rules

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 4, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultRegistry = NewRegistry()

DefaultRegistry is the global rule registry

Functions

func FindBestMatch 

func FindBestMatch(target string, candidates []string, threshold float64) (string, float64, bool)

FindBestMatch finds the string in candidates that has the highest similarity to target. Returns the best matching string, its similarity score, and whether a match was found above the given threshold.

func FindRemovedValues 

func FindRemovedValues(oldPattern, newPattern *ContainsPattern) []string

FindRemovedValues compares old and new contains patterns and returns removed values. A value is "removed" if it was in the old list but not in the new list.

func GetSimilarityThreshold 

func GetSimilarityThreshold() float64

GetSimilarityThreshold returns the current similarity threshold

func IsRenameDetectionEnabled 

func IsRenameDetectionEnabled() bool

IsRenameDetectionEnabled returns whether rename detection is enabled

func LevenshteinDistance 

func LevenshteinDistance(a, b string) int

LevenshteinDistance calculates the minimum number of single-character edits (insertions, deletions, or substitutions) required to change one string into another.

func Register 

func Register(rule Rule)

Register adds a rule to the default registry

func SetRenameDetectionSettings 

func SetRenameDetectionSettings(settings *RenameDetectionSettings)

SetRenameDetectionSettings updates the rename detection configuration

func Similarity 

func Similarity(a, b string) float64

Similarity calculates a normalized similarity score between two strings. Returns a value between 0.0 (completely different) and 1.0 (identical). The formula is: 1 - (levenshtein_distance / max(len(a), len(b)))

Types

type BC001 

type BC001 struct{}

BC001 detects when a new required variable is added

func (*BC001) DefaultSeverity 

func (r *BC001) DefaultSeverity() types.Severity

func (*BC001) Description 

func (r *BC001) Description() string

func (*BC001) Documentation 

func (r *BC001) Documentation() *RuleDoc

func (*BC001) Evaluate 

func (r *BC001) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC001) ID 

func (r *BC001) ID() string

func (*BC001) Name 

func (r *BC001) Name() string

type BC002 

type BC002 struct{}

BC002 detects when an existing variable is removed

func (*BC002) DefaultSeverity 

func (r *BC002) DefaultSeverity() types.Severity

func (*BC002) Description 

func (r *BC002) Description() string

func (*BC002) Documentation 

func (r *BC002) Documentation() *RuleDoc

func (*BC002) Evaluate 

func (r *BC002) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC002) ID 

func (r *BC002) ID() string

func (*BC002) Name 

func (r *BC002) Name() string

type BC003 

type BC003 struct{}

BC003 detects when a required variable is renamed (removed + similar required variable added)

func (*BC003) DefaultSeverity 

func (r *BC003) DefaultSeverity() types.Severity

func (*BC003) Description 

func (r *BC003) Description() string

func (*BC003) Documentation 

func (r *BC003) Documentation() *RuleDoc

func (*BC003) Evaluate 

func (r *BC003) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC003) ID 

func (r *BC003) ID() string

func (*BC003) Name 

func (r *BC003) Name() string

type BC004 

type BC004 struct{}

BC004 detects when a variable's type constraint changes

func (*BC004) DefaultSeverity 

func (r *BC004) DefaultSeverity() types.Severity

func (*BC004) Description 

func (r *BC004) Description() string

func (*BC004) Documentation 

func (r *BC004) Documentation() *RuleDoc

func (*BC004) Evaluate 

func (r *BC004) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC004) ID 

func (r *BC004) ID() string

func (*BC004) Name 

func (r *BC004) Name() string

type BC005 

type BC005 struct{}

BC005 detects when a variable's default value is removed

func (*BC005) DefaultSeverity 

func (r *BC005) DefaultSeverity() types.Severity

func (*BC005) Description 

func (r *BC005) Description() string

func (*BC005) Documentation 

func (r *BC005) Documentation() *RuleDoc

func (*BC005) Evaluate 

func (r *BC005) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC005) ID 

func (r *BC005) ID() string

func (*BC005) Name 

func (r *BC005) Name() string

type BC009 

type BC009 struct{}

BC009 detects when an output is removed

func (*BC009) DefaultSeverity 

func (r *BC009) DefaultSeverity() types.Severity

func (*BC009) Description 

func (r *BC009) Description() string

func (*BC009) Documentation 

func (r *BC009) Documentation() *RuleDoc

func (*BC009) Evaluate 

func (r *BC009) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC009) ID 

func (r *BC009) ID() string

func (*BC009) Name 

func (r *BC009) Name() string

type BC010 

type BC010 struct{}

BC010 detects when an output is renamed (removed + similar output added)

