Add support for dynamic blocks

docs/user-guide/compatibility.md

@@ -123,37 +123,23 @@ The values below are state-dependent and cannot be determined statically, so TFL
 
 ## Dynamic Blocks
 
-[Dynamic blocks](https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks) work just like normal blocks:
+TFLint supports [dynamic blocks](https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks).
 
 ```hcl
-resource "aws_instance" "static" {
-  ebs_block_device {
-    encrypted = false # => Must be encrypted
-  }
-}
-
 resource "aws_instance" "dynamic" {
   dynamic "ebs_block_device" {
-    for_each = var.block_devices
+    for_each = toset([
+      { size = 10 },
+      { size = 20 }
+    ])
     content {
-      encrypted = false # => Must be encrypted
+      volume_size = ebs_block_device.value["size"] # => 10 and 20
     }
   }
 }
 ```
 
-Note that iterator evaluation is not supported.
-
-```hcl
-resource "aws_instance" "dynamic" {
-  dynamic "ebs_block_device" {
-    for_each = var.block_devices
-    content {
-      encrypted = ebs_block_device.value["encrypted"] # => ignored
-    }
-  }
-}
-```
+Similar to support for meta-arguments, some rules may process a dynamic block as-is without expansion. If the `for_each` is unknown, the block will be empty.
 
 ## Modules
 

integrationtest/inspection/dynblock-unknown/.tflint.hcl

@@ -0,0 +1,3 @@
+plugin "testing" {
+  enabled = true
+}

integrationtest/inspection/dynblock-unknown/main.tf

@@ -0,0 +1,69 @@
+variable "unknown_set" {
+  type = set(bool)
+}
+
+variable "unknown_bool" {
+  type = bool
+}
+
+resource "aws_s3_bucket" "main" {
+  lifecycle_rule {
+    enabled = true
+  }
+
+  dynamic "lifecycle_rule" {
+    for_each = var.unknown_set
+
+    content {
+      enabled = lifecycle_rule.value
+    }
+  }
+
+  dynamic "lifecycle_rule" {
+    for_each = toset([var.unknown_bool])
+
+    content {
+      enabled = lifecycle_rule.value
+    }
+  }
+}
+
+resource "aws_iam_role" "main" {
+  inline_policy {
+    name = "static"
+  }
+
+  dynamic "inline_policy" {
+    for_each = toset(["foo", "bar"])
+
+    content {
+      name = inline_policy.value
+    }
+  }
+
+  dynamic "inline_policy" {
+    for_each = var.unknown_set
+
+    content {
+      name = inline_policy.value
+    }
+  }
+}
+
+resource "testing_assertions" "main" {
+  equal "static" {}
+
+  dynamic "equal" {
+    for_each = toset(["known_label"])
+    iterator = it
+    labels   = [it.value]
+    content {}
+  }
+
+  dynamic "equal" {
+    for_each = toset(["unknown_label"])
+    iterator = it
+    labels   = ["${it.value}-${var.unknown_bool}"]
+    content {}
+  }
+}

integrationtest/inspection/dynblock-unknown/result.json

@@ -0,0 +1,145 @@
+{
+  "issues": [
+    {
+      "rule": {
+        "name": "aws_s3_bucket_example_lifecycle_rule",
+        "severity": "error",
+        "link": ""
+      },
+      "message": "`lifecycle_rule` block found",
+      "range": {
+        "filename": "main.tf",
+        "start": {
+          "line": 10,
+          "column": 3
+        },
+        "end": {
+          "line": 10,
+          "column": 17
+        }
+      },
+      "callers": []
+    },
+    {
+      "rule": {
+        "name": "aws_s3_bucket_example_lifecycle_rule",
+        "severity": "error",
+        "link": ""
+      },
+      "message": "`enabled` attribute found: true",
+      "range": {
+        "filename": "main.tf",
+        "start": {
+          "line": 11,
+          "column": 15
+        },
+        "end": {
+          "line": 11,
+          "column": 19
+        }
+      },
+      "callers": []
+    },
+    {
+      "rule": {
+        "name": "aws_s3_bucket_example_lifecycle_rule",
+        "severity": "error",
+        "link": ""
+      },
+      "message": "`lifecycle_rule` block found",
+      "range": {
+        "filename": "main.tf",
+        "start": {
+          "line": 22,
+          "column": 3
+        },
+        "end": {
+          "line": 22,
+          "column": 27
+        }
+      },
+      "callers": []
+    },
+    {
+      "rule": {
+        "name": "aws_iam_role_example",
+        "severity": "error",
+        "link": ""
+      },
+      "message": "inline policy found",
+      "range": {
+        "filename": "main.tf",
+        "start": {
+          "line": 32,
+          "column": 3
+        },
+        "end": {
+          "line": 32,
+          "column": 16
+        }
+      },
+      "callers": []
+    },
+    {
+      "rule": {
+        "name": "aws_iam_role_example",
+        "severity": "error",
+        "link": ""
+      },
+      "message": "name is static",
+      "range": {
+        "filename": "main.tf",
+        "start": {
+          "line": 33,
+          "column": 12
+        },
+        "end": {
+          "line": 33,
+          "column": 20
+        }
+      },
+      "callers": []
+    },
+    {
+      "rule": {
+        "name": "testing_assertions_example",
+        "severity": "error",
+        "link": ""
+      },
+      "message": "equal block found: label=static",
+      "range": {
+        "filename": "main.tf",
+        "start": {
+          "line": 54,
+          "column": 3
+        },
+        "end": {
+          "line": 54,
+          "column": 17
+        }
+      },
+      "callers": []
+    },
+    {
+      "rule": {
+        "name": "testing_assertions_example",
+        "severity": "error",
+        "link": ""
+      },
+      "message": "equal block found: label=known_label",
+      "range": {
+        "filename": "main.tf",
+        "start": {
+          "line": 56,
+          "column": 3
+        },
+        "end": {
+          "line": 56,
+          "column": 18
+        }
+      },
+      "callers": []
+    }
+  ],
+  "errors": []
+}