thazelart / terraform-validator Goto Github PK
View Code? Open in Web Editor NEWA norms and conventions validator for Terraform
License: Apache License 2.0
A norms and conventions validator for Terraform
License: Apache License 2.0
the idea is to add a new test: ensure_terraform_validate
If set to true, this will ensure that the terraform validate
command pass. This ensure that the terraform code is well written.
In order to run the good terraform version for everyone, terraform will be a dependency of terraform-validator if that option is set to true
This is not terraform0.12 compatible ... make it work ! ๐
Hi,
Using "validation" in a variable block generates an error :
Unexpected "validation" block; Blocks are not allowed here
variable "image_id" {
type = string
description = "The id of the machine image (AMI) to use for the server."
validation {
condition = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-"
error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"."
}
}
Even "validation" comes with terraform 0.13, terraform-validator should not raise an error because validation block is inside variable definition ?
Hi,
It seems terraform-validator is unable to check if a non *.tf file exists :
layers:
default:
files:
README.md:
mandatory: true
terraform-validator .
INFO: running on terraform/meta with default configuration
ERROR: missing mandatory file(s):
- README.md
ls -1 terraform/meta/README.md
terraform/meta/README.md
In this sample, it good be interesting to ensure that a README.md file exists
Terraform-validator should be able to ensure that outputs and/or variables blocks contains a description.
For this, we will needs to add two parameters (one to check the variables description, one for the outputs).
Create the check and include it in the fileCheck function.
Hi there,
Would it be possible to make terraform-validator "compatible" with 0.13 way of managing providers' version ? :
https://www.terraform.io/docs/configuration/provider-requirements.html
TY !
the idea is to add a new test: ensure_readme_updated
If set to true, this will ensure the terraform-docs command was run and so that the documentation seems updated.
In order to run the good terraform version for everyone, terraform-docs will be a dependency of terraform-validator if that option is set to true
. If not install, we might use the latest version (not yet fuly decided about that)
Main complexity is to high.
Extract the log code in a new internal/log
package
if len(blockNamesErrors) > 0 || len(blocksInFilesErrors) > 0 || len(providersVersionErrors) > 0 {
exitCode = 1
fmt.Printf("\nERROR: %s misformed:\n", file.Path)
if len(providersVersionErrors) > 0 {
fmt.Printf(" Unversioned provider(s):\n")
for _, err := range providersVersionErrors {
fmt.Printf(" - %s\n", err.Error())
}
}
if len(blockNamesErrors) > 0 {
fmt.Printf(" Unmatching \"%s\" pattern blockname(s):\n",
globalConfig.TerraformConfig.BlockPatternName)
for _, err := range blockNamesErrors {
fmt.Printf(" - %s\n", err.Error())
}
}
if len(blocksInFilesErrors) > 0 {
fmt.Println(" Unauthorized block(s):")
for _, err := range blocksInFilesErrors {
fmt.Printf(" - %s\n", err.Error())
}
}
}
the idea is to add a new test: ensure_terraform_fmt
If set to true, this will ensure that the terraform fmt
command pass. This ensure that the terraform code is well formatted.
In order to run the good terraform version for everyone, terraform will be a dependency of terraform-validator if that option is set to true
Terraform-validator current version cannot handle internal modules and layering.
This should be the next evolve !
Each sub directory inherit the .terrform-validator.yaml
configuration. If something is different, another .terrform-validator.yaml
can be added here to change the configuration of the directory and it's sub directories
It would be interesting to enforce that a file exist and then that a block is present inside.
e.g. :
Enforce presence of provider
block only providers.tf
file.
Configuration could be like this :
layers:
default:
files:
main.tf:
mandatory: true
authorized_blocks:
providers.tf:
mandatory: true
exclusive_blocks:
- provider
Firstly, this is a great tool. I use it constantly for a large number of Terraform modules I maintain. Thank you!
In my versions.tf
file, I have a block which looks like this:
# https://www.terraform.io/docs/configuration/terraform.html
terraform {
required_version = ">= 0.12"
required_providers {
aws = "~> 2.67"
newrelic = "~> 1.19"
}
}
A truncated version of my .terraform-validator.yaml
file looks like this:
layers:
default:
files:
versions.tf:
mandatory: true
authorized_blocks:
- required_providers # only added this after receiving the error message; it didn't help
- terraform
When I run the tool, I get this message:
$ terraform-validator .
2020/07/03 01:07:04 versions.tf:5,3-21: Unsupported block type; Blocks of type "required_providers" are not expected here.
The required_providers
sub-block of a terraform
block is documented here: https://www.terraform.io/docs/configuration/terraform.html#specifying-required-provider-versions
How do I get terraform-validator
to allow/enforce this block without throwing an error?
Hi!
I have an "assume_role" block in my provider.tf
provider "google" {
version = "foo"
assume_role {
role_arn = "role"
}
}
and I ran in this error:
2019/11/15 15:24:23 testdata/ok_default_config/providers.tf:5,3-14: Unexpected "assume_role" block; Blocks are not allowed here.
It seems that hcl2 libs are giving an error for a valid terraform format. Also the hcl2 repo is archived.
Are you aware of this issue?
An exemple with the GCP Provider :
About IAM management, 3 different types of resources can be used : google_project_iam_policy
, google_project_iam_binding
and google_project_iam_member
.
The GCP IAM API manage users roles as a users list per roles.
In terraform, google_project_iam_member
will append a new user in the list of the role, but google_project_iam_binding
will totally replace this list by the one in parameter.
So, it's not possible to declare two times the resource google_project_iam_binding
(or google_project_iam_binding
and google_project_iam_member
) to manage the same gcp role in the same Terraform stack.
Same case with the resources google_project_service
and google_project_services
It could be interesting to check this part with terraform-validator.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.