Closed Omarawad closed 4 years ago
wata727
commented
4 years ago Hi @Omarawad, thank you for your feedback.
It seems to work fine in my environment, but something may be wrong. Can you show me the log obtained by adding the environment variable TFLINT_LOG?
TFLINT_LOG=debug tflint -c .tflint.hcl
Omarawad
commented
4 years ago Hi @wata727, Thank you for looking into this. I attached my LOG file to this post TFLint_LOG.txt
Omarawad
commented
4 years ago As an addition, my Terraform files really a mix of resources that I wrote to intentially fail TFLint like the following:
resource "azurerm_resource_group" "camelCase" { name = "test" location = var.location }
resource "azurerm_storage_account" "camelCase" { name = "storageaccountname" resource_group_name = azurerm_resource_group.test-group.name location = azurerm_resource_group.test-group.location account_tier = "Omar" account_replication_type = "GRS"
tags = { environment = "staging" } }
wata727
commented
4 years ago Umm, looking at the logs, everything seems to be working correctly.
terraform_naming_convention rule is not enabled, so it is ignored.terraform_pinned_module are working correctly.Can you share the expected/actual behaviors and the contents of .tflint.hcl with the logs?
Omarawad
commented
4 years ago Hi @wata727 Regarding the terrafomr rules It wasnt working with me and I assume because I was using a SSH remote module in the terraform files but I couldn't replicate the case. Anyway I did get the terraform rules working properly in local modules but still TFLint is not evaluating rules against remote modules I reference within my code. Also, the Azure rules are not working still. I attached few files from my test case that shows a sample set of resources that I would expect it will make TFLint fail some rules like:
I hope you can find the below use case useful!
wata727
commented
4 years ago Umm, got it. There are some problems.
main.tf is inspected.terraform/service-principal/main.tf, if it doesn't occur by arguments of module calls from main.tf, it will be ignored here.terraform init before running tflint.Omarawad
commented
4 years ago Oh I see.. I do run terraform init before but as you said the problem is its not scanning inside the referenced modules. Is there any plans to support deep scaning for referenced modules? My experience with Terraform within different teams we tended to modulerize the application components and use one infrastructure pipeline to assemble all components together. It will be a great feature if TFLint support referenced modules.
Thank you for looking into the issue, appreciated :)
wata727
commented
4 years ago I think you should run TFLint on the module directory in the case. The inspection on the top-level directory is checking the arguments injected into the module, assuming the module is valid.
If you want to check whether there is a problem with the module, you need to run the following command additionally.
$ cd terraform/service-principal
$ terraform init # If the module depends other modules
$ tflintYeah that works for local modules. Thank you @wata727 !
Hi, I've been trying to setup TFLint for an Azure Terraform project but couldn't make it run so far. While experimenting I noticed the following behaviours:
My setup is in Azure pipelines as the following (assume project root is $(workDir)):
plugin "azurerm" { enabled = true }.\tflint.exe --config ".tflint.hcl" .Even i tried hard to break my terraform rules intentionaly, TFLint always run with no errors or complaints. Any guidance or sample working setup that I can rely on to set this up properly?