fix tflint-related issues

Azure · Jan 30, 2024 · 30e7545 · 30e7545
1 parent c75e7e5
commit 30e7545
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 22 deletions.
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -12,7 +12,7 @@ plugin "azurerm" {
 
 plugin "basic-ext" {
   enabled     = true
-  version     = "0.5.0"
+  version     = "0.6.0"
   source      = "github.com/Azure/tflint-ruleset-basic-ext"
   signing_key = <<-KEY
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -71,7 +71,7 @@ U6WDcghw5dibCpCUg5Eh0pbVe/Wdql3Y63Urk35fFAtGGpHozoVpoWFg6+n5HVlo
 
 plugin "azurerm-ext" {
   enabled     = true
-  version     = "0.5.0"
+  version     = "0.6.0"
   source      = "github.com/Azure/tflint-ruleset-azurerm-ext"
   signing_key = <<-KEY
 -----BEGIN PGP PUBLIC KEY BLOCK-----

diff --git a/.tflint_example.hcl b/.tflint_example.hcl
@@ -12,7 +12,7 @@ plugin "azurerm" {
 
 plugin "basic-ext" {
   enabled     = true
-  version     = "0.5.0"
+  version     = "0.6.0"
   source      = "github.com/Azure/tflint-ruleset-basic-ext"
   signing_key = <<-KEY
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -71,7 +71,7 @@ U6WDcghw5dibCpCUg5Eh0pbVe/Wdql3Y63Urk35fFAtGGpHozoVpoWFg6+n5HVlo
 
 plugin "azurerm-ext" {
   enabled     = true
-  version     = "0.5.0"
+  version     = "0.6.0"
   source      = "github.com/Azure/tflint-ruleset-azurerm-ext"
   signing_key = <<-KEY
 -----BEGIN PGP PUBLIC KEY BLOCK-----

diff --git a/Dockerfile b/Dockerfile
@@ -56,7 +56,8 @@ ARG CHECKOV_VERSION=2.1.282
 ARG TFLINT_AZURERM_VERSION=0.18.0
 ARG TFLINT_BASIC_EXT_VERSION=0.1.2
 ARG TFLINT_AZURERM_EXT_VERSION=0.1.1
-ARG TFLINT_AVM_VERSION=0.1.0
+ARG TFLINT_AVM_VERSION=0.2.0
+ARG TFLINT_TERRAFORM_VERSION=0.5.0
 ARG TARGETARCH
 ARG PACKER_VERSION=1.9.4
 ARG TFSEC_VERSION=v1.28.4
@@ -87,14 +88,17 @@ RUN pip3 install --upgrade setuptools && \
     curl '-#' -fL -o /tmp/tflint-ruleset-azurerm-ext.zip https://github.com/DrikoldLun/tflint-ruleset-azurerm-ext/releases/download/v${TFLINT_AZURERM_EXT_VERSION}/tflint-ruleset-azurerm-ext_linux_${TARGETARCH}.zip && \
     curl '-#' -fL -o /tmp/tflint-ruleset-basic-ext.zip https://github.com/DrikoldLun/tflint-ruleset-basic-ext/releases/download/v${TFLINT_BASIC_EXT_VERSION}/tflint-ruleset-basic-ext_linux_${TARGETARCH}.zip && \
     curl '-#' -fL -o /tmp/tflint-ruleset-avm.zip https://github.com/Azure/tflint-ruleset-avm/releases/download/v${TFLINT_AVM_VERSION}/tflint-ruleset-avm_linux_${TARGETARCH}.zip && \
+    curl '-#' -fL -o /tmp/tflint-ruleset-terraform.zip https://github.com/terraform-linters/tflint-ruleset-terraform/releases/download/v${TFLINT_TERRAFORM_VERSION}/tflint-ruleset-terraform_linux_${TARGETARCH}.zip && \
 	mkdir -p ${TFLINT_PLUGIN_DIR}/github.com/terraform-linters/tflint-ruleset-azurerm/${TFLINT_AZURERM_VERSION} && \
     mkdir -p ${TFLINT_PLUGIN_DIR}/github.com/Azure/tflint-ruleset-azurerm-ext/${TFLINT_AZURERM_EXT_VERSION} && \
     mkdir -p ${TFLINT_PLUGIN_DIR}/github.com/Azure/tflint-ruleset-basic-ext/${TFLINT_BASIC_EXT_VERSION} && \
     mkdir -p ${TFLINT_PLUGIN_DIR}/github.com/Azure/tflint-ruleset-avm/${TFLINT_AVM_VERSION} && \
+    mkdir -p ${TFLINT_PLUGIN_DIR}/github.com/terraform-linters/tflint-ruleset-terraform/${TFLINT_TERRAFORM_VERSION} && \
     unzip -q -d ${TFLINT_PLUGIN_DIR}/github.com/terraform-linters/tflint-ruleset-azurerm/${TFLINT_AZURERM_VERSION} /tmp/tflint-ruleset-azurerm.zip && \
     unzip -q -d ${TFLINT_PLUGIN_DIR}/github.com/Azure/tflint-ruleset-azurerm-ext/${TFLINT_AZURERM_EXT_VERSION} /tmp/tflint-ruleset-azurerm-ext.zip && \
     unzip -q -d ${TFLINT_PLUGIN_DIR}/github.com/Azure/tflint-ruleset-basic-ext/${TFLINT_BASIC_EXT_VERSION} /tmp/tflint-ruleset-basic-ext.zip && \
     unzip -q -d ${TFLINT_PLUGIN_DIR}/github.com/Azure/tflint-ruleset-avm/${TFLINT_AVM_VERSION} /tmp/tflint-ruleset-avm.zip && \
+    unzip -q -d ${TFLINT_PLUGIN_DIR}/github.com/terraform-linters/tflint-ruleset-terraform/${TFLINT_TERRAFORM_VERSION} /tmp/tflint-ruleset-terraform.zip && \
     curl '-#' -fL -o /bin/tfsec https://github.com/aquasecurity/tfsec/releases/download/${TFSEC_VERSION}/tfsec-linux-${TARGETARCH} && \
     chmod +x /bin/tfsec && \
 	rm -f /tmp/packer.zip && \

