A norms and conventions validator for Terraform

Terraform-Validator

Mentioned in Awesome Go License
Documentation Status GoDoc
Build Status CodeCov Go Report Card
Docker Cloud Build Status Docker Pulls

This tool will help you ensure that a terraform folder answer to your norms and conventions rules. This can be really useful in several cases :

  • You're a team that want to have a clean and maintainable code.
  • You're a lonely developer that develop a lot of modules and you want to have a certain consistency between them.

Features:

  • make sure that the block names match a certain pattern.
  • make sure that the code is properly dispatched. To do this you can decide what type of block can contain each file (for example output blocks must be in outputs.tf).
  • ensure that mandatory .tf files are present.
  • ensure that the terraform version has been defined.
  • ensure that the providers' version has been defined.
  • make sure that the variables and/or outputs blocks have the description argument filled in.
  • layered terraform folders (test recursively).

⚠️ Terraform 0.12+ is supported only by the versions 2.0.0 and higher.

Documentation

Please find the full documentation here (ReadTheDocs).

Authors

Thibault Hazelart
Logo by Alexis Normand

License

Apache 2.0

Owner
Thibault Hazelart
Site Reliability Engineer, automation guy with Terraform, Ansible, Python3 and Golang. I trust in people and team spirit to move mountains.
Thibault Hazelart
https://github.com/thazelart/terraform-validator
Comments
  • Hcl2 error in provider.tf

    Hcl2 error in provider.tf

    Hi! I have an "assume_role" block in my provider.tf

    provider "google" {
  version = "foo"

  assume_role {
    role_arn = "role"
  }
}

    and I ran in this error:

    2019/11/15 15:24:23 testdata/ok_default_config/providers.tf:5,3-14: Unexpected "assume_role" block; Blocks are not allowed here.

    It seems that hcl2 libs are giving an error for a valid terraform format. Also the hcl2 repo is archived.

    Are you aware of this issue?

  • Blocks of type

    Blocks of type "required_providers" are not expected here

    Firstly, this is a great tool. I use it constantly for a large number of Terraform modules I maintain. Thank you!

    In my versions.tf file, I have a block which looks like this:

    # https://www.terraform.io/docs/configuration/terraform.html
terraform {
  required_version = ">= 0.12"

  required_providers {
    aws      = "~> 2.67"
    newrelic = "~> 1.19"
  }
}

    A truncated version of my .terraform-validator.yaml file looks like this:

    layers:
  default:
    files:
      versions.tf:
        mandatory: true
        authorized_blocks:
          - required_providers # only added this after receiving the error message; it didn't help
          - terraform

    When I run the tool, I get this message:

    $ terraform-validator .
2020/07/03 01:07:04 versions.tf:5,3-21: Unsupported block type; Blocks of type "required_providers" are not expected here.

    The required_providers sub-block of a terraform block is documented here: https://www.terraform.io/docs/configuration/terraform.html#specifying-required-provider-versions

    How do I get terraform-validator to allow/enforce this block without throwing an error?

  • Unexpected

    Unexpected "validation" block

    Hi,

    Using "validation" in a variable block generates an error :

    Unexpected "validation" block; Blocks are not allowed here

    variable "image_id" {
  type        = string
  description = "The id of the machine image (AMI) to use for the server."

  validation {
    condition     = length(var.image_id) > 4 && substr(var.image_id, 0, 4) == "ami-"
    error_message = "The image_id value must be a valid AMI id, starting with \"ami-\"."
  }
}

    Even "validation" comes with terraform 0.13, terraform-validator should not raise an error because validation block is inside variable definition ?

  • Add `terraform validate` test

    Add `terraform validate` test

    the idea is to add a new test: ensure_terraform_validate

    If set to true, this will ensure that the terraform validate command pass. This ensure that the terraform code is well written.

    In order to run the good terraform version for everyone, terraform will be a dependency of terraform-validator if that option is set to true

  • Enforce presence of a block in a file

    Enforce presence of a block in a file

    It would be interesting to enforce that a file exist and then that a block is present inside.

    e.g. : Enforce presence of provider block only providers.tffile.

    Configuration could be like this :

     layers:
   default:
     files:
       main.tf:
         mandatory: true
         authorized_blocks:
       providers.tf:
         mandatory: true
         exclusive_blocks:
           - provider
  • chore(deps): bump elliptic from 6.5.2 to 6.5.3 in /docs/docusaurus

    chore(deps): bump elliptic from 6.5.2 to 6.5.3 in /docs/docusaurus

    Bumps elliptic from 6.5.2 to 6.5.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • chore(deps): bump lodash from 4.17.15 to 4.17.20 in /docs/docusaurus

    chore(deps): bump lodash from 4.17.15 to 4.17.20 in /docs/docusaurus

    Bumps lodash from 4.17.15 to 4.17.20.

    Release notes

    Sourced from lodash's releases.

    4.17.16

    Commits
    Maintainer changes

    This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4 in /docs/docusaurus

    chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4 in /docs/docusaurus

    Bumps websocket-extensions from 0.1.3 to 0.1.4.

    Changelog

    Sourced from websocket-extensions's changelog.

