Add missing output and additional TFLint rules (#18)

* Add additional TFLint rules

Signed-off-by: Roman Schwarz <[email protected]>

* Add missing variable an output descriptions

Signed-off-by: Roman Schwarz <[email protected]>

* Access attributes on specific instance

Signed-off-by: Roman Schwarz <[email protected]>

* Fix `image` output

Signed-off-by: Roman Schwarz <[email protected]>

* Add dedicated TFLint config file for test modules

Signed-off-by: Roman Schwarz <[email protected]>

---------

Signed-off-by: Roman Schwarz <[email protected]>

.pre-commit-config.yaml

@@ -23,7 +23,7 @@ repos:
     hooks:
       - id: terraform_fmt
       - id: terraform_tflint
-        exclude: ^examples/
+        exclude: ^(examples|tests)/
         args:
           - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
           - --hook-config=--delegate-chdir
@@ -34,6 +34,15 @@ repos:
         args:
           - --args=--config=__GIT_WORKING_DIR__/.tflint.examples.hcl
           - --hook-config=--delegate-chdir
+
+      - id: terraform_tflint
+        alias: terraform_tflint_tests
+        name: Terraform validate tests with tflint
+        files: ^tests/
+        args:
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.tests.hcl
+          - --hook-config=--delegate-chdir
+
       - id: terraform_trivy
         exclude: ^(examples|tests)/
         args:

.tflint.examples.hcl

@@ -2,20 +2,46 @@ tflint {
   required_version = "~> 0.50"
 }
 
+plugin "terraform" {
+  enabled = true
+
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+  version = "0.9.1"
+
+  preset = "all"
+}
+
 plugin "azurerm" {
   enabled = true
-  version = "0.27.0"
+
   source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
+  version = "0.27.0"
 }
 
-rule "terraform_required_version" {
+rule "terraform_documented_variables" {
   enabled = false
 }
 
-rule "terraform_required_providers" {
+rule "terraform_documented_outputs" {
   enabled = false
 }
 
 rule "terraform_module_version" {
   enabled = false
 }
+
+rule "terraform_required_providers" {
+  enabled = false
+}
+
+rule "terraform_required_version" {
+  enabled = false
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = false
+}
+
+rule "terraform_unused_required_providers" {
+  enabled = false
+}

.tflint.hcl

@@ -2,6 +2,15 @@ tflint {
   required_version = "~> 0.50"
 }
 
+plugin "terraform" {
+  enabled = true
+
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+  version = "0.9.1"
+
+  preset = "all"
+}
+
 plugin "azurerm" {
   enabled = true
   version = "0.27.0"

.tflint.tests.hcl

@@ -0,0 +1,27 @@
+tflint {
+  required_version = "~> 0.50"
+}
+
+plugin "terraform" {
+  enabled = true
+
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+  version = "0.9.1"
+
+  preset = "all"
+}
+
+plugin "azurerm" {
+  enabled = true
+
+  source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
+  version = "0.27.0"
+}
+
+rule "terraform_unused_required_providers" {
+  enabled = false
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = false
+}

README.md

@@ -691,7 +691,7 @@ Default: `null`
 
 ### <a name="input_store_secret_in_key_vault"></a> [store\_secret\_in\_key\_vault](#input\_store\_secret\_in\_key\_vault)
 
-Description: n/a
+Description: If set to `true`, the secrets generated by this module will be stored in the Key Vault specified by `key_vault_id`.
 
 Type: `bool`
 
@@ -793,15 +793,50 @@ Description: The ID of the virtual machine.
 
 ### <a name="output_image"></a> [image](#output\_image)
 
-Description: n/a
+Description: The virtual machine operating system image to use.
+
+Attributes:
+
+Attribute | Description
+-- | --
+ `architecture` | The image architecture.
+ `offer` | The image offer.
+ `operating_system` | The image operating system.
+ `publisher` | The image publisher.
+ `sku` | The image Stock Keeping Unit (SKU).
+ `urn` | The full image URN.
+ `urnAlias` | The image alias URN.
+ || **NOTE**: Only [Azure Image Quick start templates](#azure-image-quick-start-templates) have an alias URN
+ `version` | The image version.
 
 ### <a name="output_key_vault_secret_id"></a> [key\_vault\_secret\_id](#output\_key\_vault\_secret\_id)
 
-Description: n/a
+Description: Key Vault Secret IDs for generated secrets.
+
+Attributes:
+
+Attribute | Description
+-- | --
+`admin_password` | The Key Vault secret ID for the password generated when variable `admin_password` is unset, and variable `authentication_type` is set to `Password`.
+`admin_ssh_private_key` | The Key Vault secret ID for the SSH private key generated when variable `admin_ssh_public_key` is unset, and variable `authentication_type` is set to `SSH`.
 
 ### <a name="output_network_interface"></a> [network\_interface](#output\_network\_interface)
 
-Description: n/a
+Description: The network interface create by this module, if `create_network_interface` ist set.
+
+Attributes:
+
+Attribute | Description
+-- | --
+`applied_dns_servers` | If the Virtual Machine using this Network Interface is part of an Availability Set, then this list will have the union of all DNS servers from all Network Interfaces that are part of the Availability Set.
+`id` | The ID of the Network Interface.
+`internal_domain_name_suffix` | The DNS name can be constructed by concatenating the VM name with this value.
+`mac_address` | The Media Access Control (MAC) Address of the Network Interface.
+`name` | The name of the Network Interface.
+`private_ip_address` | The first private IP address of the network interface.
+|| **NOTE**: If `private_ip_address` is unset Azure will allocate an IP Address on Network Interface creation.
+`private_ip_addresses` | The private IP addresses of the network interface.
+|| **NOTE**: If `private_ip_address` is unset Azure will allocate an IP Address on Network Interface creation.
 