func (*BC010) DefaultSeverity 

func (r *BC010) DefaultSeverity() types.Severity

func (*BC010) Description 

func (r *BC010) Description() string

func (*BC010) Documentation 

func (r *BC010) Documentation() *RuleDoc

func (*BC010) Evaluate 

func (r *BC010) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC010) ID 

func (r *BC010) ID() string

func (*BC010) Name 

func (r *BC010) Name() string

type BC100 

type BC100 struct{}

BC100 detects when a resource is removed without a corresponding moved block

func (*BC100) DefaultSeverity 

func (r *BC100) DefaultSeverity() types.Severity

func (*BC100) Description 

func (r *BC100) Description() string

func (*BC100) Documentation 

func (r *BC100) Documentation() *RuleDoc

func (*BC100) Evaluate 

func (r *BC100) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC100) ID 

func (r *BC100) ID() string

func (*BC100) Name 

func (r *BC100) Name() string

type BC101 

type BC101 struct{}

BC101 detects when a module is removed without a corresponding moved block

func (*BC101) DefaultSeverity 

func (r *BC101) DefaultSeverity() types.Severity

func (*BC101) Description 

func (r *BC101) Description() string

func (*BC101) Documentation 

func (r *BC101) Documentation() *RuleDoc

func (*BC101) Evaluate 

func (r *BC101) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC101) ID 

func (r *BC101) ID() string

func (*BC101) Name 

func (r *BC101) Name() string

type BC102 

type BC102 struct{}

BC102 detects invalid moved blocks

func (*BC102) DefaultSeverity 

func (r *BC102) DefaultSeverity() types.Severity

func (*BC102) Description 

func (r *BC102) Description() string

func (*BC102) Documentation 

func (r *BC102) Documentation() *RuleDoc

func (*BC102) Evaluate 

func (r *BC102) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC102) ID 

func (r *BC102) ID() string

func (*BC102) Name 

func (r *BC102) Name() string

type BC103 

type BC103 struct{}

BC103 detects conflicting moved blocks

func (*BC103) DefaultSeverity 

func (r *BC103) DefaultSeverity() types.Severity

func (*BC103) Description 

func (r *BC103) Description() string

func (*BC103) Documentation 

func (r *BC103) Documentation() *RuleDoc

func (*BC103) Evaluate 

func (r *BC103) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC103) ID 

func (r *BC103) ID() string

func (*BC103) Name 

func (r *BC103) Name() string

type BC200 

type BC200 struct{}

BC200 detects when terraform required_version constraint is added or changed

func (*BC200) DefaultSeverity 

func (r *BC200) DefaultSeverity() types.Severity

func (*BC200) Description 

func (r *BC200) Description() string

func (*BC200) Documentation 

func (r *BC200) Documentation() *RuleDoc

func (*BC200) Evaluate 

func (r *BC200) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC200) ID 

func (r *BC200) ID() string

func (*BC200) Name 

func (r *BC200) Name() string

type BC201 

type BC201 struct{}

BC201 detects when provider requirements are removed or changed

func (*BC201) DefaultSeverity 

func (r *BC201) DefaultSeverity() types.Severity

func (*BC201) Description 

func (r *BC201) Description() string

func (*BC201) Documentation 

func (r *BC201) Documentation() *RuleDoc

func (*BC201) Evaluate 

func (r *BC201) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*BC201) ID 

func (r *BC201) ID() string

func (*BC201) Name 

func (r *BC201) Name() string

type CheckOptions 

type CheckOptions struct {
	// IncludeRemediation populates remediation text for each finding
	IncludeRemediation bool
}

CheckOptions configures the behavior of the Check method

type ContainsPattern 

type ContainsPattern struct {
	Values  []string // The literal string values in the list
	VarName string   // The variable name being checked
	RawExpr string   // The original expression
}

ContainsPattern represents a parsed contains([list], var.name) pattern

func ParseContainsPattern 

func ParseContainsPattern(condition string) *ContainsPattern

ParseContainsPattern attempts to parse a contains([list], var.name) pattern from a validation condition expression. Returns nil if the expression doesn't match the pattern or uses dynamic lists.

type Documentable 

type Documentable interface {
	Documentation() *RuleDoc
}

Documentable is implemented by rules that provide documentation

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

Engine evaluates rules against module snapshots

func NewDefaultEngine 

func NewDefaultEngine() *Engine

NewDefaultEngine creates an Engine with the default registry and default configs

func NewEngine 

func NewEngine(registry *Registry) *Engine

NewEngine creates a new Engine with the given registry

func (*Engine) Check 

func (e *Engine) Check(oldPath, newPath string, old, new *types.ModuleSnapshot, failOn types.Severity) *types.CheckResult

