terraform-linters · github-actions · Nov 9, 2025
diff --git a/rules/magicmodules/api_definition.go b/rules/magicmodules/api_definition.go
@@ -126,6 +126,10 @@ var APIDefinition = map[string]string{
 	"google_certificate_manager_certificate_map_entry":                           "certificatemanager.googleapis.com",
 	"google_certificate_manager_dns_authorization":                               "certificatemanager.googleapis.com",
 	"google_certificate_manager_trust_config":                                    "certificatemanager.googleapis.com",
+	"google_ces_app":                                                             "ces.googleapis.com",
+	"google_ces_deployment":                                                      "ces.googleapis.com",
+	"google_ces_example":                                                         "ces.googleapis.com",
+	"google_ces_toolset":                                                         "ces.googleapis.com",
 	"google_cloud_asset_folder_feed":                                             "cloudasset.googleapis.com",
 	"google_cloud_asset_organization_feed":                                       "cloudasset.googleapis.com",
 	"google_cloud_asset_project_feed":                                            "cloudasset.googleapis.com",
@@ -137,8 +141,6 @@ var APIDefinition = map[string]string{
 	"google_cloud_run_v2_service":                                                "run.googleapis.com",
 	"google_cloud_run_v2_worker_pool":                                            "run.googleapis.com",
 	"google_cloud_scheduler_job":                                                 "cloudscheduler.googleapis.com",
-	"google_cloud_security_compliance_cloud_control":                             "cloudsecuritycompliance.googleapis.com",
-	"google_cloud_security_compliance_framework":                                 "cloudsecuritycompliance.googleapis.com",
 	"google_cloud_tasks_queue":                                                   "cloudtasks.googleapis.com",
 	"google_cloudbuild_bitbucket_server_config":                                  "cloudbuild.googleapis.com",
 	"google_cloudbuild_trigger":                                                  "cloudbuild.googleapis.com",
@@ -451,6 +453,7 @@ var APIDefinition = map[string]string{
 	"google_netapp_backup":                                                       "netapp.googleapis.com",
 	"google_netapp_backup_policy":                                                "netapp.googleapis.com",
 	"google_netapp_backup_vault":                                                 "netapp.googleapis.com",
+	"google_netapp_host_group":                                                   "netapp.googleapis.com",
 	"google_netapp_kmsconfig":                                                    "netapp.googleapis.com",
 	"google_netapp_storage_pool":                                                 "netapp.googleapis.com",
 	"google_netapp_volume":                                                       "netapp.googleapis.com",
@@ -465,6 +468,7 @@ var APIDefinition = map[string]string{
 	"google_network_connectivity_service_connection_policy":                      "networkconnectivity.googleapis.com",
 	"google_network_connectivity_spoke":                                          "networkconnectivity.googleapis.com",
 	"google_network_management_connectivity_test":                                "networkmanagement.googleapis.com",
+	"google_network_management_organization_vpc_flow_logs_config":                "networkmanagement.googleapis.com",
 	"google_network_management_vpc_flow_logs_config":                             "networkmanagement.googleapis.com",
 	"google_network_security_address_group":                                      "networksecurity.googleapis.com",
 	"google_network_security_authz_policy":                                       "networksecurity.googleapis.com",
@@ -498,6 +502,7 @@ var APIDefinition = map[string]string{
 	"google_network_services_lb_route_extension":                                 "networkservices.googleapis.com",
 	"google_network_services_lb_traffic_extension":                               "networkservices.googleapis.com",
 	"google_network_services_mesh":                                               "networkservices.googleapis.com",
+	"google_network_services_multicast_domain":                                   "networkservices.googleapis.com",
 	"google_network_services_service_binding":                                    "networkservices.googleapis.com",
 	"google_network_services_tcp_route":                                          "networkservices.googleapis.com",
 	"google_network_services_tls_route":                                          "networkservices.googleapis.com",

diff --git a/rules/magicmodules/google_compute_public_advertised_prefix_invalid_ipv6_access_type.go b/rules/magicmodules/google_compute_public_advertised_prefix_invalid_ipv6_access_type.go
@@ -0,0 +1,91 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package magicmodules
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule checks the pattern is valid
+type GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+}
+
+// NewGoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule returns new rule with default attributes
+func NewGoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule() *GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule {
+	return &GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule{
+		resourceType:  "google_compute_public_advertised_prefix",
+		attributeName: "ipv6_access_type",
+	}
+}
+
+// Name returns the rule name
+func (r *GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule) Name() string {
+	return "google_compute_public_advertised_prefix_invalid_ipv6_access_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *GoogleComputePublicAdvertisedPrefixInvalidIpv6AccessTypeRule) Check(runner tflint.Runner) error {
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{{Name: r.attributeName}},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func(val string) error {
+			validateFunc := validation.StringInSlice([]string{"EXTERNAL", "INTERNAL", ""}, false)
+
+			_, errors := validateFunc(val, r.attributeName)
+			for _, err := range errors {
+				if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil {
+					return err
+				}
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/rules/magicmodules/google_compute_public_delegated_prefix_invalid_mode.go b/rules/magicmodules/google_compute_public_delegated_prefix_invalid_mode.go
@@ -72,7 +72,7 @@ func (r *GoogleComputePublicDelegatedPrefixInvalidModeRule) Check(runner tflint.
 		}
 
