github.com/terraform-linters/tflint@v0.51.2-0.20240520175844-3750771571b6/README.md

github.com/terraform-linters/tflint@v0.51.2-0.20240520175844-3750771571b6/README.md (about)

     1  # TFLint
     2  [![Build Status](https://github.com/terraform-linters/tflint/workflows/build/badge.svg?branch=master)](https://github.com/terraform-linters/tflint/actions)
     3  [![GitHub release](https://img.shields.io/github/release/terraform-linters/tflint.svg)](https://github.com/terraform-linters/tflint/releases/latest)
     4  [![Terraform Compatibility](https://img.shields.io/badge/terraform-%3E%3D%201.0-blue)](docs/user-guide/compatibility.md)
     5  [![License: MPL 2.0 + BUSL 1.1](https://img.shields.io/badge/License-MPL%202.0%20+%20BUSL%201.1-blue.svg)](#license)
     6  [![Go Report Card](https://goreportcard.com/badge/github.com/terraform-linters/tflint)](https://goreportcard.com/report/github.com/terraform-linters/tflint)
     7  [![Homebrew](https://img.shields.io/badge/dynamic/json.svg?url=https://formulae.brew.sh/api/formula/tflint.json&query=$.versions.stable&label=homebrew)](https://formulae.brew.sh/formula/tflint)
     8  
     9  A Pluggable [Terraform](https://www.terraform.io/) Linter
    10  
    11  ## Features
    12  
    13  TFLint is a framework and each feature is provided by plugins, the key features are as follows:
    14  
    15  - Find possible errors (like invalid instance types) for Major Cloud providers (AWS/Azure/GCP).
    16  - Warn about deprecated syntax, unused declarations.
    17  - Enforce best practices, naming conventions.
    18  
    19  ## Installation
    20  
    21  Bash script (Linux):
    22  
    23  ```console
    24  curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
    25  ```
    26  
    27  Homebrew (macOS):
    28  
    29  ```console
    30  brew install tflint
    31  ```
    32  
    33  Chocolatey (Windows):
    34  
    35  ```cmd
    36  choco install tflint
    37  ```
    38  
    39  NOTE: The Chocolatey package is NOT directly maintained by the TFLint maintainers. The latest version is always available by manual installation.
    40  
    41  ### Verification
    42  
    43  #### Cosign
    44  
    45  [Cosign](https://github.com/sigstore/cosign) `verify-blob` command ensures that the release was built with GitHub Actions in this repository.
    46  
    47  ```console
    48  cosign verify-blob --certificate=checksums.txt.pem --signature=checksums.txt.keyless.sig --certificate-identity-regexp="^https://github.com/terraform-linters/tflint" --certificate-oidc-issuer=https://token.actions.githubusercontent.com checksums.txt
    49  sha256sum --ignore-missing -c checksums.txt
    50  ```
    51  
    52  #### GitHub CLI (Beta)
    53  
    54  [Artifact Attestations](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) are available that can be verified using the GitHub CLI.
    55  
    56  ```console
    57  gh attestation verify checksums.txt -R terraform-linters/tflint
    58  sha256sum --ignore-missing -c checksums.txt
    59  ```
    60  
    61  ### Docker
    62  
    63  Instead of installing directly, you can use the Docker image:
    64  
    65  ```console
    66  docker run --rm -v $(pwd):/data -t ghcr.io/terraform-linters/tflint
    67  ```
    68  
    69  ### GitHub Actions
    70  
    71  If you want to run on GitHub Actions, [setup-tflint](https://github.com/terraform-linters/setup-tflint) action is available.
    72  
    73  ## Getting Started
    74  
    75  First, enable rules for [Terraform Language](https://www.terraform.io/language) (e.g. warn about deprecated syntax, unused declarations). [TFLint Ruleset for Terraform Language](https://github.com/terraform-linters/tflint-ruleset-terraform) is bundled with TFLint, so you can use it without installing it separately.
    76  
    77  The bundled plugin enables the "recommended" preset by default, but you can disable the plugin or use a different preset. Declare the plugin block in `.tflint.hcl` like this:
    78  
    79  ```hcl
    80  plugin "terraform" {
    81    enabled = true
    82    preset  = "recommended"
    83  }
    84  ```
    85  
    86  See the [tflint-ruleset-terraform documentation](https://github.com/terraform-linters/tflint-ruleset-terraform/blob/main/docs/configuration.md) for more information.
