptionRule checks the pattern is valid +type AwsWafv2IPSetInvalidDescriptionRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2IPSetInvalidDescriptionRule returns new rule with default attributes +func NewAwsWafv2IPSetInvalidDescriptionRule() *AwsWafv2IPSetInvalidDescriptionRule { + return &AwsWafv2IPSetInvalidDescriptionRule{ + resourceType: "aws_wafv2_ip_set", + attributeName: "description", + max: 256, + min: 1, + pattern: regexp.MustCompile(`^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2IPSetInvalidDescriptionRule) Name() string { + return "aws_wafv2_ip_set_invalid_description" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2IPSetInvalidDescriptionRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2IPSetInvalidDescriptionRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2IPSetInvalidDescriptionRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2IPSetInvalidDescriptionRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "description must be 256 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "description must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_ip_set_invalid_ip_address_version.go b/rules/models/aws_wafv2_ip_set_invalid_ip_address_version.go new file mode 100644 index 00000000..bf499bc9 --- /dev/null +++ b/rules/models/aws_wafv2_ip_set_invalid_ip_address_version.go @@ -0,0 +1,77 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2IPSetInvalidIPAddressVersionRule checks the pattern is valid +type AwsWafv2IPSetInvalidIPAddressVersionRule struct { + resourceType string + attributeName string + enum []string +} + +// NewAwsWafv2IPSetInvalidIPAddressVersionRule returns new rule with default attributes +func NewAwsWafv2IPSetInvalidIPAddressVersionRule() *AwsWafv2IPSetInvalidIPAddressVersionRule { + return &AwsWafv2IPSetInvalidIPAddressVersionRule{ + resourceType: "aws_wafv2_ip_set", + attributeName: "ip_address_version", + enum: []string{ + "IPV4", + "IPV6", + }, + } +} + +// Name returns the rule name +func (r *AwsWafv2IPSetInvalidIPAddressVersionRule) Name() string { + return "aws_wafv2_ip_set_invalid_ip_address_version" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2IPSetInvalidIPAddressVersionRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2IPSetInvalidIPAddressVersionRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2IPSetInvalidIPAddressVersionRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2IPSetInvalidIPAddressVersionRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + found := false + for _, item := range r.enum { + if item == val { + found = true + } + } + if !found { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" is an invalid value as ip_address_version`, truncateLongMessage(val)), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_ip_set_invalid_name.go b/rules/models/aws_wafv2_ip_set_invalid_name.go new file mode 100644 index 00000000..511addf6 --- /dev/null +++ b/rules/models/aws_wafv2_ip_set_invalid_name.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2IPSetInvalidNameRule checks the pattern is valid +type AwsWafv2IPSetInvalidNameRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2IPSetInvalidNameRule returns new rule with default attributes +func NewAwsWafv2IPSetInvalidNameRule() *AwsWafv2IPSetInvalidNameRule { + return &AwsWafv2IPSetInvalidNameRule{ + resourceType: "aws_wafv2_ip_set", + attributeName: "name", + max: 128, + min: 1, + pattern: regexp.MustCompile(`^[\w\-]+$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2IPSetInvalidNameRule) Name() string { + return "aws_wafv2_ip_set_invalid_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2IPSetInvalidNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2IPSetInvalidNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2IPSetInvalidNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2IPSetInvalidNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "name must be 128 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "name must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w\-]+$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_ip_set_invalid_scope.go b/rules/models/aws_wafv2_ip_set_invalid_scope.go new file mode 100644 index 00000000..62392bfc --- /dev/null +++ b/rules/models/aws_wafv2_ip_set_invalid_scope.go @@ -0,0 +1,77 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2IPSetInvalidScopeRule checks the pattern is valid +type AwsWafv2IPSetInvalidScopeRule struct { + resourceType string + attributeName string + enum []string +} + +// NewAwsWafv2IPSetInvalidScopeRule returns new rule with default