Restore aws_dms_s3_endpoint validation rules with enum transforms

Fixes #989

The `aws_dms_s3_endpoint` mapping was accidentally removed during the
Smithy migration in #901. This restores the mapping and adds support
for transforming enum values to match Terraform provider expectations.

## Changes

### Mapping restoration
- Add `aws_dms_s3_endpoint` mapping to `dms.hcl`
- Generate validation rules for 8 attributes (compression_type,
  encryption_mode, data_format, encoding_type, parquet_version,
  date_partition_sequence, date_partition_delimiter, canned_acl_for_objects)

### Transform system
- Implement HCL function-based transform system in generator
- Use `uppercase()` and `replace()` functions directly in mapping expressions
- Leverage HCL's `EvalContext` with custom list-transform wrappers

### Enum value corrections
- `compression_type`: Smithy "none"/"gzip" → Terraform "NONE"/"GZIP"
- `encryption_mode`: Smithy "sse-kms"/"sse-s3" → Terraform "SSE_KMS"/"SSE_S3"
- Other enums similarly transformed to uppercase

This approach keeps transform logic declarative in the mapping files
rather than hardcoded in the generator, making it maintainable and
extensible for future cases where Smithy and Terraform enum formats differ.

Author: bendrucker

docs/rules/README.md

@@ -517,6 +517,14 @@ These rules enforce best practices and naming conventions:
 |aws_dms_endpoint_invalid_endpoint_type|✔|
 |aws_dms_endpoint_invalid_ssl_mode|✔|
 |aws_dms_replication_task_invalid_migration_type|✔|
+|aws_dms_s3_endpoint_invalid_canned_acl_for_objects|✔|
+|aws_dms_s3_endpoint_invalid_compression_type|✔|
+|aws_dms_s3_endpoint_invalid_data_format|✔|
+|aws_dms_s3_endpoint_invalid_date_partition_delimiter|✔|
+|aws_dms_s3_endpoint_invalid_date_partition_sequence|✔|
+|aws_dms_s3_endpoint_invalid_encoding_type|✔|
+|aws_dms_s3_endpoint_invalid_encryption_mode|✔|
+|aws_dms_s3_endpoint_invalid_parquet_version|✔|
 |aws_docdb_global_cluster_invalid_global_cluster_identifier|✔|
 |aws_dx_bgp_peer_invalid_address_family|✔|
 |aws_dx_hosted_private_virtual_interface_invalid_address_family|✔|

rules/models/aws_dms_s3_endpoint_invalid_canned_acl_for_objects.go

@@ -0,0 +1,101 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/logger"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsDmsS3EndpointInvalidCannedACLForObjectsRule checks the pattern is valid
+type AwsDmsS3EndpointInvalidCannedACLForObjectsRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsDmsS3EndpointInvalidCannedACLForObjectsRule returns new rule with default attributes
+func NewAwsDmsS3EndpointInvalidCannedACLForObjectsRule() *AwsDmsS3EndpointInvalidCannedACLForObjectsRule {
+	return &AwsDmsS3EndpointInvalidCannedACLForObjectsRule{
+		resourceType:  "aws_dms_s3_endpoint",
+		attributeName: "canned_acl_for_objects",
+		enum: []string{
+			"AUTHENTICATED-READ",
+			"AWS-EXEC-READ",
+			"BUCKET-OWNER-FULL-CONTROL",
+			"BUCKET-OWNER-READ",
+			"NONE",
+			"PRIVATE",
+			"PUBLIC-READ",
+			"PUBLIC-READ-WRITE",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsDmsS3EndpointInvalidCannedACLForObjectsRule) Name() string {
+	return "aws_dms_s3_endpoint_invalid_canned_acl_for_objects"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsDmsS3EndpointInvalidCannedACLForObjectsRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsDmsS3EndpointInvalidCannedACLForObjectsRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsDmsS3EndpointInvalidCannedACLForObjectsRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsDmsS3EndpointInvalidCannedACLForObjectsRule) Check(runner tflint.Runner) error {
+	logger.Trace("Check `%s` rule", r.Name())
+
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{
+			{Name: r.attributeName},
+		},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func (val string) error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as canned_acl_for_objects`, truncateLongMessage(val)),
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

rules/models/aws_dms_s3_endpoint_invalid_compression_type.go

@@ -0,0 +1,95 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/logger"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsDmsS3EndpointInvalidCompressionTypeRule checks the pattern is valid
+type AwsDmsS3EndpointInvalidCompressionTypeRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsDmsS3EndpointInvalidCompressionTypeRule returns new rule with default attributes
+func NewAwsDmsS3EndpointInvalidCompressionTypeRule() *AwsDmsS3EndpointInvalidCompressionTypeRule {
+	return &AwsDmsS3EndpointInvalidCompressionTypeRule{
+		resourceType:  "aws_dms_s3_endpoint",
+		attributeName: "compression_type",
+		enum: []string{
+			"GZIP",
+			"NONE",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsDmsS3EndpointInvalidCompressionTypeRule) Name() string {
+	return "aws_dms_s3_endpoint_invalid_compression_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsDmsS3EndpointInvalidCompressionTypeRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsDmsS3EndpointInvalidCompressionTypeRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsDmsS3EndpointInvalidCompressionTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsDmsS3EndpointInvalidCompressionTypeRule) Check(runner tflint.Runner) error {
+	logger.Trace("Check `%s` rule", r.Name())
+
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{
+			{Name: r.attributeName},
+		},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func (val string) error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as compression_type`, truncateLongMessage(val)),
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

rules/models/aws_dms_s3_endpoint_invalid_data_format.go

@@ -0,0 +1,95 @@
+// This file generated by `generator/`. DO NOT EDIT
+
+package models
+
+import (
+	"fmt"
+
+	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/logger"
+	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
+)
+
+// AwsDmsS3EndpointInvalidDataFormatRule checks the pattern is valid
+type AwsDmsS3EndpointInvalidDataFormatRule struct {
+	tflint.DefaultRule
+
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsDmsS3EndpointInvalidDataFormatRule returns new rule with default attributes
+func NewAwsDmsS3EndpointInvalidDataFormatRule() *AwsDmsS3EndpointInvalidDataFormatRule {
+	return &AwsDmsS3EndpointInvalidDataFormatRule{
+		resourceType:  "aws_dms_s3_endpoint",
+		attributeName: "data_format",
+		enum: []string{
+			"csv",
+			"parquet",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsDmsS3EndpointInvalidDataFormatRule) Name() string {
+	return "aws_dms_s3_endpoint_invalid_data_format"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsDmsS3EndpointInvalidDataFormatRule) Enabled() bool {
+	return true
+}
+
+// Severity returns the rule severity
+func (r *AwsDmsS3EndpointInvalidDataFormatRule) Severity() tflint.Severity {
+	return tflint.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsDmsS3EndpointInvalidDataFormatRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsDmsS3EndpointInvalidDataFormatRule) Check(runner tflint.Runner) error {
+	logger.Trace("Check `%s` rule", r.Name())
+
+	resources, err := runner.GetResourceContent(r.resourceType, &hclext.BodySchema{
+		Attributes: []hclext.AttributeSchema{
+			{Name: r.attributeName},
+		},
+	}, nil)
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resources.Blocks {
+		attribute, exists := resource.Body.Attributes[r.attributeName]
+		if !exists {
+			continue
+		}
+
+		err := runner.EvaluateExpr(attribute.Expr, func (val string) error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					fmt.Sprintf(`"%s" is an invalid value as data_format`, truncateLongMessage(val)),
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		}, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}