search

terraform-linters / tflint

A Pluggable Terraform Linter
Mozilla Public License 2.0
4.98k stars 357 forks source link

"--recursive" and "--filter" options together not working as expected #1904

Closed SharkyND closed 1 year ago

SharkyND commented 1 year ago

Summary

I'm encountering an issue when using the tflint --recursive --filter='./<somedir>/**' command. It seems that the command is not working as expected, and I'd like to report this as a potential bug.

Steps to reproduce:

  1. Create a couple of folders (i.e tf_test_1, tf_test_2) with terraform code that needs to be linted with tflint.
  2. From the root of that folders run the following command: tflint --recursive --filter='./tf_test_1/**'

Expected behavior:
You should see tflint complaining about the tf code with error that needs to be fixed

Actual behavior:
Don't see any output at all

Additional context:

Please let me know if there's any additional information I can provide or if there's a workaround for this issue. Thank you!

Command

tflint --recursive --filter='./test_tf_1/**'

Terraform Configuration

.
├── test_tf_1
│   └── main.tf
│   └── .tflint.hcl
├── test_tf_2
│   └── main.tf
│   └── .tflint.hcl

Both main.tf can have the same code:

variable "region" {
  type = map(any)
  default = {
    "uk1" = {
      "region" = "uksouth",
    },
    "uk2" = {
      "region" = "ukwest",
    },
    "us" = {
      "region" = "eastus",
    }
    "us2" = {
      "region" = "eastus2",
    }
  }
}

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

variable "cidr" {
  default = "172.16.0.0/20"
}

TFLint Configuration

plugin "aws" {
    enabled = true
    version = "0.27.0"
    source  = "github.com/terraform-linters/tflint-ruleset-aws"
}
plugin "azurerm" {
    enabled = true
    version = "0.25.1"
    source  = "github.com/terraform-linters/tflint-ruleset-azurerm"
}

Output

<empty>

TFLint Version

0.48.0

Terraform Version

v1.5.7

Operating System

bendrucker commented 1 year ago

Globstar (**) is not supported so that was never going to work:

https://github.com/golang/go/issues/11862

That would be a feature request that we could consider via swapping the glob implementation for one that does.

What works:

tflint --recursive --filter main.tf

Filters are evaluated within the working directory:

https://github.com/terraform-linters/tflint/blob/83655ca6d4e978c8d88deb4eab4ef11f16b64b88/cmd/inspect.go#L35-L38

So this is working as designed right now, but there is discussion and proposals around implementing additional flags for filtering modules or repurposing the existing filter flag (i.e., break the existing behavior) to allow this.

You're welcome to reopen this as a feature request with more complete background and examples on how it would be used. The given example doesn't show why you wouldn't just use --chdir.

See also:

SharkyND commented 1 year ago

Hi @bendrucker , thanks for your feedback. Here is a feature request for enhancement. It is still up for grooming, please let me know your thoughts on it.