attributes +func NewAwsWafv2IPSetInvalidScopeRule() *AwsWafv2IPSetInvalidScopeRule { + return &AwsWafv2IPSetInvalidScopeRule{ + resourceType: "aws_wafv2_ip_set", + attributeName: "scope", + enum: []string{ + "CLOUDFRONT", + "REGIONAL", + }, + } +} + +// Name returns the rule name +func (r *AwsWafv2IPSetInvalidScopeRule) Name() string { + return "aws_wafv2_ip_set_invalid_scope" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2IPSetInvalidScopeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2IPSetInvalidScopeRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2IPSetInvalidScopeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2IPSetInvalidScopeRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + found := false + for _, item := range r.enum { + if item == val { + found = true + } + } + if !found { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" is an invalid value as scope`, truncateLongMessage(val)), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_regex_pattern_set_invalid_description.go b/rules/models/aws_wafv2_regex_pattern_set_invalid_description.go new file mode 100644 index 00000000..b6ef9f76 --- /dev/null +++ b/rules/models/aws_wafv2_regex_pattern_set_invalid_description.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2RegexPatternSetInvalidDescriptionRule checks the pattern is valid +type AwsWafv2RegexPatternSetInvalidDescriptionRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2RegexPatternSetInvalidDescriptionRule returns new rule with default attributes +func NewAwsWafv2RegexPatternSetInvalidDescriptionRule() *AwsWafv2RegexPatternSetInvalidDescriptionRule { + return &AwsWafv2RegexPatternSetInvalidDescriptionRule{ + resourceType: "aws_wafv2_regex_pattern_set", + attributeName: "description", + max: 256, + min: 1, + pattern: regexp.MustCompile(`^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2RegexPatternSetInvalidDescriptionRule) Name() string { + return "aws_wafv2_regex_pattern_set_invalid_description" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2RegexPatternSetInvalidDescriptionRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2RegexPatternSetInvalidDescriptionRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2RegexPatternSetInvalidDescriptionRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2RegexPatternSetInvalidDescriptionRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "description must be 256 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "description must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_regex_pattern_set_invalid_name.go b/rules/models/aws_wafv2_regex_pattern_set_invalid_name.go new file mode 100644 index 00000000..8c8c96e5 --- /dev/null +++ b/rules/models/aws_wafv2_regex_pattern_set_invalid_name.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2RegexPatternSetInvalidNameRule checks the pattern is valid +type AwsWafv2RegexPatternSetInvalidNameRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2RegexPatternSetInvalidNameRule returns new rule with default attributes +func NewAwsWafv2RegexPatternSetInvalidNameRule() *AwsWafv2RegexPatternSetInvalidNameRule { + return &AwsWafv2RegexPatternSetInvalidNameRule{ + resourceType: "aws_wafv2_regex_pattern_set", + attributeName: "name", + max: 128, + min: 1, + pattern: regexp.MustCompile(`^[\w\-]+$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2RegexPatternSetInvalidNameRule) Name() string { + return "aws_wafv2_regex_pattern_set_invalid_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2RegexPatternSetInvalidNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2RegexPatternSetInvalidNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2RegexPatternSetInvalidNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2RegexPatternSetInvalidNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "name must be 128 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "name must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w\-]+$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_regex_pattern_set_invalid_scope.go b/rules/models/aws_wafv2_regex_pattern_set_invalid_scope.go new file mode 100644 index 00000000..0e8fa333 --- /dev/null +++ b/rules/models/aws_wafv2_regex_pattern_set_invalid_scope.go @@ -0,0 +1,77 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2RegexPatternSetInvalidScopeRule checks the pattern is valid +type AwsWafv2RegexPatternSetInvalidScopeRule struct { + resourceType string + attributeName string + enum []string +} + +// NewAwsWafv2RegexPatternSetInvalidScopeRule returns new rule with default attributes +func