 ### <a name="output_private_ip_address"></a> [private\_ip\_address](#output\_private\_ip\_address)
 
@@ -813,7 +848,12 @@ Description: A list of all private IP addresses assigned to this virtual machine
 
 ### <a name="output_public_ip"></a> [public\_ip](#output\_public\_ip)
 
-Description: n/a
+Description: The public IP created by this module, if `create_public_ip_address` is set.
+
+Attribute | Description
+-- | --
+`id` | The ID of the Public IP.
+`ip_address` | The IP address value that was allocated.
 
 ### <a name="output_public_ip_address"></a> [public\_ip\_address](#output\_public\_ip\_address)
 

outputs.tf

@@ -46,14 +46,64 @@ output "id" {
 }
 
 output "image" {
+  description = <<-EOT
+    The virtual machine operating system image to use.
+
+    Attributes:
+
+    Attribute | Description
+    -- | --
+     `architecture` | The image architecture.
+     `offer` | The image offer.
+     `operating_system` | The image operating system.
+     `publisher` | The image publisher.
+     `sku` | The image Stock Keeping Unit (SKU).
+     `urn` | The full image URN.
+     `urnAlias` | The image alias URN.
+     || **NOTE**: Only [Azure Image Quick start templates](#azure-image-quick-start-templates) have an alias URN
+     `version` | The image version.
+  EOT
+
   value = local.image
 }
 
 output "key_vault_secret_id" {
-  value = try(azurerm_key_vault_secret.this[0].id, null)
+  description = <<-EOT
+    Key Vault Secret IDs for generated secrets.
+
+    Attributes:
+
+    Attribute | Description
+    -- | --
+    `admin_password` | The Key Vault secret ID for the password generated when variable `admin_password` is unset, and variable `authentication_type` is set to `Password`.
+    `admin_ssh_private_key` | The Key Vault secret ID for the SSH private key generated when variable `admin_ssh_public_key` is unset, and variable `authentication_type` is set to `SSH`.
+  EOT
+
+  value = try({
+    admin_password        = try(azurerm_key_vault_secret.this["Password"], null)
+    admin_ssh_private_key = try(azurerm_key_vault_secret.this["SSH"], null)
+  }, null)
 }
 
 output "network_interface" {
+  description = <<-EOT
+    The network interface create by this module, if `create_network_interface` ist set.
+
+    Attributes:
+
+    Attribute | Description
+    -- | --
+    `applied_dns_servers` | If the Virtual Machine using this Network Interface is part of an Availability Set, then this list will have the union of all DNS servers from all Network Interfaces that are part of the Availability Set.
+    `id` | The ID of the Network Interface.
+    `internal_domain_name_suffix` | The DNS name can be constructed by concatenating the VM name with this value.
+    `mac_address` | The Media Access Control (MAC) Address of the Network Interface.
+    `name` | The name of the Network Interface.
+    `private_ip_address` | The first private IP address of the network interface.
+    || **NOTE**: If `private_ip_address` is unset Azure will allocate an IP Address on Network Interface creation.
+    `private_ip_addresses` | The private IP addresses of the network interface.
+    || **NOTE**: If `private_ip_address` is unset Azure will allocate an IP Address on Network Interface creation.
+  EOT
+
   value = one([for resource in azurerm_network_interface.this : {
     applied_dns_servers         = resource.applied_dns_servers
     id                          = resource.id
@@ -76,10 +126,18 @@ output "private_ip_addresses" {
 }
 
 output "public_ip" {
+  description = <<-EOT
+    The public IP created by this module, if `create_public_ip_address` is set.
+
+    Attribute | Description
+    -- | --
+    `id` | The ID of the Public IP.
+    `ip_address` | The IP address value that was allocated.
+  EOT
+
   value = one([for resource in azurerm_public_ip.this : {
     id         = resource.id
     ip_address = resource.ip_address
-    fqdn       = resource.fqdn
   }])
 }
 

tests/local/input_image.tftest.hcl

@@ -73,12 +73,12 @@ run "should_image_result_in_expected_output" {
     condition = output.image == tomap({
       architecture     = "x64"
       offer            = "WindowsServer"
+      operating_system = "Windows"
       publisher        = "MicrosoftWindowsServer"
       sku              = "2022-datacenter-g2"
       urn              = "MicrosoftWindowsServer:WindowsServer:2022-datacenter-g2:latest"
       urnAlias         = "Win2022Datacenter"
       version          = "latest"
-      operating_system = "Windows"
     })
     error_message = "Output image not equal to expected value"
   }

variables.tf

@@ -554,8 +554,9 @@ variable "source_image_id" {
 }
 
 variable "store_secret_in_key_vault" {
-  type    = bool
-  default = true
+  description = "If set to `true`, the secrets generated by this module will be stored in the Key Vault specified by `key_vault_id`."
+  type        = bool
+  default     = true
 }
 
 variable "subnet_id" {