github.com/terraform-linters/tflint@v0.51.2-0.20240520175844-3750771571b6/README.md (about) 1 # TFLint 2 [![Build Status](https://github.com/terraform-linters/tflint/workflows/build/badge.svg?branch=master)](https://github.com/terraform-linters/tflint/actions) 3 [![GitHub release](https://img.shields.io/github/release/terraform-linters/tflint.svg)](https://github.com/terraform-linters/tflint/releases/latest) 4 [![Terraform Compatibility](https://img.shields.io/badge/terraform-%3E%3D%201.0-blue)](docs/user-guide/compatibility.md) 5 [![License: MPL 2.0 + BUSL 1.1](https://img.shields.io/badge/License-MPL%202.0%20+%20BUSL%201.1-blue.svg)](#license) 6 [![Go Report Card](https://goreportcard.com/badge/github.com/terraform-linters/tflint)](https://goreportcard.com/report/github.com/terraform-linters/tflint) 7 [![Homebrew](https://img.shields.io/badge/dynamic/json.svg?url=https://formulae.brew.sh/api/formula/tflint.json&query=$.versions.stable&label=homebrew)](https://formulae.brew.sh/formula/tflint) 8 9 A Pluggable [Terraform](https://www.terraform.io/) Linter 10 11 ## Features 12 13 TFLint is a framework and each feature is provided by plugins, the key features are as follows: 14 15 - Find possible errors (like invalid instance types) for Major Cloud providers (AWS/Azure/GCP). 16 - Warn about deprecated syntax, unused declarations. 17 - Enforce best practices, naming conventions. 18 19 ## Installation 20 21 Bash script (Linux): 22 23 ```console 24 curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash 25 ``` 26 27 Homebrew (macOS): 28 29 ```console 30 brew install tflint 31 ``` 32 33 Chocolatey (Windows): 34 35 ```cmd 36 choco install tflint 37 ``` 38 39 NOTE: The Chocolatey package is NOT directly maintained by the TFLint maintainers. The latest version is always available by manual installation. 40 41 ### Verification 42 43 #### Cosign 44 45 [Cosign](https://github.com/sigstore/cosign) `verify-blob` command ensures that the release was built with GitHub Actions in this repository. 46 47 ```console 48 cosign verify-blob --certificate=checksums.txt.pem --signature=checksums.txt.keyless.sig --certificate-identity-regexp="^https://github.com/terraform-linters/tflint" --certificate-oidc-issuer=https://token.actions.githubusercontent.com checksums.txt 49 sha256sum --ignore-missing -c checksums.txt 50 ``` 51 52 #### GitHub CLI (Beta) 53 54 [Artifact Attestations](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) are available that can be verified using the GitHub CLI. 55 56 ```console 57 gh attestation verify checksums.txt -R terraform-linters/tflint 58 sha256sum --ignore-missing -c checksums.txt 59 ``` 60 61 ### Docker 62 63 Instead of installing directly, you can use the Docker image: 64 65 ```console 66 docker run --rm -v $(pwd):/data -t ghcr.io/terraform-linters/tflint 67 ``` 68 69 ### GitHub Actions 70 71 If you want to run on GitHub Actions, [setup-tflint](https://github.com/terraform-linters/setup-tflint) action is available. 72 73 ## Getting Started 74 75 First, enable rules for [Terraform Language](https://www.terraform.io/language) (e.g. warn about deprecated syntax, unused declarations). [TFLint Ruleset for Terraform Language](https://github.com/terraform-linters/tflint-ruleset-terraform) is bundled with TFLint, so you can use it without installing it separately. 76 77 The bundled plugin enables the "recommended" preset by default, but you can disable the plugin or use a different preset. Declare the plugin block in `.tflint.hcl` like this: 78 79 ```hcl 80 plugin "terraform" { 81 enabled = true 82 preset = "recommended" 83 } 84 ``` 85 86 See the [tflint-ruleset-terraform documentation](https://github.com/terraform-linters/tflint-ruleset-terraform/blob/main/docs/configuration.md) for more information. 