NewAwsWafv2RegexPatternSetInvalidScopeRule() *AwsWafv2RegexPatternSetInvalidScopeRule { + return &AwsWafv2RegexPatternSetInvalidScopeRule{ + resourceType: "aws_wafv2_regex_pattern_set", + attributeName: "scope", + enum: []string{ + "CLOUDFRONT", + "REGIONAL", + }, + } +} + +// Name returns the rule name +func (r *AwsWafv2RegexPatternSetInvalidScopeRule) Name() string { + return "aws_wafv2_regex_pattern_set_invalid_scope" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2RegexPatternSetInvalidScopeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2RegexPatternSetInvalidScopeRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2RegexPatternSetInvalidScopeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2RegexPatternSetInvalidScopeRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + found := false + for _, item := range r.enum { + if item == val { + found = true + } + } + if !found { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" is an invalid value as scope`, truncateLongMessage(val)), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_rule_group_invalid_description.go b/rules/models/aws_wafv2_rule_group_invalid_description.go new file mode 100644 index 00000000..c752d7b9 --- /dev/null +++ b/rules/models/aws_wafv2_rule_group_invalid_description.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2RuleGroupInvalidDescriptionRule checks the pattern is valid +type AwsWafv2RuleGroupInvalidDescriptionRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2RuleGroupInvalidDescriptionRule returns new rule with default attributes +func NewAwsWafv2RuleGroupInvalidDescriptionRule() *AwsWafv2RuleGroupInvalidDescriptionRule { + return &AwsWafv2RuleGroupInvalidDescriptionRule{ + resourceType: "aws_wafv2_rule_group", + attributeName: "description", + max: 256, + min: 1, + pattern: regexp.MustCompile(`^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2RuleGroupInvalidDescriptionRule) Name() string { + return "aws_wafv2_rule_group_invalid_description" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2RuleGroupInvalidDescriptionRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2RuleGroupInvalidDescriptionRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2RuleGroupInvalidDescriptionRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2RuleGroupInvalidDescriptionRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "description must be 256 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "description must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_rule_group_invalid_name.go b/rules/models/aws_wafv2_rule_group_invalid_name.go new file mode 100644 index 00000000..92dfc896 --- /dev/null +++ b/rules/models/aws_wafv2_rule_group_invalid_name.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2RuleGroupInvalidNameRule checks the pattern is valid +type AwsWafv2RuleGroupInvalidNameRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2RuleGroupInvalidNameRule returns new rule with default attributes +func NewAwsWafv2RuleGroupInvalidNameRule() *AwsWafv2RuleGroupInvalidNameRule { + return &AwsWafv2RuleGroupInvalidNameRule{ + resourceType: "aws_wafv2_rule_group", + attributeName: "name", + max: 128, + min: 1, + pattern: regexp.MustCompile(`^[\w\-]+$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2RuleGroupInvalidNameRule) Name() string { + return "aws_wafv2_rule_group_invalid_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2RuleGroupInvalidNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2RuleGroupInvalidNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2RuleGroupInvalidNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2RuleGroupInvalidNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "name must be 128 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "name must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w\-]+$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_rule_group_invalid_scope.go b/rules/models/aws_wafv2_rule_group_invalid_scope.go new file mode 100644 index 00000000..a72e9ab1 --- /dev/null +++ b/rules/models/aws_wafv2_rule_group_invalid_scope.go @@ -0,0 +1,77 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2RuleGroupInvalidScopeRule checks the pattern is valid +type AwsWafv2RuleGroupInvalidScopeRule struct { + resourceType string + attributeName string + enum []string +} + +// NewAwsWafv2RuleGroupInvalidScopeRule returns new rule with default attributes +func NewAwsWafv2RuleGroupInvalidScopeRule() *AwsWafv2RuleGroupInvalidScopeRule { + return &AwsWafv2RuleGroupInvalidScopeRule{ + resourceType: "aws_wafv2_rule_group", + attributeName: "scope", + enum: []string{ + "CLOUDFRONT", + "REGIONAL", + }, + } +} + +// Name returns the rule name +func (r *AwsWafv2RuleGroupInvalidScopeRule) Name() string { + return "aws_wafv2_rule_group_invalid_scope" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2RuleGroupInvalidScopeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2RuleGroupInvalidScopeRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2RuleGroupInvalidScopeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2RuleGroupInvalidScopeRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + found := false + for _, item := range r.enum { + if item == val { + found = true + } + } + if !found { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" is an invalid value as scope`, truncateLongMessage(val)), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_web_acl_association_invalid_resource_arn.go b/rules/models/aws_wafv2_web_acl_association_invalid_resource_arn.go new file mode 100644 index 00000000..9d3b2467 --- /dev/null +++ b/rules/models/aws_wafv2_web_acl_association_invalid_resource_arn.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2WebACLAssociationInvalidResourceArnRule checks the pattern is valid +type AwsWafv2WebACLAssociationInvalidResourceArnRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2WebACLAssociationInvalidResourceArnRule returns new rule with default attributes +func NewAwsWafv2WebACLAssociationInvalidResourceArnRule() *AwsWafv2WebACLAssociationInvalidResourceArnRule { + return &AwsWafv2WebACLAssociationInvalidResourceArnRule{ + resourceType: "aws_wafv2_web_acl_association", + attributeName: "resource_arn", + max: 2048, + min: 20, + pattern: regexp.MustCompile(`^.*\S.*$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2WebACLAssociationInvalidResourceArnRule) Name() string { + return "aws_wafv2_web_acl_association_invalid_resource_arn" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2WebACLAssociationInvalidResourceArnRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2WebACLAssociationInvalidResourceArnRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2WebACLAssociationInvalidResourceArnRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2WebACLAssociationInvalidResourceArnRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "resource_arn must be 2048 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "resource_arn must be 20 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_web_acl_association_invalid_web_acl_arn.go b/rules/models/aws_wafv2_web_acl_association_invalid_web_acl_arn.go new file mode 100644 index 00000000..5ed25588 --- /dev/null +++ b/rules/models/aws_wafv2_web_acl_association_invalid_web_acl_arn.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2WebACLAssociationInvalidWebACLArnRule checks the pattern is valid +type AwsWafv2WebACLAssociationInvalidWebACLArnRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2WebACLAssociationInvalidWebACLArnRule returns new rule with default attributes +func NewAwsWafv2WebACLAssociationInvalidWebACLArnRule() *AwsWafv2WebACLAssociationInvalidWebACLArnRule { + return &AwsWafv2WebACLAssociationInvalidWebACLArnRule{ + resourceType: "aws_wafv2_web_acl_association", + attributeName: "web_acl_arn", + max: 2048, + min: 20, + pattern: regexp.MustCompile(`^.*\S.*$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2WebACLAssociationInvalidWebACLArnRule) Name() string { + return "aws_wafv2_web_acl_association_invalid_web_acl_arn" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2WebACLAssociationInvalidWebACLArnRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2WebACLAssociationInvalidWebACLArnRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2WebACLAssociationInvalidWebACLArnRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2WebACLAssociationInvalidWebACLArnRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "web_acl_arn must be 2048 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "web_acl_arn must be 20 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_web_acl_invalid_description.go b/rules/models/aws_wafv2_web_acl_invalid_description.go new file mode 100644 index 00000000..aa8d000c --- /dev/null +++ b/rules/models/aws_wafv2_web_acl_invalid_description.