    0.1.4 / 2020-06-02

    • Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)
    • Change license from MIT to Apache 2.0
    Commits
    • 8efd0cd Bump version to 0.1.4
    • 3dad4ad Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser
    • 4a76c75 Add Node versions 13 and 14 on Travis
    • 44a677a Formatting change: {...} should have spaces inside the braces
    • f6c50ab Let npm reformat package.json
    • 2d211f3 Change markdown formatting of docs.
    • 0b62083 Update Travis target versions.
    • 729a465 Switch license to Apache 2.0.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • chore(deps): bump acorn from 6.4.0 to 6.4.1 in /docs/docusaurus

    chore(deps): bump acorn from 6.4.0 to 6.4.1 in /docs/docusaurus

    Bumps acorn from 6.4.0 to 6.4.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

Related tags
Libraries for validation continuous-integration continuous-delivery terraform conventions validator hcl continuous-testing code-quality norms hcl2
Golang parameter validation, which can replace go-playground/validator, includes ncluding Cross Field, Map, Slice and Array diving, provides readable,flexible, configurable validation.
 Golang parameter validation, which can replace go-playground/validator, includes ncluding Cross Field, Map, Slice and Array diving, provides readable,flexible, configurable validation.

Checker 中文版本 Checker is a parameter validation package, can be use in struct/non-struct validation, including cross field validation in struct, elemen

Dec 16, 2022
The Hyperscale InputFilter library provides a simple inputfilter chaining mechanism by which multiple filters and validator may be applied to a single datum in a user-defined order.

Hyperscale InputFilter Branch Status Coverage master The Hyperscale InputFilter library provides a simple inputfilter chaining mechanism by which mult

Oct 20, 2021
:balloon: A lightweight struct validator for Go

gody Go versions supported Installation go get github.com/guiferpa/gody/v2 Usage package main import ( "encoding/json" "fmt" "net/http"

Nov 19, 2022
jio is a json schema validator similar to joi
 jio is a json schema validator similar to joi

jio Make validation simple and efficient ! 中文文档 Why use jio? Parameter validation in Golang is really a cursing problem. Defining tags on structs is n

Dec 25, 2022
golang request validator

validator Golang 参数验证器,目前只支持POST请求,JSON格式参数验证 亮点 1、验证时只要有一个错误,错误信息立即返回 2、可自定义参数别名显示错误信息;详情见_example文件 使用 go mod -u github.com/one-gold-coin/validator

Sep 30, 2021
golang rule-based string validator

gosv golang rule-based string validator usage import "github.com/s0rg/gosv" var MyRules = []gosv.Rule{ gosv.MinLen(8), gosv.MaxLen(64), gosv.MinLo

Nov 20, 2021
Checker/validator for Hong Kong IDs

hkidchecker Checker/validator for Hong Kong IDs Description This Go package validates Hong Kong ID card IDs. Useful for example for validating form in

Oct 13, 2021
OpenShift OLM Catalog Validator

OpenShift OLM Catalog Validator Overview It is an external validator which can be used with Operator-SDK to check the vendor-like criteria to publish

Nov 22, 2021
Vat ID Validator for Germany

German Vat Validator service This project has been developed using Hexagonal architecture and repository pattern. How to run? docker-compose up -d Cal

Nov 4, 2021
A demo project shows how to use validator to validate parameters

validator-demo This project is a demo project shows how to use validator to validate parameters use case install requirements go get github.com/favadi

Jan 10, 2022
Iran National Id, Bank Card Number, Mobile Number Validator for golang

Iran IDValidator Iran National Id, Bank Card Number, Mobile Number Validator for golang Installation go get -u github.com/mohammadv184/idvalidator Us

Dec 20, 2021
Gin Middleware to extract json tag value from playground validator's errors validation

Json Tag Extractor for Go-Playground Validator This is Gin Middleware that aim to extract json tag and than store it to FieldError.Field() object. Ins

Jan 14, 2022
Validator - Replace the validation framework used by gin

validator Replace the validation framework used by gin replace mod:replace githu

Jan 18, 2022
A lightweight model validator written in Go.

validator A lightweight model validator written in Go. quickstart package main import ( "fmt" v "github.com/go-the-way/validator" ) func main() {

Sep 27, 2022
Library providing opanapi3 and Go types for store/validation and transfer of ISO-4217, ISO-3166, and other types.

go-types This library has been created with the purpose to facilitate the store, validation, and transfer of Go ISO-3166/ISO-4217/timezones/emails/URL

Nov 9, 2022
[Go] Package of validators and sanitizers for strings, numerics, slices and structs

govalidator A package of validators and sanitizers for strings, structs and collections. Based on validator.js. Installation Make sure that Go is inst

Jan 6, 2023
:100:Go Struct and Field validation, including Cross Field, Cross Struct, Map, Slice and Array diving

Package validator Package validator implements value validations for structs and individual fields based on tags. It has the following unique features

Jan 1, 2023
Provide check digit algorithms and calculators written in Go

checkdigit About Provide check digit algorithms and calculators written by Go. Provided methods Algorithms Luhn Verhoeff Damm Calculators ISBN-10 ISBN

Dec 17, 2022
An idiomatic Go (golang) validation package. Supports configurable and extensible validation rules (validators) using normal language constructs instead of error-prone struct tags.

ozzo-validation Description ozzo-validation is a Go package that provides configurable and extensible data validation capabilities. It has the followi

Jan 7, 2023