Check runs the engine and returns a complete CheckResult

func (*Engine) CheckWithOptions 

func (e *Engine) CheckWithOptions(oldPath, newPath string, old, new *types.ModuleSnapshot, failOn types.Severity, opts CheckOptions) *types.CheckResult

CheckWithOptions runs the engine with additional options

func (*Engine) DisableRule 

func (e *Engine) DisableRule(ruleID string)

DisableRule disables a rule

func (*Engine) EnableRule 

func (e *Engine) EnableRule(ruleID string)

EnableRule enables a rule

func (*Engine) Evaluate 

func (e *Engine) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

Evaluate runs all enabled rules against the old and new snapshots

func (*Engine) GetConfig 

func (e *Engine) GetConfig(ruleID string) *RuleConfig

GetConfig returns the configuration for a specific rule

func (*Engine) SetConfig 

func (e *Engine) SetConfig(ruleID string, config *RuleConfig)

SetConfig sets the configuration for a specific rule

type RC003 

type RC003 struct{}

RC003 detects when an optional variable is renamed (removed + similar optional variable added)

func (*RC003) DefaultSeverity 

func (r *RC003) DefaultSeverity() types.Severity

func (*RC003) Description 

func (r *RC003) Description() string

func (*RC003) Documentation 

func (r *RC003) Documentation() *RuleDoc

func (*RC003) Evaluate 

func (r *RC003) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*RC003) ID 

func (r *RC003) ID() string

func (*RC003) Name 

func (r *RC003) Name() string

type RC006 

type RC006 struct{}

RC006 detects when a variable's default value changes

func (*RC006) DefaultSeverity 

func (r *RC006) DefaultSeverity() types.Severity

func (*RC006) Description 

func (r *RC006) Description() string

func (*RC006) Documentation 

func (r *RC006) Documentation() *RuleDoc

func (*RC006) Evaluate 

func (r *RC006) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*RC006) ID 

func (r *RC006) ID() string

func (*RC006) Name 

func (r *RC006) Name() string

type RC007 

type RC007 struct{}

RC007 detects when a variable's nullable attribute changes

func (*RC007) DefaultSeverity 

func (r *RC007) DefaultSeverity() types.Severity

func (*RC007) Description 

func (r *RC007) Description() string

func (*RC007) Documentation 

func (r *RC007) Documentation() *RuleDoc

func (*RC007) Evaluate 

func (r *RC007) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*RC007) ID 

func (r *RC007) ID() string

func (*RC007) Name 

func (r *RC007) Name() string

type RC008 

type RC008 struct{}

RC008 detects when a variable's sensitive attribute changes

func (*RC008) DefaultSeverity 

func (r *RC008) DefaultSeverity() types.Severity

func (*RC008) Description 

func (r *RC008) Description() string

func (*RC008) Documentation 

func (r *RC008) Documentation() *RuleDoc

func (*RC008) Evaluate 

func (r *RC008) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*RC008) ID 

func (r *RC008) ID() string

func (*RC008) Name 

func (r *RC008) Name() string

type RC011 

type RC011 struct{}

RC011 detects when an output's sensitive attribute changes

func (*RC011) DefaultSeverity 

func (r *RC011) DefaultSeverity() types.Severity

func (*RC011) Description 

func (r *RC011) Description() string

func (*RC011) Documentation 

func (r *RC011) Documentation() *RuleDoc

func (*RC011) Evaluate 

func (r *RC011) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

func (*RC011) ID 

func (r *RC011) ID() string

func (*RC011) Name 

func (r *RC011) Name() string

type RC012 

type RC012 struct{}

RC012 detects when validation blocks are added to a variable

func (*RC012) DefaultSeverity 

func (r *RC012) DefaultSeverity() types.Severity

DefaultSeverity returns the default severity level for this rule.

func (*RC012) Description 

func (r *RC012) Description() string

Description returns a description of what this rule detects.

func (*RC012) Documentation 

func (r *RC012) Documentation() *RuleDoc

Documentation returns the documentation for this rule.

func (*RC012) Evaluate 

func (r *RC012) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

Evaluate checks for validation blocks being added to variables.

func (*RC012) ID 

func (r *RC012) ID() string

ID returns the unique identifier for this rule.

func (*RC012) Name 

func (r *RC012) Name() string

Name returns the human-readable name for this rule.

type RC013 

type RC013 struct{}

RC013 detects when allowed values are removed from a contains() validation pattern

func (*RC013) DefaultSeverity 

func (r *RC013) DefaultSeverity() types.Severity

DefaultSeverity returns the default severity level for this rule.

func (*RC013) Description 

func (r *RC013) Description() string

Description returns a description of what this rule detects.

