Closed soumyabarman closed 3 years ago
wata727
commented
3 years ago The number displayed here is the number of rules enabled by default in TFLint core, excluding plugins. The rules of this plugin are enabled.
This log message has been fixed in v0.25. https://github.com/terraform-linters/tflint/commit/8206ee7b24522b1845fcb24958cf479f6e7078db
soumyabarman
commented
3 years ago I don't think 'azurerm' plugin rules are enabled as the resource group name has '@' in it (see the terraform code that creates the azure resource group)and it's not failing.
wata727
commented
3 years ago Some resources can detect invalid hard-coded resource group names (like azurerm_bot_channel_directline_invalid_resource_group_name rule), but there are no rules for azurerm_resource_group resource's name.
In addition, TFLint cannot evaluate expressions like ${azurerm_resource_group.example.name}, so no issues are reported here.
soumyabarman
commented
3 years ago I am talking about the name attribute inside the resource "_azurerm_resourcegroup". The name attribute value is specified as name = "demo@-tflint-rg" which includes @ as an invalid character
And there is a rule https://github.com/terraform-linters/tflint-ruleset-azurerm/blob/master/rules/apispec/azurerm_storage_account_invalid_resource_group_name.go that checks the _resource_groupname attribute against a Regex pattern for a Storage Account which doesn't allow @ in the resource group name.
I think the concern here is only the default core rules are loaded and not the rules specified in tflint-ruleset-azurerm following the above steps as I mentioned.
wata727
commented
3 years ago Yeah, the following cannot be detected by TFLint:
resource "azurerm_resource_group" "example" {
name = "demo@-tflint-rg"
location = "West US"
}
resource "azurerm_storage_account" "example" {
name = "demotflintstorageacc"
resource_group_name = "${azurerm_resource_group.example.name}"
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
tags = {
environment = "staging"
}
}However, the following can be detected:
resource "azurerm_storage_account" "example" {
name = "demotflintstorageacc"
resource_group_name = "demo@-tflint-rg"
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
tags = {
environment = "staging"
}
}In the former configuration, azurerm_storage_account_invalid_resource_group_name rule cannot evaluate the value of
resource_group_name (${azurerm_resource_group.example.name}) and no issue is reported. See also Compatibility with Terraform.
Hi,
I have installed and configured 'tflint' in my windows 10 PC. Also performed build and installation of the 'azurerm' provider as mentioned in the documentation. But when I run 'tflint --loglevel debug' it states only 3 rules are enabled. Please find the below steps to reproduce the issue.
rule "azurerm_storage_account_invalid_resource_group_name" { enabled = true }
plugin "azurerm" { enabled = true
}
Create a main.tf file with the below content in the same project folder- terraform { required_version = ">= 0.13.0"
required_providers { azurerm = { source = "hashicorp/azurerm" version = "=2.46.0" } } }
provider "azurerm" { features {} }
resource "azurerm_resource_group" "example" { name = "demo@-tflint-rg" location = "West US" }
resource "azurerm_storage_account" "example" { name = "demotflintstorageacc" resource_group_name = "${azurerm_resource_group.example.name}" location = azurerm_resource_group.example.location account_tier = "Standard" account_replication_type = "GRS"
tags = { environment = "staging" } }