diff --git a/avm.tflint.hcl b/avm.tflint.hcl
@@ -6,7 +6,7 @@ plugin "terraform" {
 
 plugin "avm" {
   enabled     = true
-  version     = "0.1.0"
+  version     = "0.2.0"
   source      = "github.com/Azure/tflint-ruleset-avm"
   signing_key = <<-KEY
 -----BEGIN PGP PUBLIC KEY BLOCK-----

diff --git a/avm.tflint_example.hcl b/avm.tflint_example.hcl
@@ -6,7 +6,7 @@ plugin "terraform" {
 
 plugin "avm" {
   enabled     = true
-  version     = "0.1.0"
+  version     = "0.2.0"
   source      = "github.com/Azure/tflint-ruleset-avm"
   signing_key = <<-KEY
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -104,7 +104,7 @@ rule "terraform_heredoc_usage" {
 }
 
 rule "terraform_module_provider_declaration" {
-  enabled = true
+  enabled = false
 }
 
 rule "terraform_output_separate" {

diff --git a/avm_scripts/run-tflint.sh b/avm_scripts/run-tflint.sh
@@ -2,23 +2,28 @@
 
 set_tflint_config() {
   local env_var=$1
-  local alt_file=$2
+  local override_file=$2
   local default_url=$3
   local download_file=$4
+  local merged_file=$5
 
-  if [ -z "${!env_var}" ]; then
-    if [ -f "$alt_file" ]; then
-      export $env_var="$alt_file"
-    else
-      curl -H 'Cache-Control: no-cache, no-store' -sSL "$default_url" -o "$download_file"
-      export $env_var="$download_file"
-    fi
+  # Always download the file from GitHub
+  curl -H 'Cache-Control: no-cache, no-store' -sSL "$default_url" -o "$download_file"
+
+  # Check if the override file exists
+  if [ -f "$override_file" ]; then
+    # If it does, merge the override file and the downloaded file
+    hclmerge -1 "$override_file" -2 "$download_file" -d "$merged_file"
+    # Set the environment variable to the path of the merged file
+    export $env_var="$merged_file"
+  else
+    # If it doesn't, set the environment variable to the path of the downloaded file
+    export $env_var="$download_file"
   fi
 }
 
-set_tflint_config "TFLINT_CONFIG" ".tflint_alt.hcl" "https://raw.githubusercontent.com/Azure/tfmod-scaffold/main/avm.tflint.hcl" "avm.tflint.hcl"
-set_tflint_config "TFLINT_EXAMPLE_CONFIG" ".tflint_example_alt.hcl" "https://raw.githubusercontent.com/Azure/tfmod-scaffold/main/avm.tflint_example.hcl" "avm.tflint_example.hcl"
-
+set_tflint_config "TFLINT_CONFIG" "avm.tflint.override.hcl" "https://raw.githubusercontent.com/Azure/tfmod-scaffold/main/avm.tflint.hcl" "avm.tflint.hcl" "avm.tflint.merged.hcl"
+set_tflint_config "TFLINT_EXAMPLE_CONFIG" "avm.tflint_example.override.hcl" "https://raw.githubusercontent.com/Azure/tfmod-scaffold/main/avm.tflint_example.hcl" "avm.tflint_example.hcl" "avm.tflint_example.merged.hcl"
 
 echo "==> Checking that code complies with tflint requirements..."
 tflint --init --config=$TFLINT_CONFIG

diff --git a/version.env b/version.env
@@ -8,9 +8,10 @@ HCLEDIT_VERSION=v0.2.7
 TERRAFORM_VERSION=1.6.5
 CHECKOV_VERSION=2.2.155
 TFLINT_AZURERM_VERSION=0.23.0
-TFLINT_BASIC_EXT_VERSION=0.5.0
-TFLINT_AZURERM_EXT_VERSION=0.5.0
-TFLINT_AVM_VERSION=0.1.0
+TFLINT_BASIC_EXT_VERSION=0.6.0
+TFLINT_AZURERM_EXT_VERSION=0.6.0
+TFLINT_AVM_VERSION=0.2.0
+TFLINT_TERRAFORM_VERSION=0.5.0
 GOSEC_VERSION=v2.16.0
 YOR_VERSION=0.1.171
 YORBOX_VERSION=0547db23f1d3a3057b98639e6181b48c7095d98c