Merge pull request hashicorp#37449 from hashicorp/t-literal-expressio…

…n-group-name-properties-string-constant ci: Prefer constants for string literals
nikhil-goenka · May 11, 2024 · 6442c60 · 6442c60
2 parents e71921f + bdb0953
commit 6442c60
Show file tree

Hide file tree

Showing 231 changed files with 1,097 additions and 954 deletions.
diff --git a/.ci/.semgrep-constants.yml b/.ci/.semgrep-constants.yml
@@ -160,6 +160,16 @@ rules:
       - pattern: '"certificate_arn"'
     severity: ERROR
     fix: "names.AttrCertificateARN"
+  - id: literal-client_id-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrClientID` for the string literal "client_id"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"client_id"'
+    severity: ERROR
+    fix: "names.AttrClientID"
   - id: literal-cluster_identifier-string-constant
     languages: [go]
     message: Use the constant `names.AttrClusterIdentifier` for the string literal "cluster_identifier"
@@ -390,6 +400,16 @@ rules:
       - pattern: '"execution_role_arn"'
     severity: ERROR
     fix: "names.AttrExecutionRoleARN"
+  - id: literal-expression-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrExpression` for the string literal "expression"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"expression"'
+    severity: ERROR
+    fix: "names.AttrExpression"
   - id: literal-file_system_id-string-constant
     languages: [go]
     message: Use the constant `names.AttrFileSystemID` for the string literal "file_system_id"
@@ -430,6 +450,16 @@ rules:
       - pattern: '"format"'
     severity: ERROR
     fix: "names.AttrFormat"
+  - id: literal-group_name-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrGroupName` for the string literal "group_name"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"group_name"'
+    severity: ERROR
+    fix: "names.AttrGroupName"
   - id: literal-hosted_zone_id-string-constant
     languages: [go]
     message: Use the constant `names.AttrHostedZoneID` for the string literal "hosted_zone_id"
@@ -450,6 +480,16 @@ rules:
       - pattern: '"id"'
     severity: ERROR
     fix: "names.AttrID"
+  - id: literal-ip_address-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrIPAddress` for the string literal "ip_address"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"ip_address"'
+    severity: ERROR
+    fix: "names.AttrIPAddress"
   - id: literal-identifier-string-constant
     languages: [go]
     message: Use the constant `names.AttrIdentifier` for the string literal "identifier"
@@ -540,6 +580,16 @@ rules:
       - pattern: '"max"'
     severity: ERROR
     fix: "names.AttrMax"
+  - id: literal-metric_name-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrMetricName` for the string literal "metric_name"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"metric_name"'
+    severity: ERROR
+    fix: "names.AttrMetricName"
   - id: literal-min-string-constant
     languages: [go]
     message: Use the constant `names.AttrMin` for the string literal "min"
@@ -700,6 +750,16 @@ rules:
       - pattern: '"prefix"'
     severity: ERROR
     fix: "names.AttrPrefix"
+  - id: literal-principal-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrPrincipal` for the string literal "principal"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"principal"'
+    severity: ERROR
+    fix: "names.AttrPrincipal"
   - id: literal-priority-string-constant
     languages: [go]
     message: Use the constant `names.AttrPriority` for the string literal "priority"
@@ -710,6 +770,16 @@ rules:
       - pattern: '"priority"'
     severity: ERROR
     fix: "names.AttrPriority"
+  - id: literal-private_key-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrPrivateKey` for the string literal "private_key"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"private_key"'
+    severity: ERROR
+    fix: "names.AttrPrivateKey"
   - id: literal-profile-string-constant
     languages: [go]
     message: Use the constant `names.AttrProfile` for the string literal "profile"
@@ -720,6 +790,16 @@ rules:
       - pattern: '"profile"'
     severity: ERROR
     fix: "names.AttrProfile"
+  - id: literal-properties-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrProperties` for the string literal "properties"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"properties"'
+    severity: ERROR
+    fix: "names.AttrProperties"
   - id: literal-protocol-string-constant
     languages: [go]
     message: Use the constant `names.AttrProtocol` for the string literal "protocol"
@@ -800,6 +880,16 @@ rules:
       - pattern: '"sns_topic_arn"'
     severity: ERROR
     fix: "names.AttrSNSTopicARN"
+  - id: literal-schedule-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrSchedule` for the string literal "schedule"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"schedule"'
+    severity: ERROR
+    fix: "names.AttrSchedule"
   - id: literal-schedule_expression-string-constant
     languages: [go]
     message: Use the constant `names.AttrScheduleExpression` for the string literal "schedule_expression"
@@ -1060,6 +1150,16 @@ rules:
       - pattern: '"username"'
     severity: ERROR
     fix: "names.AttrUsername"
+  - id: literal-vpc_config-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrVPCConfig` for the string literal "vpc_config"
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"vpc_config"'
+    severity: ERROR
+    fix: "names.AttrVPCConfig"
   - id: literal-vpc_id-string-constant
     languages: [go]
     message: Use the constant `names.AttrVPCID` for the string literal "vpc_id"

