github.com/wata727/tflint@v0.12.2-0.20191013070026-96dd0d36f385/docs/rules/terraform_module_pinned_source.md (about) 1 # terraform_module_pinned_source 2 3 Disallow specifying a git or mercurial repository as a module source without pinning to a non-default version. 4 5 ## Example 6 7 ```hcl 8 module "unpinned" { 9 source = "git://hashicorp.com/consul.git" 10 } 11 12 module "default_git" { 13 source = "git://hashicorp.com/consul.git?ref=master" 14 } 15 16 module "default_mercurial" { 17 source = "hg::http://hashicorp.com/consul.hg?rev=default" 18 } 19 ``` 20 21 ``` 22 $ tflint 23 3 issue(s) found: 24 25 Warning: Module source "git://hashicorp.com/consul.git" is not pinned (terraform_module_pinned_source) 26 27 on template.tf line 2: 28 2: source = "git://hashicorp.com/consul.git" 29 30 Reference: https://github.com/wata727/tflint/blob/v0.11.0/docs/rules/terraform_module_pinned_source.md 31 32 Warning: Module source "git://hashicorp.com/consul.git?ref=master" uses default ref "master" (terraform_module_pinned_source) 33 34 on template.tf line 6: 35 6: source = "git://hashicorp.com/consul.git?ref=master" 36 37 Reference: https://github.com/wata727/tflint/blob/v0.11.0/docs/rules/terraform_module_pinned_source.md 38 39 Warning: Module source "hg::http://hashicorp.com/consul.hg?rev=default" uses default rev "default" (terraform_module_pinned_source) 40 41 on template.tf line 10: 42 10: source = "hg::http://hashicorp.com/consul.hg?rev=default" 43 44 Reference: https://github.com/wata727/tflint/blob/v0.11.0/docs/rules/terraform_module_pinned_source.md 45 46 ``` 47 48 ## Why 49 50 Terraform allows you to checkout module definitions from source control. If you do not pin the version to checkout, the dependency you require may introduce major breaking changes without your awareness. To prevent this, always specify an explicit version to checkout. 51 52 ## How To Fix 53 54 Specify a version pin. For git repositories, it should not be "master". For Mercurial repositories, it should not be "default"