tflint hook: unable to disable aws rules

[mikelax]

Overview

As a user, I want to disable certain "aws" rules when using the terraform_tflint hook. Currently I receive an error when I specify an arg using the disable-rule=aws_db_instance_default_parameter_group value.

pre-commit-terraform Broken Example

This file returns an error when run

repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
  rev: v1.45.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
  hooks:
    - id: terraform_tflint
      args:
        - '--args=--disable-rule=aws_db_instance_default_parameter_group'

 ✘ michael@Michaels-MBP-2 ±  pre-commit run -a
Terraform validate with tflint...........................................Failed
- hook id: terraform_tflint
- exit code: 2

2021-02-12T12:01:12.748-0500 [WARN]  plugin: error closing client during Kill: err="unexpected EOF"
2021-02-12T12:01:12.748-0500 [WARN]  plugin: plugin failed to exit gracefully
2021-02-12T12:01:04.034-0500 [WARN]  plugin: error closing client during Kill: err="unexpected EOF"
2021-02-12T12:01:04.034-0500 [WARN]  plugin: plugin failed to exit gracefully
Failed to check rule config. An error occurred:

Error: Rule not found: aws_db_instance_default_parameter_group

This file runs and reports the lint error

repos:
- repo: git://github.com/antonbabenko/pre-commit-terraform
  rev: v1.45.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
  hooks:
    - id: terraform_tflint

 ✘ michael@Michaels-MBP-2 ±  pre-commit run -a
Terraform validate with tflint...........................................Failed
- hook id: terraform_tflint
- exit code: 3

1 issue(s) found:

Notice: "default.sqlserver-web-14.0" is default parameter group. You cannot edit it. (aws_db_instance_default_parameter_group)

  on factoryRDS.tf line 18:
  18:   parameter_group_name      = "default.sqlserver-web-14.0"

Reference: https://github.com/terraform-linters/tflint-ruleset-aws/blob/v0.2.1/docs/rules/aws_db_instance_default_parameter_group.md

tflint Working Example

When I run tflint manually and specify an aws rule using the --disable-rule attribute things work correctly.

Runs and reports no errors tflint --disable-rule=aws_db_instance_default_parameter_group example/project/folder

Runs and reports lint error tflint example/project/folder

[mikelax]

As a follow up, I was able to get this working. I think the root cause was a recent change in tflint. Look at the changelog for version 0.23.0, you can see there was a change to the aws ruleset.

I added the plugin attribute to my .tflint.hcl config as below and now things are working.

config {

}

plugin "aws" {
  enabled = true
}

rule "aws_db_instance_default_parameter_group" {
  enabled = false
}

[antonbabenko]

Good that you found the solution. In modules we are using --only directives, for eg:

      - id: terraform_tflint
        args:
          - '--args=--only=terraform_deprecated_interpolation'
          - '--args=--only=terraform_deprecated_index'
          - '--args=--only=terraform_unused_declarations'
          - '--args=--only=terraform_comment_syntax'
          - '--args=--only=terraform_documented_outputs'
          - '--args=--only=terraform_documented_variables'
          - '--args=--only=terraform_typed_variables'
          - '--args=--only=terraform_module_pinned_source'
          - '--args=--only=terraform_naming_convention'
          - '--args=--only=terraform_required_version'
          - '--args=--only=terraform_required_providers'
          - '--args=--only=terraform_standard_module_structure'
          - '--args=--only=terraform_workspace_remote'

https://github.com/terraform-aws-modules/terraform-aws-lambda/blob/5a480b367ddef24e89cf9dc43be8a1e4f4408953/.pre-commit-config.yaml#L8-L22

I am going to close this issue.