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2WebACLInvalidDescriptionRule checks the pattern is valid +type AwsWafv2WebACLInvalidDescriptionRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2WebACLInvalidDescriptionRule returns new rule with default attributes +func NewAwsWafv2WebACLInvalidDescriptionRule() *AwsWafv2WebACLInvalidDescriptionRule { + return &AwsWafv2WebACLInvalidDescriptionRule{ + resourceType: "aws_wafv2_web_acl", + attributeName: "description", + max: 256, + min: 1, + pattern: regexp.MustCompile(`^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2WebACLInvalidDescriptionRule) Name() string { + return "aws_wafv2_web_acl_invalid_description" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2WebACLInvalidDescriptionRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2WebACLInvalidDescriptionRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2WebACLInvalidDescriptionRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2WebACLInvalidDescriptionRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "description must be 256 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "description must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_web_acl_invalid_name.go b/rules/models/aws_wafv2_web_acl_invalid_name.go new file mode 100644 index 00000000..343ed97c --- /dev/null +++ b/rules/models/aws_wafv2_web_acl_invalid_name.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2WebACLInvalidNameRule checks the pattern is valid +type AwsWafv2WebACLInvalidNameRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2WebACLInvalidNameRule returns new rule with default attributes +func NewAwsWafv2WebACLInvalidNameRule() *AwsWafv2WebACLInvalidNameRule { + return &AwsWafv2WebACLInvalidNameRule{ + resourceType: "aws_wafv2_web_acl", + attributeName: "name", + max: 128, + min: 1, + pattern: regexp.MustCompile(`^[\w\-]+$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2WebACLInvalidNameRule) Name() string { + return "aws_wafv2_web_acl_invalid_name" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2WebACLInvalidNameRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2WebACLInvalidNameRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2WebACLInvalidNameRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2WebACLInvalidNameRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "name must be 128 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "name must be 1 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[\w\-]+$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_web_acl_invalid_scope.go b/rules/models/aws_wafv2_web_acl_invalid_scope.go new file mode 100644 index 00000000..9477ddcf --- /dev/null +++ b/rules/models/aws_wafv2_web_acl_invalid_scope.go @@ -0,0 +1,77 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2WebACLInvalidScopeRule checks the pattern is valid +type AwsWafv2WebACLInvalidScopeRule struct { + resourceType string + attributeName string + enum []string +} + +// NewAwsWafv2WebACLInvalidScopeRule returns new rule with default attributes +func NewAwsWafv2WebACLInvalidScopeRule() *AwsWafv2WebACLInvalidScopeRule { + return &AwsWafv2WebACLInvalidScopeRule{ + resourceType: "aws_wafv2_web_acl", + attributeName: "scope", + enum: []string{ + "CLOUDFRONT", + "REGIONAL", + }, + } +} + +// Name returns the rule name +func (r *AwsWafv2WebACLInvalidScopeRule) Name() string { + return "aws_wafv2_web_acl_invalid_scope" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2WebACLInvalidScopeRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2WebACLInvalidScopeRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2WebACLInvalidScopeRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2WebACLInvalidScopeRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + found := false + for _, item := range r.enum { + if item == val { + found = true + } + } + if !found { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" is an invalid value as scope`, truncateLongMessage(val)), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/aws_wafv2_web_acl_logging_configuration_invalid_resource_arn.go b/rules/models/aws_wafv2_web_acl_logging_configuration_invalid_resource_arn.go new file mode 100644 index 00000000..43e2c6c3 --- /dev/null +++ b/rules/models/aws_wafv2_web_acl_logging_configuration_invalid_resource_arn.go @@ -0,0 +1,87 @@ +// This file generated by `generator/`. DO NOT EDIT + +package models + +import ( + "fmt" + "log" + "regexp" + + hcl "github.com/hashicorp/hcl/v2" + "github.com/terraform-linters/tflint-plugin-sdk/tflint" +) + +// AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule checks the pattern is valid +type AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule struct { + resourceType string + attributeName string + max int + min int + pattern *regexp.Regexp +} + +// NewAwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule returns new rule with default attributes +func NewAwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule() *AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule { + return &AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule{ + resourceType: "aws_wafv2_web_acl_logging_configuration", + attributeName: "resource_arn", + max: 2048, + min: 20, + pattern: regexp.MustCompile(`^.