diff --git a/internal/service/acm/certificate.go b/internal/service/acm/certificate.go
@@ -76,12 +76,12 @@ func resourceCertificate() *schema.Resource {
 				Optional:      true,
 				ForceNew:      true,
 				ValidateFunc:  verify.ValidARN,
-				ConflictsWith: []string{"certificate_body", "private_key", "validation_method"},
+				ConflictsWith: []string{"certificate_body", names.AttrPrivateKey, "validation_method"},
 			},
 			"certificate_body": {
 				Type:          schema.TypeString,
 				Optional:      true,
-				RequiredWith:  []string{"private_key"},
+				RequiredWith:  []string{names.AttrPrivateKey},
 				ConflictsWith: []string{"certificate_authority_arn", names.AttrDomainName, "validation_method"},
 			},
 			"certificate_chain": {
@@ -95,8 +95,8 @@ func resourceCertificate() *schema.Resource {
 				Computed:      true,
 				ForceNew:      true,
 				ValidateFunc:  validation.StringDoesNotMatch(regexache.MustCompile(`\.$`), "cannot end with a period"),
-				ExactlyOneOf:  []string{names.AttrDomainName, "private_key"},
-				ConflictsWith: []string{"certificate_body", "certificate_chain", "private_key"},
+				ExactlyOneOf:  []string{names.AttrDomainName, names.AttrPrivateKey},
+				ConflictsWith: []string{"certificate_body", "certificate_chain", names.AttrPrivateKey},
 			},
 			"domain_validation_options": {
 				Type:     schema.TypeSet,
@@ -127,15 +127,15 @@ func resourceCertificate() *schema.Resource {
 				Type:             schema.TypeString,
 				Optional:         true,
 				ValidateDiagFunc: validateHybridDuration,
-				ConflictsWith:    []string{"certificate_body", "certificate_chain", "private_key", "validation_method"},
+				ConflictsWith:    []string{"certificate_body", "certificate_chain", names.AttrPrivateKey, "validation_method"},
 			},
 			"key_algorithm": {
 				Type:             schema.TypeString,
 				Optional:         true,
 				Computed:         true,
 				ForceNew:         true,
 				ValidateDiagFunc: enum.Validate[types.KeyAlgorithm](),
-				ConflictsWith:    []string{"certificate_body", "certificate_chain", "private_key"},
+				ConflictsWith:    []string{"certificate_body", "certificate_chain", names.AttrPrivateKey},
 			},
 			"not_after": {
 				Type:     schema.TypeString,
@@ -157,7 +157,7 @@ func resourceCertificate() *schema.Resource {
 							Optional:         true,
 							Default:          types.CertificateTransparencyLoggingPreferenceEnabled,
 							ValidateDiagFunc: enum.Validate[types.CertificateTransparencyLoggingPreference](),
-							ConflictsWith:    []string{"certificate_body", "certificate_chain", "private_key"},
+							ConflictsWith:    []string{"certificate_body", "certificate_chain", names.AttrPrivateKey},
 						},
 					},
 				},
@@ -166,11 +166,11 @@ func resourceCertificate() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
-			"private_key": {
+			names.AttrPrivateKey: {
 				Type:         schema.TypeString,
 				Optional:     true,
 				Sensitive:    true,
-				ExactlyOneOf: []string{names.AttrDomainName, "private_key"},
+				ExactlyOneOf: []string{names.AttrDomainName, names.AttrPrivateKey},
 			},
 			"renewal_eligibility": {
 				Type:     schema.TypeString,
@@ -212,7 +212,7 @@ func resourceCertificate() *schema.Resource {
 						validation.StringDoesNotMatch(regexache.MustCompile(`\.$`), "cannot end with a period"),
 					),
 				},
-				ConflictsWith: []string{"certificate_body", "certificate_chain", "private_key"},
+				ConflictsWith: []string{"certificate_body", "certificate_chain", names.AttrPrivateKey},
 			},
 			names.AttrTags:    tftags.TagsSchema(),
 			names.AttrTagsAll: tftags.TagsSchemaComputed(),
@@ -231,7 +231,7 @@ func resourceCertificate() *schema.Resource {
 				Computed:         true,
 				ForceNew:         true,
 				ValidateDiagFunc: enum.Validate[types.ValidationMethod](),
-				ConflictsWith:    []string{"certificate_authority_arn", "certificate_body", "certificate_chain", "private_key"},
+				ConflictsWith:    []string{"certificate_authority_arn", "certificate_body", "certificate_chain", names.AttrPrivateKey},
 			},
 			"validation_option": {
 				Type:     schema.TypeSet,
@@ -251,7 +251,7 @@ func resourceCertificate() *schema.Resource {
 						},
 					},
 				},
-				ConflictsWith: []string{"certificate_body", "certificate_chain", "private_key"},
+				ConflictsWith: []string{"certificate_body", "certificate_chain", names.AttrPrivateKey},
 			},
 		},
 