87 88 Next, If you are using an AWS/Azure/GCP provider, it is a good idea to install the plugin and try it according to each usage: 89 90 - [Amazon Web Services](https://github.com/terraform-linters/tflint-ruleset-aws) 91 - [Microsoft Azure](https://github.com/terraform-linters/tflint-ruleset-azurerm) 92 - [Google Cloud Platform](https://github.com/terraform-linters/tflint-ruleset-google) 93 94 If you want to extend TFLint with other plugins, you can declare the plugins in the config file and easily install them with `tflint --init`. 95 96 ```hcl 97 plugin "foo" { 98 enabled = true 99 version = "0.1.0" 100 source = "github.com/org/tflint-ruleset-foo" 101 102 signing_key = <<-KEY 103 -----BEGIN PGP PUBLIC KEY BLOCK----- 104 105 mQINBFzpPOMBEADOat4P4z0jvXaYdhfy+UcGivb2XYgGSPQycTgeW1YuGLYdfrwz 106 9okJj9pMMWgt/HpW8WrJOLv7fGecFT3eIVGDOzyT8j2GIRJdXjv8ZbZIn1Q+1V72 107 AkqlyThflWOZf8GFrOw+UAR1OASzR00EDxC9BqWtW5YZYfwFUQnmhxU+9Cd92e6i 108 ... 109 KEY 110 } 111 ``` 112 113 See also [Configuring Plugins](docs/user-guide/plugins.md). 114 115 If you want to add custom rules that are not in existing plugins, you can build your own plugin or write your own policy in Rego. See [Writing Plugins](docs/developer-guide/plugins.md) or [OPA Ruleset](https://github.com/terraform-linters/tflint-ruleset-opa). 116 117 ## Usage 118 119 TFLint inspects files under the current directory by default. You can change the behavior with the following options/arguments: 120 121 ``` 122 $ tflint --help 123 Usage: 124 tflint --chdir=DIR/--recursive [OPTIONS] 125 126 Application Options: 127 -v, --version Print TFLint version 128 --init Install plugins 129 --langserver Start language server 130 -f, --format=[default|json|checkstyle|junit|compact|sarif] Output format 131 -c, --config=FILE Config file name (default: .tflint.hcl) 132 --ignore-module=SOURCE Ignore module sources 133 --enable-rule=RULE_NAME Enable rules from the command line 134 --disable-rule=RULE_NAME Disable rules from the command line 135 --only=RULE_NAME Enable only this rule, disabling all other defaults. Can be specified multiple times 136 --enable-plugin=PLUGIN_NAME Enable plugins from the command line 137 --var-file=FILE Terraform variable file name 138 --var='foo=bar' Set a Terraform variable 139 --call-module-type=[all|local|none] Types of module to call (default: local) 140 --chdir=DIR Switch to a different working directory before executing the command 141 --recursive Run command in each directory recursively 142 --filter=FILE Filter issues by file names or globs 143 --force Return zero exit status even if issues found 144 --minimum-failure-severity=[error|warning|notice] Sets minimum severity level for exiting with a non-zero error code 145 --color Enable colorized output 146 --no-color Disable colorized output 147 --fix Fix issues automatically 148 --no-parallel-runners Disable per-runner parallelism 149 --max-workers=N Set maximum number of workers in recursive inspection (default: number of CPUs) 150 151 Help Options: 152 -h, --help Show this help message 153 ``` 154 155 See [User Guide](docs/user-guide) for details. 156 157 ## Debugging 158 159 If you don't get the expected behavior, you can see the detailed logs when running with `TFLINT_LOG` environment variable. 160 161 ```console 162 $ TFLINT_LOG=debug tflint 163 ``` 164 165 ## Developing 166 167 See [Developer Guide](docs/developer-guide). 168 169 ## Security 170 171 If you find a security vulnerability, please refer our [security policy](SECURITY.md). 172 173 ## License 174 175 Please note that although much of this project is licensed under MPL 2.0, some files in the `terraform` package are licensed under BUSL 1.1. 176 177 For the reasons stated above, the executable forms (release binaries) is bound by both licenses. 178 179 See also https://discuss.hashicorp.com/t/hashicorp-projects-changing-license-to-business-source-license-v1-1/57106/7 180 181 ## Stargazers over time 182 183 [![Stargazers over time](https://starchart.cc/terraform-linters/tflint.svg)](https://starchart.cc/terraform-linters/tflint)