func (*RC013) Documentation 

func (r *RC013) Documentation() *RuleDoc

Documentation returns the documentation for this rule.

func (*RC013) Evaluate 

func (r *RC013) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

Evaluate checks for removed values in contains() validation patterns.

func (*RC013) ID 

func (r *RC013) ID() string

ID returns the unique identifier for this rule.

func (*RC013) Name 

func (r *RC013) Name() string

Name returns the human-readable name for this rule.

type RC300 

type RC300 struct{}

RC300 detects when a module call's source URL changes

func (*RC300) DefaultSeverity 

func (r *RC300) DefaultSeverity() types.Severity

DefaultSeverity returns the default severity level for this rule.

func (*RC300) Description 

func (r *RC300) Description() string

Description returns a description of what this rule detects.

func (*RC300) Documentation 

func (r *RC300) Documentation() *RuleDoc

Documentation returns the documentation for this rule.

func (*RC300) Evaluate 

func (r *RC300) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

Evaluate checks for module source changes between old and new snapshots.

func (*RC300) ID 

func (r *RC300) ID() string

ID returns the unique identifier for this rule.

func (*RC300) Name 

func (r *RC300) Name() string

Name returns the human-readable name for this rule.

type RC301 

type RC301 struct{}

RC301 detects when a module call's version constraint changes

func (*RC301) DefaultSeverity 

func (r *RC301) DefaultSeverity() types.Severity

DefaultSeverity returns the default severity level for this rule.

func (*RC301) Description 

func (r *RC301) Description() string

Description returns a description of what this rule detects.

func (*RC301) Documentation 

func (r *RC301) Documentation() *RuleDoc

Documentation returns the documentation for this rule.

func (*RC301) Evaluate 

func (r *RC301) Evaluate(old, new *types.ModuleSnapshot) []*types.Finding

Evaluate checks for module version constraint changes between old and new snapshots.

func (*RC301) ID 

func (r *RC301) ID() string

ID returns the unique identifier for this rule.

func (*RC301) Name 

func (r *RC301) Name() string

Name returns the human-readable name for this rule.

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry holds all registered rules

func NewRegistry 

func NewRegistry() *Registry

NewRegistry creates a new empty Registry

func (*Registry) All 

func (r *Registry) All() []Rule

All returns all registered rules in registration order

func (*Registry) Get 

func (r *Registry) Get(id string) (Rule, bool)

Get returns a rule by ID

func (*Registry) GetByName 

func (r *Registry) GetByName(name string) (Rule, bool)

GetByName returns a rule by its human-readable name

func (*Registry) IDs 

func (r *Registry) IDs() []string

IDs returns all rule IDs in registration order

func (*Registry) NameToIDMap 

func (r *Registry) NameToIDMap() map[string]string

NameToIDMap returns a map from rule names to rule IDs

func (*Registry) Register 

func (r *Registry) Register(rule Rule)

Register adds a rule to the registry

type RenameDetectionSettings 

type RenameDetectionSettings struct {
	Enabled             bool
	SimilarityThreshold float64
}

RenameDetectionSettings holds the configuration for rename detection rules

func DefaultRenameDetectionSettings 

func DefaultRenameDetectionSettings() *RenameDetectionSettings

DefaultRenameDetectionSettings returns the default settings (disabled)

func GetRenameDetectionSettings 

func GetRenameDetectionSettings() *RenameDetectionSettings

GetRenameDetectionSettings returns the current rename detection configuration

type Rule 

type Rule interface {
	// ID returns the unique identifier for this rule (e.g., "BC001")
	ID() string

	// Name returns the human-readable name (e.g., "required-input-added")
	Name() string

	// Description returns a description of what this rule detects
	Description() string

	// DefaultSeverity returns the default severity level for this rule
	DefaultSeverity() types.Severity

	// Evaluate checks the old and new snapshots and returns any findings
	Evaluate(old, new *types.ModuleSnapshot) []*types.Finding
}

Rule defines the interface for a breaking change detection rule

type RuleConfig 

type RuleConfig struct {
	Enabled  bool
	Severity types.Severity
	Options  map[string]interface{}
}

RuleConfig holds configuration for a single rule

func DefaultRuleConfig 

func DefaultRuleConfig(r Rule) *RuleConfig

DefaultRuleConfig returns the default configuration for a rule

type RuleDoc 

type RuleDoc struct {
	ID              string
	Name            string
	DefaultSeverity types.Severity
	Description     string
	ExampleOld      string
	ExampleNew      string
	Remediation     string
}

RuleDoc contains documentation for a rule

func GetDocumentation 

func GetDocumentation(ruleID string) *RuleDoc

GetDocumentation returns the documentation for a rule if available

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.