Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enhancement: TFLint - fix deprecated argument in ".tflint.hcl" and other improvements #3688

Merged
merged 7 commits into from
Jun 24, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions .automation/test/terraform/bad/terraform_bad_1.tf
Original file line number Diff line number Diff line change
@@ -1,16 +1,28 @@
terraform {
required_version = ">= 1.2.5"
required_version = ">= 1.8.5"
required_providers {
aws = {
source = "hashicorp/aws"
version ">= 5.55.0" # https://registry.terraform.io/providers/hashicorp/aws/latest
}
}
}

provider "aws" {
region = "us-west-2"
}

resource "aws_instance" "bad" {
instance_type = "t2.small"
associate_public_ip_address = false
resource "aws_s3_bucket" "example" {
bucket = "my-tf-test-bucket-${random_id.bucket_suffix.hex}"
}

murf = "cupcake8"
resource "aws_s3_bucket_versioning" "example"
bucket = aws_s3_bucket.example.id
versioning_configuration {
status = "Enabled"

ebs_block_device {
encrypted = true
wesh = false
}
}

resource "bucket_suffix" {
byte_length = 4
}
33 changes: 24 additions & 9 deletions .automation/test/terraform/bad/terraform_bad_2.tf
Original file line number Diff line number Diff line change
@@ -1,18 +1,33 @@
terraform {
required_version = ">= 1.2.5"
required_version = ">= 1.8.5"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.109.0 # https://registry.terraform.io/providers/hashicorp/azurerm/latest "
}
}
}

resource "aws_instance" "bad" {
ami = "ami-0ff8a91507f77f867"
associate_public_ip_address = false
provider "azurerm" {
}

vpc_security_group_ids = ["sg-12345678901234567"]
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "East US"
}

murf = "cupcake"
resource "azurerm_storage_account" "example" {
name = "storageacc${random_id.suffix.hex}"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier_wrong = "Standard"
account_replication_type = "GRS"

ebs_block_device {
encrypted = true
wesh2 = false
tags = {
environment = "staging"
}
}

resource "random_id" "suffix" {
byte_length = 8
}
30 changes: 30 additions & 0 deletions .automation/test/terraform/bad/terraform_bad_3.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
terraform {
# required_version = ">= 1.8.5"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.34.0" # https://registry.terraform.io/providers/hashicorp/google/latest
}
}
}

provide "google" {
project = "my-project-id"
region = "us-central1"
}

resource "google_storage_bucket" "example" {
name = "my-bucket-${random_id.suffix}"
location = NotValid
force_destroy=true

uniform_bucket_level_access = Any

versioning {
enabled = true
}
}

resource "random_id suffix" {
byte_length = 4
}
29 changes: 20 additions & 9 deletions .automation/test/terraform/good/terraform_good_1.tf
Original file line number Diff line number Diff line change
@@ -1,17 +1,28 @@
terraform {
required_version = ">= 1.2.5"
required_version = ">= 1.8.5"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.55.0" # https://registry.terraform.io/providers/hashicorp/aws/latest
}
}
}

resource "aws_instance" "good" {
required_version = ">= 0.15.0"
ami = "ami-0ff8a91507f77f867"
instance_type = "t2.small"
associate_public_ip_address = false
provider "aws" {
region = "us-west-2"
}

vpc_security_group_ids = ["sg-12345678901234567"]
resource "aws_s3_bucket" "example" {
bucket = "my-tf-test-bucket-${random_id.bucket_suffix.hex}"
}

ebs_block_device {
encrypted = true
resource "aws_s3_bucket_versioning" "example" {
bucket = aws_s3_bucket.example.id
versioning_configuration {
status = "Enabled"
}
}

resource "random_id" "bucket_suffix" {
byte_length = 4
}
35 changes: 26 additions & 9 deletions .automation/test/terraform/good/terraform_good_2.tf
Original file line number Diff line number Diff line change
@@ -1,17 +1,34 @@
terraform {
required_version = ">= 1.2.5"
required_version = ">= 1.8.5"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.109.0" # https://registry.terraform.io/providers/hashicorp/azurerm/latest
}
}
}

resource "aws_instance" "good" {
required_version = ">= 0.15.0"
ami = "ami-0ff8a91507f77f867"
instance_type = "t2.small"
associate_public_ip_address = false
provider "azurerm" {
features {}
}

vpc_security_group_ids = ["sg-12345678901234567"]
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "East US"
}

ebs_block_device {
encrypted = true
resource "azurerm_storage_account" "example" {
name = "storageacc${random_id.suffix.hex}"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"