    87  
    88  Next, If you are using an AWS/Azure/GCP provider, it is a good idea to install the plugin and try it according to each usage:
    89  
    90  - [Amazon Web Services](https://github.com/terraform-linters/tflint-ruleset-aws)
    91  - [Microsoft Azure](https://github.com/terraform-linters/tflint-ruleset-azurerm)
    92  - [Google Cloud Platform](https://github.com/terraform-linters/tflint-ruleset-google)
    93  
    94  If you want to extend TFLint with other plugins, you can declare the plugins in the config file and easily install them with `tflint --init`.
    95  
    96  ```hcl
    97  plugin "foo" {
    98    enabled = true
    99    version = "0.1.0"
   100    source  = "github.com/org/tflint-ruleset-foo"
   101  
   102    signing_key = <<-KEY
   103    -----BEGIN PGP PUBLIC KEY BLOCK-----
   104  
   105    mQINBFzpPOMBEADOat4P4z0jvXaYdhfy+UcGivb2XYgGSPQycTgeW1YuGLYdfrwz
   106    9okJj9pMMWgt/HpW8WrJOLv7fGecFT3eIVGDOzyT8j2GIRJdXjv8ZbZIn1Q+1V72
   107    AkqlyThflWOZf8GFrOw+UAR1OASzR00EDxC9BqWtW5YZYfwFUQnmhxU+9Cd92e6i
   108    ...
   109    KEY
   110  }
   111  ```
   112  
   113  See also [Configuring Plugins](docs/user-guide/plugins.md).
   114  
   115  If you want to add custom rules that are not in existing plugins, you can build your own plugin or write your own policy in Rego. See [Writing Plugins](docs/developer-guide/plugins.md) or [OPA Ruleset](https://github.com/terraform-linters/tflint-ruleset-opa).
   116  
   117  ## Usage
   118  
   119  TFLint inspects files under the current directory by default. You can change the behavior with the following options/arguments:
   120  
   121  ```
   122  $ tflint --help
   123  Usage:
   124    tflint --chdir=DIR/--recursive [OPTIONS]
   125  
   126  Application Options:
   127    -v, --version                                                 Print TFLint version
   128        --init                                                    Install plugins
   129        --langserver                                              Start language server
   130    -f, --format=[default|json|checkstyle|junit|compact|sarif]    Output format
   131    -c, --config=FILE                                             Config file name (default: .tflint.hcl)
   132        --ignore-module=SOURCE                                    Ignore module sources
   133        --enable-rule=RULE_NAME                                   Enable rules from the command line
   134        --disable-rule=RULE_NAME                                  Disable rules from the command line
   135        --only=RULE_NAME                                          Enable only this rule, disabling all other defaults. Can be specified multiple times
   136        --enable-plugin=PLUGIN_NAME                               Enable plugins from the command line
   137        --var-file=FILE                                           Terraform variable file name
   138        --var='foo=bar'                                           Set a Terraform variable
   139        --call-module-type=[all|local|none]                       Types of module to call (default: local)
   140        --chdir=DIR                                               Switch to a different working directory before executing the command
   141        --recursive                                               Run command in each directory recursively
   142        --filter=FILE                                             Filter issues by file names or globs
   143        --force                                                   Return zero exit status even if issues found
   144        --minimum-failure-severity=[error|warning|notice]         Sets minimum severity level for exiting with a non-zero error code
   145        --color                                                   Enable colorized output
   146        --no-color                                                Disable colorized output
   147        --fix                                                     Fix issues automatically
   148        --no-parallel-runners                                     Disable per-runner parallelism
   149        --max-workers=N                                           Set maximum number of workers in recursive inspection (default: number of CPUs)
   150  
   151  Help Options:
   152    -h, --help                                                    Show this help message
   153  ```
   154  
   155  See [User Guide](docs/user-guide) for details.
   156  
   157  ## Debugging
   158  
   159  If you don't get the expected behavior, you can see the detailed logs when running with `TFLINT_LOG` environment variable.
   160  
   161  ```console
   162  $ TFLINT_LOG=debug tflint
   163  ```
   164  
   165  ## Developing
   166  
   167  See [Developer Guide](docs/developer-guide).
   168  
   169  ## Security
   170  
   171  If you find a security vulnerability, please refer our [security policy](SECURITY.md).
   172  
   173  ## License
   174  
   175  Please note that although much of this project is licensed under MPL 2.0, some files in the `terraform` package are licensed under BUSL 1.1.
   176  
   177  For the reasons stated above, the executable forms (release binaries) is bound by both licenses.
   178  
   179  See also https://discuss.hashicorp.com/t/hashicorp-projects-changing-license-to-business-source-license-v1-1/57106/7
   180  
   181  ## Stargazers over time
   182  
   183  [![Stargazers over time](https://starchart.cc/terraform-linters/tflint.svg)](https://starchart.cc/terraform-linters/tflint)