Merge pull request #1 from hattan/users/aka/storage-account-rules

Add new custom rule to validate storage account name

docs/rules/azurerm_storage_account_invalid_name.md

@@ -0,0 +1,38 @@
+# azurerm_storage_account_invalid_name
+
+Warns about values that appear to be invalid based on [azure-rest-api-specs](https://github.com/Azure/azure-rest-api-specs).
+
+In this rule, the string must match the regular expression `^[a-z0-9]{3,24}$``.
+
+## Example
+
+```hcl
+resource "azurerm_storage_account" "foo" {
+  name = ... // invalid value
+}
+```
+
+```
+$ tflint
+1 issue(s) found:
+
+Error: "..." does not match valid pattern ^[a-z0-9]{3,24}$ (azurerm_storage_account_invalid_name)
+
+  on template.tf line 15:
+  15:   name = ... // invalid value
+
+Reference: https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/v0.4.0/docs/rules/azurerm_storage_account_invalid_name.md
+
+```
+
+## Why
+
+Requests containing invalid values will return an error when calling the API by `terraform apply`.
+
+## How to Fix
+
+Replace the warned value with a valid value.
+
+## Source
+
+https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftstorage

rules/azurerm_storage_account_invalid_name.go

@@ -0,0 +1,65 @@
+package rules
+
+import (
+	"fmt"
+	"regexp"
+
+	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+	"github.com/terraform-linters/tflint-ruleset-azurerm/project"
+)
+
+// AzurermStorageAccountInvalidNameRule checks the pattern is valid
+type AzurermStorageAccountInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAzurermStorageAccountInvalidNameRule returns new rule with default attributes
+func NewAzurermStorageAccountInvalidNameRule() *AzurermStorageAccountInvalidNameRule {
+	return &AzurermStorageAccountInvalidNameRule{
+		resourceType:  "azurerm_storage_account",
+		attributeName: "name",
+		pattern:       regexp.MustCompile(`^[a-z0-9]{3,24}$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AzurermStorageAccountInvalidNameRule) Name() string {
+	return "azurerm_storage_account_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AzurermStorageAccountInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AzurermStorageAccountInvalidNameRule) Severity() string {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AzurermStorageAccountInvalidNameRule) Link() string {
+	return project.ReferenceLink(r.Name())
+}
+
+// Check checks the pattern is valid
+func (r *AzurermStorageAccountInvalidNameRule) Check(runner tflint.Runner) error {
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssueOnExpr(
+					r,
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, val, `^[a-z0-9]{3,24}$`),
+					attribute.Expr,
+				)
+			}
+			return nil
+		})
+	})
+}

rules/provider.go

@@ -9,6 +9,7 @@ import (
 var Rules = append([]tflint.Rule{
 	NewAzurermLinuxVirtualMachineInvalidSizeRule(),
 	NewAzurermLinuxVirtualMachineScaleSetInvalidSkuRule(),
+	NewAzurermStorageAccountInvalidNameRule(),
 	NewAzurermVirtualMachineInvalidVMSizeRule(),
 	NewAzurermWindowsVirtualMachineInvalidSizeRule(),
 	NewAzurermWindowsVirtualMachineScaleSetInvalidSkuRule(),