@@ -382,7 +382,7 @@ func resourceCertificateCreate(ctx context.Context, d *schema.ResourceData, meta
 	} else {
 		input := &acm.ImportCertificateInput{
 			Certificate: []byte(d.Get("certificate_body").(string)),
-			PrivateKey:  []byte(d.Get("private_key").(string)),
+			PrivateKey:  []byte(d.Get(names.AttrPrivateKey).(string)),
 			Tags:        getTagsIn(ctx),
 		}
 
@@ -482,16 +482,16 @@ func resourceCertificateUpdate(ctx context.Context, d *schema.ResourceData, meta
 
 	conn := meta.(*conns.AWSClient).ACMClient(ctx)
 
-	if d.HasChanges("private_key", "certificate_body", "certificate_chain") {
+	if d.HasChanges(names.AttrPrivateKey, "certificate_body", "certificate_chain") {
 		oCBRaw, nCBRaw := d.GetChange("certificate_body")
 		oCCRaw, nCCRaw := d.GetChange("certificate_chain")
-		oPKRaw, nPKRaw := d.GetChange("private_key")
+		oPKRaw, nPKRaw := d.GetChange(names.AttrPrivateKey)
 
 		if !isChangeNormalizeCertRemoval(oCBRaw, nCBRaw) || !isChangeNormalizeCertRemoval(oCCRaw, nCCRaw) || !isChangeNormalizeCertRemoval(oPKRaw, nPKRaw) {
 			input := &acm.ImportCertificateInput{
 				Certificate:    []byte(d.Get("certificate_body").(string)),
 				CertificateArn: aws.String(d.Get(names.AttrARN).(string)),
-				PrivateKey:     []byte(d.Get("private_key").(string)),
+				PrivateKey:     []byte(d.Get(names.AttrPrivateKey).(string)),
 			}
 
 			if chain, ok := d.GetOk("certificate_chain"); ok {

diff --git a/internal/service/acm/certificate_test.go b/internal/service/acm/certificate_test.go
@@ -1547,7 +1547,7 @@ func TestAccACMCertificate_Imported_domainName(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 				// These are not returned by the API
-				ImportStateVerifyIgnore: []string{"private_key", "certificate_body", "certificate_chain"},
+				ImportStateVerifyIgnore: []string{names.AttrPrivateKey, "certificate_body", "certificate_chain"},
 			},
 		},
 	})
@@ -1588,7 +1588,7 @@ func TestAccACMCertificate_Imported_validityDates(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 				// These are not returned by the API
-				ImportStateVerifyIgnore: []string{"private_key", "certificate_body", "certificate_chain"},
+				ImportStateVerifyIgnore: []string{names.AttrPrivateKey, "certificate_body", "certificate_chain"},
 			},
 		},
 	})
@@ -1621,7 +1621,7 @@ func TestAccACMCertificate_Imported_ipAddress(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 				// These are not returned by the API
-				ImportStateVerifyIgnore: []string{"private_key", "certificate_body"},
+				ImportStateVerifyIgnore: []string{names.AttrPrivateKey, "certificate_body"},
 			},
 		},
 	})
@@ -1655,7 +1655,7 @@ func TestAccACMCertificate_PrivateKey_tags(t *testing.T) {
 				ResourceName:            resourceName,
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"private_key", "certificate_body"},
+				ImportStateVerifyIgnore: []string{names.AttrPrivateKey, "certificate_body"},
 			},
 			{
 				Config: testAccCertificateConfig_tags2(certificate1, key1, "key1", "value1updated", "key2", "value2"),

