Enable deep checking

Author: wata727

go.mod

@@ -7,4 +7,5 @@ require (
 	github.com/hashicorp/hcl/v2 v2.9.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.4.4
 	github.com/terraform-linters/tflint-plugin-sdk v0.8.1
+	google.golang.org/api v0.40.0
 )

go.sum

@@ -0,0 +1,24 @@
+package google
+
+import (
+	"context"
+
+	"google.golang.org/api/serviceusage/v1"
+)
+
+// Client is a wrapper of the Google API client
+type Client struct {
+	ServiceUsage *serviceusage.Service
+}
+
+// NewClient returns a new Client
+func NewClient() (*Client, error) {
+	serviceusageClient, err := serviceusage.NewService(context.TODO())
+	if err != nil {
+		return nil, err
+	}
+
+	return &Client{
+		ServiceUsage: serviceusageClient,
+	}, nil
+}

google/client.go

@@ -0,0 +1,10 @@
+package google
+
+import "github.com/hashicorp/hcl/v2"
+
+// Config is the configuration for the ruleset.
+type Config struct {
+	DeepCheck bool `hcl:"deep_check,optional"`
+
+	Remain hcl.Body `hcl:",remain"`
+}

google/config.go

@@ -0,0 +1,92 @@
+package google
+
+import (
+	"os"
+
+	"github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/terraform/configs"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// GoogleProviderBlockSchema is a schema of `google` provider block
+var GoogleProviderBlockSchema = &hcl.BodySchema{
+	Attributes: []hcl.AttributeSchema{
+		{Name: "project"},
+	},
+}
+
+// ProviderData represents a provider block with an eval context (runner)
+type ProviderData struct {
+	provider   *configs.Provider
+	runner     tflint.Runner
+	attributes hcl.Attributes
+	blocks     hcl.Blocks
+}
+
+// GetProject retrieves project_id from the "provider" block in the Terraform configuration and environment variables
+func GetProject(runner tflint.Runner) (string, error) {
+	provider, err := runner.RootProvider("google")
+	if err != nil || provider == nil {
+		return "", err
+	}
+
+	d, err := newProviderData(provider, runner)
+	if err != nil {
+		return "", err
+	}
+
+	project, exists, err := d.Get("project")
+	if exists {
+		return project, err
+	}
+
+	envs := []string{"GOOGLE_PROJECT", "GOOGLE_CLOUD_PROJECT", "GCLOUD_PROJECT", "CLOUDSDK_CORE_PROJECT"}
+	for _, env := range envs {
+		if project := os.Getenv(env); project != "" {
+			return project, nil
+		}
+	}
+
+	return "", nil
+}
+
+func newProviderData(provider *configs.Provider, runner tflint.Runner) (*ProviderData, error) {
+	providerData := &ProviderData{
+		provider:   provider,
+		runner:     runner,
+		attributes: map[string]*hcl.Attribute{},
+		blocks:     []*hcl.Block{},
+	}
+
+	if provider != nil {
+		content, _, diags := provider.Config.PartialContent(GoogleProviderBlockSchema)
+		if diags.HasErrors() {
+			return nil, diags
+		}
+
+		providerData.attributes = content.Attributes
+		providerData.blocks = content.Blocks
+	}
+
+	return providerData, nil
+}
+
+// Get returns a value corresponding to the given key
+// It should be noted that the value is evaluated if it is evaluable
+// The second return value is a flag that determines whether a value exists
+// We assume the provider has only simple attributes, so it just returns string
+func (d *ProviderData) Get(key string) (string, bool, error) {
+	attribute, exists := d.attributes[key]
+	if !exists {
+		return "", false, nil
+	}
+
+	var val string
+	err := d.runner.EvaluateExprOnRootCtx(attribute.Expr, &val, nil)
+
+	err = d.runner.EnsureNoError(err, func() error { return nil })
+	if err != nil {
+		return "", true, err
+	}
+	return val, true, nil
+}

google/provider.go

@@ -0,0 +1,71 @@
+package google
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/hcl/v2/gohcl"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// RuleSet is the custom ruleset for the Google provider plugin.
+type RuleSet struct {
+	tflint.BuiltinRuleSet
+	APIRules []tflint.Rule
+	config   *Config
+}
+
+// RuleNames is a list of rule names provided by the plugin.
+func (r *RuleSet) RuleNames() []string {
+	names := []string{}
+	for _, rule := range r.Rules {
+		names = append(names, rule.Name())
+	}
+	for _, rule := range r.APIRules {
+		names = append(names, rule.Name())
+	}
+	return names
+}
+
+// ApplyConfig reflects the plugin configuration to the ruleset.
+func (r *RuleSet) ApplyConfig(config *tflint.Config) error {
+	r.ApplyCommonConfig(config)
+
+	// Apply "plugin" block config
+	cfg := Config{}
+	diags := gohcl.DecodeBody(config.Body, nil, &cfg)
+	if diags.HasErrors() {
+		return diags
+	}
+	r.config = &cfg
+
+	// Apply config for API rules
+	for _, rule := range r.APIRules {
+		enabled := rule.Enabled()
+		if cfg := config.Rules[rule.Name()]; cfg != nil {
+			enabled = cfg.Enabled
+		} else if config.DisabledByDefault {
+			enabled = false
+		}
+
+		if cfg.DeepCheck && enabled {
+			r.EnabledRules = append(r.EnabledRules, rule)
+		}
+	}
+
+	return nil
+}
+
+// Check runs inspections for each rule with the custom Google runner.
+func (r *RuleSet) Check(rr tflint.Runner) error {
+	runner, err := NewRunner(rr, r.config)
+	if err != nil {
+		return err
+	}
+
+	for _, rule := range r.EnabledRules {
+		if err := rule.Check(runner); err != nil {
+			return fmt.Errorf("Failed to check `%s` rule: %s", rule.Name(), err)
+		}
+	}
+	return nil
+}

google/ruleset.go

@@ -0,0 +1,43 @@
+package google
+
+import (
+	"fmt"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// Runner is a wrapper of RPC client for inserting custom actions for Google provider.
+type Runner struct {
+	tflint.Runner
+	Client  *Client
+	Project string
+}
+
+// NewRunner returns a custom Google runner.
+func NewRunner(runner tflint.Runner, config *Config) (*Runner, error) {
+	var client *Client
+	var project string
+	var err error
+	if config.DeepCheck {
+		client, err = NewClient()
+		if err != nil {
+			return nil, err
+		}
+
+		project, err = GetProject(runner)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &Runner{
+		Runner:  runner,
+		Client:  client,
+		Project: project,
+	}, nil
+}
+
+// ParentProject returns a part of the API path about the parent project
+func (r *Runner) ParentProject() string {
+	return fmt.Sprintf("projects/%s", r.Project)
+}