*\S.*$`), + } +} + +// Name returns the rule name +func (r *AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule) Name() string { + return "aws_wafv2_web_acl_logging_configuration_invalid_resource_arn" +} + +// Enabled returns whether the rule is enabled by default +func (r *AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule) Enabled() bool { + return true +} + +// Severity returns the rule severity +func (r *AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule) Severity() string { + return tflint.ERROR +} + +// Link returns the rule reference link +func (r *AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule) Link() string { + return "" +} + +// Check checks the pattern is valid +func (r *AwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule) Check(runner tflint.Runner) error { + log.Printf("[TRACE] Check `%s` rule", r.Name()) + + return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error { + var val string + err := runner.EvaluateExpr(attribute.Expr, &val, nil) + + return runner.EnsureNoError(err, func() error { + if len(val) > r.max { + runner.EmitIssueOnExpr( + r, + "resource_arn must be 2048 characters or less", + attribute.Expr, + ) + } + if len(val) < r.min { + runner.EmitIssueOnExpr( + r, + "resource_arn must be 20 characters or higher", + attribute.Expr, + ) + } + if !r.pattern.MatchString(val) { + runner.EmitIssueOnExpr( + r, + fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^.*\S.*$`), + attribute.Expr, + ) + } + return nil + }) + }) +} diff --git a/rules/models/mappings/wafv2.hcl b/rules/models/mappings/wafv2.hcl new file mode 100644 index 00000000..2bea8b2e --- /dev/null +++ b/rules/models/mappings/wafv2.hcl @@ -0,0 +1,52 @@ +import = "aws-sdk-go/models/apis/wafv2/2019-07-29/api-2.json" + +mapping "aws_wafv2_ip_set" { + name = EntityName + description = EntityDescription + scope = Scope + ip_address_version = IPAddressVersion + addresses = IPAddresses + tags = TagList +} + +mapping "aws_wafv2_regex_pattern_set" { + name = EntityName + description = EntityDescription + scope = Scope + regular_expression = RegularExpressionList + tags = TagList +} + +mapping "aws_wafv2_rule_group" { + capacity = CapacityUnit + custom_response_body = CustomResponseBodies + description = EntityDescription + name = EntityName + rule = Rules + scope = Scope + tags = TagList + visibility_config = VisibilityConfig +} + +mapping "aws_wafv2_web_acl" { + custom_response_body = CustomResponseBodies + default_action = DefaultAction + description = EntityDescription + name = EntityName + rule = Rules + scope = Scope + tags = TagList + visibility_config = VisibilityConfig +} + +mapping "aws_wafv2_web_acl_association" { + resource_arn = ResourceArn + web_acl_arn = ResourceArn +} + +mapping "aws_wafv2_web_acl_logging_configuration" { + log_destination_configs = LogDestinationConfigs + logging_filter = LoggingFilter + redacted_fields = RedactedFields + resource_arn = ResourceArn +} diff --git a/rules/models/provider.go b/rules/models/provider.go index eebd7433..0452e9c2 100644 --- a/rules/models/provider.go +++ b/rules/models/provider.go @@ -1083,6 +1083,22 @@ var Rules = []tflint.Rule{ NewAwsWafregionalWebACLInvalidMetricNameRule(), NewAwsWafregionalWebACLInvalidNameRule(), NewAwsWafregionalXSSMatchSetInvalidNameRule(), + NewAwsWafv2IPSetInvalidDescriptionRule(), + NewAwsWafv2IPSetInvalidIPAddressVersionRule(), + NewAwsWafv2IPSetInvalidNameRule(), + NewAwsWafv2IPSetInvalidScopeRule(), + NewAwsWafv2RegexPatternSetInvalidDescriptionRule(), + NewAwsWafv2RegexPatternSetInvalidNameRule(), + NewAwsWafv2RegexPatternSetInvalidScopeRule(), + NewAwsWafv2RuleGroupInvalidDescriptionRule(), + NewAwsWafv2RuleGroupInvalidNameRule(), + NewAwsWafv2RuleGroupInvalidScopeRule(), + NewAwsWafv2WebACLAssociationInvalidResourceArnRule(), + NewAwsWafv2WebACLAssociationInvalidWebACLArnRule(), + NewAwsWafv2WebACLInvalidDescriptionRule(), + NewAwsWafv2WebACLInvalidNameRule(), + NewAwsWafv2WebACLInvalidScopeRule(), + NewAwsWafv2WebACLLoggingConfigurationInvalidResourceArnRule(), NewAwsWorklinkFleetInvalidAuditStreamArnRule(), NewAwsWorklinkFleetInvalidDeviceCaCertificateRule(), NewAwsWorklinkFleetInvalidDisplayNameRule(),