tags = {
environment = "staging"
}
}

resource "random_id" "suffix" {
byte_length = 8
}
30 changes: 30 additions & 0 deletions .automation/test/terraform/good/terraform_good_3.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
terraform {
required_version = ">= 1.8.5"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.34.0" # https://registry.terraform.io/providers/hashicorp/google/latest
}
}
}

provider "google" {
project = "my-project-id"
region = "us-central1"
}

resource "google_storage_bucket" "example" {
name = "my-bucket-${random_id.suffix.hex}"
location = "US"
force_destroy = true

uniform_bucket_level_access = true

versioning {
enabled = true
}
}

resource "random_id" "suffix" {
byte_length = 4
}
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
- [Powershell](https://github.com/PowerShell/PSScriptAnalyzer#readme) added missing schema property `POWERSHELL_POWERSHELL_FORMATTER_OUTPUT_ENCODING`
- [tflint](https://github.com/terraform-linters/tflint) added missing schema property `TERRAFORM_TFLINT_SECURED_ENV`
- [xmllint](https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home) added missing schema properties `XML_XMLLINT_AUTOFORMAT` and `XML_XMLLINT_INDENT`
- [tflint](https://github.com/terraform-linters/tflint) fixed deprecated argument and other improvements to default `.tflint.hcl` template

- Doc

Expand Down
31 changes: 20 additions & 11 deletions TEMPLATES/.tflint.hcl
Original file line number Diff line number Diff line change
@@ -1,24 +1,33 @@
// https://github.com/terraform-linters/tflint/blob/master/docs/guides/config.md
// https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md

config {
module = false
call_module_type = "local"
force = false
}

plugin "aws" {
plugin "terraform" {
enabled = true
version = "0.32.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
deep_check = false
preset = "recommended"
}

rule "aws_instance_invalid_type" {
enabled = false
plugin "azurerm" {
enabled = true
version = "0.26.0"
source = "github.com/terraform-linters/tflint-ruleset-azurerm"
}

rule "aws_instance_previous_type" {
enabled = false
plugin "aws" {
enabled = true
version = "0.32.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}

plugin "google" {
enabled = true
version = "0.29.0"
source = "github.com/terraform-linters/tflint-ruleset-google"
}

rule "terraform_required_providers" {
enabled = false
}
}
3 changes: 3 additions & 0 deletions docs/descriptors/terraform_tflint.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ description: How to use tflint (configure, ignore files, ignore errors, help & v

> If you are using the GitHub action please use the `TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES: GITHUB_TOKEN` to prevent plugin download issues

Note: It's recommended to create your own `.tflint.hcl` custom config file tailored to your project's specific needs.
The default configuration enables all supported languages and rules, which may not be optimal for every project.

## tflint documentation

- Version in MegaLinter: **0.51.1**
Expand Down
6 changes: 6 additions & 0 deletions megalinter/descriptors/terraform.megalinter-descriptor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ linters:
linter_rules_inline_disable_url: https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/annotations.md
linter_text: |
> If you are using the GitHub action please use the `TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES: GITHUB_TOKEN` to prevent plugin download issues

Note: It's recommended to create your own `.tflint.hcl` custom config file tailored to your project's specific needs.
The default configuration enables all supported languages and rules, which may not be optimal for every project.
linter_icon_png_url: https://raw.githubusercontent.com/oxsecurity/megalinter/main/docs/assets/icons/linters/tflint.png
cli_lint_mode: project
config_file_name: .tflint.hcl
Expand All @@ -45,6 +48,7 @@ linters:
ARG TFLINT_VERSION=0.51.1
- FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint
- COPY --link --from=tflint /usr/local/bin/tflint /usr/bin/

# TERRASCAN
- class: TerrascanLinter
linter_name: terrascan
Expand Down Expand Up @@ -85,6 +89,7 @@ linters:
dockerfile:
- FROM tenable/terrascan:1.18.11 as terrascan
- COPY --link --from=terrascan /go/bin/terrascan /usr/bin/

# TERRAGRUNT
- linter_name: terragrunt
name: TERRAFORM_TERRAGRUNT
Expand Down Expand Up @@ -119,6 +124,7 @@ linters:
dockerfile:
- FROM alpine/terragrunt:latest as terragrunt
- COPY --link --from=terragrunt /usr/local/bin/terragrunt /usr/bin/

# TERRAFORM_FMT
- linter_name: terraform-fmt
name: TERRAFORM_TERRAFORM_FMT
Expand Down