 		err := runner.EvaluateExpr(attribute.Expr, func(val string) error {
-			validateFunc := validation.StringInSlice([]string{"DELEGATION", "EXTERNAL_IPV6_FORWARDING_RULE_CREATION", "EXTERNAL_IPV6_SUBNETWORK_CREATION", ""}, false)
+			validateFunc := validation.StringInSlice([]string{"DELEGATION", "EXTERNAL_IPV6_FORWARDING_RULE_CREATION", "EXTERNAL_IPV6_SUBNETWORK_CREATION", "INTERNAL_IPV6_SUBNETWORK_CREATION", ""}, false)
 
 			_, errors := validateFunc(val, r.attributeName)
 			for _, err := range errors {

diff --git a/rules/magicmodules/google_discovery_engine_control_invalid_solution_type.go b/rules/magicmodules/google_discovery_engine_control_invalid_solution_type.go
@@ -0,0 +1,91 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package magicmodules
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// GoogleDiscoveryEngineControlInvalidSolutionTypeRule checks the pattern is valid
+type GoogleDiscoveryEngineControlInvalidSolutionTypeRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+}
+
+// NewGoogleDiscoveryEngineControlInvalidSolutionTypeRule returns new rule with default attributes
+func NewGoogleDiscoveryEngineControlInvalidSolutionTypeRule() *GoogleDiscoveryEngineControlInvalidSolutionTypeRule {
+	return &GoogleDiscoveryEngineControlInvalidSolutionTypeRule{
+		resourceType:  "google_discovery_engine_control",
+		attributeName: "solution_type",
+	}
+}
+
+// Name returns the rule name
+func (r *GoogleDiscoveryEngineControlInvalidSolutionTypeRule) Name() string {
+	return "google_discovery_engine_control_invalid_solution_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *GoogleDiscoveryEngineControlInvalidSolutionTypeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *GoogleDiscoveryEngineControlInvalidSolutionTypeRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *GoogleDiscoveryEngineControlInvalidSolutionTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *GoogleDiscoveryEngineControlInvalidSolutionTypeRule) Check(runner tflint.Runner) error {
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{{Name: r.attributeName}},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func(val string) error {
+			validateFunc := validation.StringInSlice([]string{"SOLUTION_TYPE_RECOMMENDATION", "SOLUTION_TYPE_SEARCH", "SOLUTION_TYPE_CHAT", "SOLUTION_TYPE_GENERATIVE_CHAT"}, false)
+
+			_, errors := validateFunc(val, r.attributeName)
+			for _, err := range errors {
+				if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil {
+					return err
+				}
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/rules/magicmodules/google_netapp_host_group_invalid_os_type.go b/rules/magicmodules/google_netapp_host_group_invalid_os_type.go
@@ -0,0 +1,91 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package magicmodules
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// GoogleNetappHostGroupInvalidOsTypeRule checks the pattern is valid
+type GoogleNetappHostGroupInvalidOsTypeRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+}
+
+// NewGoogleNetappHostGroupInvalidOsTypeRule returns new rule with default attributes
+func NewGoogleNetappHostGroupInvalidOsTypeRule() *GoogleNetappHostGroupInvalidOsTypeRule {
+	return &GoogleNetappHostGroupInvalidOsTypeRule{
+		resourceType:  "google_netapp_host_group",
+		attributeName: "os_type",
+	}
+}
+
+// Name returns the rule name
+func (r *GoogleNetappHostGroupInvalidOsTypeRule) Name() string {
+	return "google_netapp_host_group_invalid_os_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *GoogleNetappHostGroupInvalidOsTypeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *GoogleNetappHostGroupInvalidOsTypeRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *GoogleNetappHostGroupInvalidOsTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *GoogleNetappHostGroupInvalidOsTypeRule) Check(runner tflint.Runner) error {
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{{Name: r.attributeName}},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func(val string) error {
+			validateFunc := validation.StringInSlice([]string{"LINUX", "WINDOWS", "ESXI"}, false)
+
+			_, errors := validateFunc(val, r.attributeName)
+			for _, err := range errors {
+				if err := runner.EmitIssue(r, err.Error(), attribute.Expr.Range()); err != nil {
+					return err
+				}
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}