diff --git a/internal/service/acmpca/permission.go b/internal/service/acmpca/permission.go
@@ -56,7 +56,7 @@ func resourcePermission() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"principal": {
+			names.AttrPrincipal: {
 				Type:     schema.TypeString,
 				ForceNew: true,
 				Required: true,
@@ -79,7 +79,7 @@ func resourcePermissionCreate(ctx context.Context, d *schema.ResourceData, meta
 	conn := meta.(*conns.AWSClient).ACMPCAClient(ctx)
 
 	caARN := d.Get("certificate_authority_arn").(string)
-	principal := d.Get("principal").(string)
+	principal := d.Get(names.AttrPrincipal).(string)
 	sourceAccount := d.Get("source_account").(string)
 	id := errs.Must(flex.FlattenResourceId([]string{caARN, principal, sourceAccount}, permissionResourceIDPartCount, true))
 	input := &acmpca.CreatePermissionInput{
@@ -128,7 +128,7 @@ func resourcePermissionRead(ctx context.Context, d *schema.ResourceData, meta in
 	d.Set("actions", flattenPermissionActions(permission.Actions))
 	d.Set("certificate_authority_arn", permission.CertificateAuthorityArn)
 	d.Set(names.AttrPolicy, permission.Policy)
-	d.Set("principal", permission.Principal)
+	d.Set(names.AttrPrincipal, permission.Principal)
 	d.Set("source_account", permission.SourceAccount)
 
 	return diags

diff --git a/internal/service/acmpca/permission_test.go b/internal/service/acmpca/permission_test.go
@@ -39,7 +39,7 @@ func TestAccACMPCAPermission_basic(t *testing.T) {
 					resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "IssueCertificate"),
 					resource.TestCheckTypeSetElemAttr(resourceName, "actions.*", "ListPermissions"),
 					resource.TestCheckResourceAttrSet(resourceName, names.AttrPolicy),
-					resource.TestCheckResourceAttr(resourceName, "principal", "acm.amazonaws.com"),
+					resource.TestCheckResourceAttr(resourceName, names.AttrPrincipal, "acm.amazonaws.com"),
 					acctest.CheckResourceAttrAccountID(resourceName, "source_account"),
 				),
 			},
@@ -103,7 +103,7 @@ func testAccCheckPermissionDestroy(ctx context.Context) resource.TestCheckFunc {
 				continue
 			}
 
-			_, err := tfacmpca.FindPermissionByThreePartKey(ctx, conn, rs.Primary.Attributes["certificate_authority_arn"], rs.Primary.Attributes["principal"], rs.Primary.Attributes["source_account"])
+			_, err := tfacmpca.FindPermissionByThreePartKey(ctx, conn, rs.Primary.Attributes["certificate_authority_arn"], rs.Primary.Attributes[names.AttrPrincipal], rs.Primary.Attributes["source_account"])
 
 			if tfresource.NotFound(err) {
 				continue
@@ -129,7 +129,7 @@ func testAccCheckPermissionExists(ctx context.Context, n string, v *types.Permis
 
 		conn := acctest.Provider.Meta().(*conns.AWSClient).ACMPCAClient(ctx)
 
-		output, err := tfacmpca.FindPermissionByThreePartKey(ctx, conn, rs.Primary.Attributes["certificate_authority_arn"], rs.Primary.Attributes["principal"], rs.Primary.Attributes["source_account"])
+		output, err := tfacmpca.FindPermissionByThreePartKey(ctx, conn, rs.Primary.Attributes["certificate_authority_arn"], rs.Primary.Attributes[names.AttrPrincipal], rs.Primary.Attributes["source_account"])
 
 		if err != nil {
 			return err