Add module_verification_nonregistry_source rule

Author: ringanta

docs/rules/module_verification_local_source.md renamed to docs/rules/module_verification_nonregistry_source.md

@@ -1,6 +1,6 @@
-# module_verification_local_source
+# module_verification_nonregistry_source
 
-Explicitly allow locally sourced module.
+Explicitly allows non Terraform Registry modules.
 
 ## Configuration
 
@@ -9,7 +9,7 @@ Name | Description | Default | Type
 allowed_modules | List of allowed modules prefix | [] | List of string
 
 ```hcl
-rule "module_verification_local_source" {
+rule "module_verification_nonregistry_source" {
   enabled = true
   allowed_modules = [] # default
 }
@@ -19,14 +19,14 @@ rule "module_verification_local_source" {
 
 ```
 tflint
-1 issue(s) found:
+2 issue(s) found:
 
-Error: module "local_fail" should not use local source (module_verification_local_source)
+Error: module "local_fail" source is not on the allowed modules list (module_verification_nonregistry_source)
 
   on main.tf line 1:
    1: module "local_fail" {
 
-Reference: https://github.com/ringanta/tflint-ruleset-module-verification/blob/v0.1.0/docs/rules/module_verification_local_source.md
+Reference: https://github.com/ringanta/tflint-ruleset-module-verification/blob/v0.1.0/docs/rules/module_verification_nonregistry_source.md
 ```
 
 ## Why
@@ -37,7 +37,7 @@ Module is external code that needs to be vet before being used. Explicitly allow
 
 Use the following TFLint config to explicitly allow module from local source
 ```
-rule "module_signature_local_source" {
+rule "module_verification_nonregistry_source" {
 	enabled = true
 
     allowed_modules = [

examples/local-source/main.tf

@@ -6,11 +6,13 @@ plugin "module-verification" {
   enabled = true
 }
 
-rule "module_verification_local_source" {
+rule "module_verification_nonregistry_source" {
 	enabled = true
 
   // List of allowed module prefix
   allowed_modules = [
-    "../../terraform-modules"
+    "../../terraform-modules",
+    "github.com/example/",
+    "[email protected]:example/"
   ]
 }

examples/local-source/.tflint.hcl renamed to examples/nonregistry-source/.tflint.hcl

@@ -1,6 +1,6 @@
-# Local Source Example
+# Non Registry Source Example
 
-An example of verifying local module usage
+An example of verifying module usage that comes from outside Terraform Registry.
 
 ## Requirement
 

examples/local-source/README.md renamed to examples/nonregistry-source/README.md

@@ -0,0 +1,15 @@
+module "local_fail" {
+  source = "../.."
+}
+
+module "local_success" {
+  source = "../../terraform-modules"
+}
+
+module "github_fail" {
+  source = "[email protected]:untrusted/example-module"
+}
+
+module "github_success" {
+  source = "[email protected]:example/example-module"
+}

examples/nonregistry-source/main.tf

@@ -3,55 +3,34 @@ module github.com/ringanta/tflint-ruleset-module-verification
 go 1.19
 
 require (
-	github.com/hashicorp/go-getter v1.6.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/hcl/v2 v2.15.0
 	github.com/hashicorp/terraform-registry-address v0.1.0
 	github.com/terraform-linters/tflint-plugin-sdk v0.15.0
 )
 
 require (
-	cloud.google.com/go v0.105.0 // indirect
-	cloud.google.com/go/compute v1.14.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v0.8.0 // indirect
-	cloud.google.com/go/storage v1.28.1 // indirect
 	github.com/agext/levenshtein v1.2.1 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/aws/aws-sdk-go v1.15.78 // indirect
-	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.4.0 // indirect
 	github.com/hashicorp/go-plugin v1.4.8 // indirect
-	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
 	github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
-	github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8 // indirect
-	github.com/klauspost/compress v1.11.2 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/mitchellh/go-homedir v1.0.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
 	github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 // indirect
 	github.com/oklog/run v1.0.0 // indirect
-	github.com/ulikunitz/xz v0.5.8 // indirect
+	github.com/stretchr/testify v1.8.1 // indirect
 	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
 	github.com/vmihailenco/tagparser v0.1.1 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
-	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/net v0.4.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
 	golang.org/x/sys v0.3.0 // indirect
 	golang.org/x/text v0.5.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/api v0.103.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect
 	google.golang.org/grpc v1.51.0 // indirect