search

terraform-linters / tflint-ruleset-aws

TFLint ruleset for terraform-provider-aws
Mozilla Public License 2.0
327 stars 71 forks source link

TFLint support for new Terraform Provider functions #632

Closed schniber closed 4 months ago

schniber commented 4 months ago

Hello,

As you know, Terraform v1.8 has recently introduced the capability for providers to define provider functions.

  1. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/functions/arn_build
  2. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/functions/arn_parse
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/functions/trim_iam_role_path

TFLint is considering those as syntax errors as today:

=== TFLint Version ===
$ tflint --chdir=${CI_PROJECT_DIR} --version
TFLint version 0.48.0
+ ruleset.aws (0.26.0)
+ ruleset.terraform (0.4.0-bundled)
$ tflint --init
$ tflint --chdir=${CI_PROJECT_DIR} | tee tflint.xml
Failed to load configurations; organization.tf:57,27-28: Extra characters after interpolation expression; Template interpolation doesn't expect a colon at this location. Did you intend this to be a literal sequence to be processed as part of another language? If so, you can escape it by starting with "$${" instead of just "${".:
Error: Extra characters after interpolation expression
  on organization.tf line 57, in resource "aws_organizations_resource_policy" "security_resource_policy":
  50: {
  51:   "Version": "2012-10-17",
  52:   "Statement": [
  53:     {
  54:       "Sid": "DelegatingNecessaryDescribeListActions",
  55:       "Effect": "Allow",
  56:       "Principal": {
  57:         "AWS": "${provider::aws::arn_build(data.aws_partition.current.partition, "iam", "", var.landing_zone_configuration.securityRoles.accountId, "root")}"
Template interpolation doesn't expect a colon at this location. Did you intend this to be a literal sequence to be processed as part of another language? If so, you can escape it by starting with "$${" instead of just "${".

Thanks a lot for your support.

Bests

wata727 commented 4 months ago

This is tracked in https://github.com/terraform-linters/tflint/issues/1878. Also, this syntax has been valid since HCL v2.20, so we will probably need to release the latest version of the AWS ruleset as well. The current latest version (v0.30) uses HCL v2.19. https://github.com/terraform-linters/tflint-ruleset-aws/blob/v0.30.0/go.mod#L15

wata727 commented 4 months ago

TFLint v0.51 + AWS ruleset v0.31 now support provider-defined functions. https://github.com/terraform-linters/tflint/releases/tag/v0.51.0 https://github.com/terraform-linters/tflint-ruleset-aws/releases/tag/v0.31.0