Skip to content

Commit

Permalink
implement vault_policy_name_reuse, fix build and readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@ilyaluk
ilyaluk committed May 22, 2024
1 parent b68bdc3 commit 950a37e
Show file tree
Hide file tree
Showing 14 changed files with 168 additions and 548 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
tflint-ruleset-vault
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ build:

install: build
mkdir -p ~/.tflint.d/plugins
mv ./tflint-ruleset-template ~/.tflint.d/plugins
mv ./tflint-ruleset-vault ~/.tflint.d/plugins
67 changes: 49 additions & 18 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# TFLint Ruleset Template
[![Build Status](https://github.com/terraform-linters/tflint-ruleset-template/workflows/build/badge.svg?branch=main)](https://github.com/terraform-linters/tflint-ruleset-template/actions)
# TFLint Vault Ruleset

This is a template repository for building a custom ruleset. You can create a plugin repository from "Use this template". See also [Writing Plugins](https://github.com/terraform-linters/tflint/blob/master/docs/developer-guide/plugins.md).
[![Build Status](https://github.com/joomcode/tflint-ruleset-vault/workflows/build/badge.svg?branch=main)](https://github.com/joomcode/tflint-ruleset-vault/actions)

This a small ruleset for TFLint that checks for some mistakes in HashiCorp Vault configurations.

## Requirements

Expand All @@ -10,35 +11,65 @@ This is a template repository for building a custom ruleset. You can create a pl

## Installation

TODO: This template repository does not contain release binaries, so this installation will not work. Please rewrite for your repository. See the "Building the plugin" section to get this template ruleset working.

You can install the plugin with `tflint --init`. Declare a config in `.tflint.hcl` as follows:

```hcl
plugin "template" {
plugin "vault" {
enabled = true
version = "0.1.0"
source = "github.com/terraform-linters/tflint-ruleset-template"
source = "github.com/joomcode/tflint-ruleset-vault"
signing_key = <<-KEY
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGCqS2YBEADJ7gHktSV5NgUe08hD/uWWPwY07d5WZ1+F9I9SoiK/mtcNGz4P
JLrYAIUTMBvrxk3I+kuwhp7MCk7CD/tRVkPRIklONgtKsp8jCke7FB3PuFlP/ptL
SlbaXx53FCZSOzCJo9puZajVWydoGfnZi5apddd11Zw1FuJma3YElHZ1A1D2YvrF
...
mQGNBGH5MZUBDACypcwBVWZhPbCTLjvKNyl1CaRCbXHCHx6Jq1AYU470HgITx+ij
Pq4kAJ+guUigu+wne+YoSWS1NIDO7Bmce5Xg0gJcbZ9br7zF3weW6mgHjJVmHvUW
H5O6xDKr1COt0kL7lNtGbTudSujLMpgXfvF0kUld3A/lXG/s4F1sP3PqK2wZNQ6/
xDVjfRwF0Eb2TalbC6nBz7GZ8GsZI7cRiN4DlmPT5mKC8esXPTQ9L04zYvvVsw4G
FONms1D/cpvDqe5lb5WBtRuhOag+2sasBqkFXV5eFbiJGl7Se5S5Ot5Y0DRbXMcQ
sG2hQ/lkTY6i/9AjQWXgO1POHm/QzivPBJ8Xzjq4J+IZHbHitSUXml3NuEMNyFJf
GCh2vxbPge+TFfYEPsOMnYn9Ab6P9upc2i52nU6+mrl2Bh6uEJZ8ajJnUakWjSXo
N/PQa3HMPfI72KduQWTCD9oYGPhGkO1Iii/1wpM0nVYuHqC8yi8S5j9/JyMYvqOQ
FhLvp9Jm2Cl18ksAEQEAAbQZZGV2b3BzK3RlcnJhZm9ybUBqb29tLmNvbYkB1AQT
AQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBGUQpdOtB3UsBgOuCIQz
vxlZDLTdBQJlvUqdBQkFqUEIAAoJEIQzvxlZDLTd/mgL/RoCGA1dhL505nTo3gjv
X00MfeDhlvs1yLQwhXu/PRTRkUB5fFs+1fgijkJ4pASdFJoZpW3lOckXJaYYyqSQ
1Lgkzrnx78GPW/ZIMu1THw18WpE/jzherpoIwD6u2sIYYgZzqTArDwl8RWRixZeS
kG5kmsj6YemTxcPAeEquUn1ohAwL8qaq+dtinsgUcyTVCEX1AYSS0dmH0I2dvpqd
9HmoS4yKTLBQq/y4WCou8Hc82FUE0afMjDRk2WdbO63VhrrgdDSLeY8/N+qFo4iS
jPP7sZexLTlWBsjWLpX7i+dA4JyDCSsMZGxiQGI0tVrkGZ5bl66GkvupOfMJvbI5
NCZilgkQJXHAVbUd5gVQF9MHN1Uf0Qk2CDnH0X/2BGIeMTC15pzSXpOkKFIh1mPa
k2F/4t9SrHdenbBCwwp2aSDT6/Wby73fKQbgiMJJyC3PA6d38eA7wdpWEMO2XJfb
sU+CDcbvON99MBqbVWmJWcJA0RL58epyRpmbfVKP14sK07kBjQRh+TGVAQwA2Bgx
5QvW6GVbLV1n+CVJl4HIiMjF91F0qFkjQtXEQzMa34k6tn5cjdmJl9PMY/1AIYWD
n1x89wzGHvsOVyuJfEIVVOOie/FfmQEe4hOsDr29nrxt4hRZu5YiUhQRJX01Tyxy
VHU96kPws7k4p2gJsjfsNjRJsFkVX4QNmCT1RNlibzIX64Snvy1MOA32Lh12cm4Y
13yxnAs+6bYiXgyf8Zm5Wnh8XGxI1CwhTnCOpUkYF+bupRuH01RLL8RSAhBnYrrd
yAv5X/0DYcUSgNrL123Gx2uZo3gZHoyZIE9t9Kdj3yPodvN/pMNd7DfWmSgkVuBp
rAg4pxxh+GXcW0SI96ASSTPyFkkyX9do5ExsAtwaMQMtLGDRqc09p6HTeoxCCyY0
n1UO0E2aT00bg3pR8QcVJC8i0xEMhvPJBs3FUlq0wkvdRjnXxHGjcV7IHJV9K3s9
485decgrvCYeuQev3yg/+v+3N58dMa82tuDaT9Pmxf8YQ71pXKgVXYqXhtmzABEB
AAGJAbwEGAEIACYCGwwWIQRlEKXTrQd1LAYDrgiEM78ZWQy03QUCZb1KdgUJBalA
4QAKCRCEM78ZWQy03atDC/4gzIRaL20tGGCcLuYRRAkTcOtCmL/uISEKZnkSusGV
fJBVXC3J6XyzVeAimYuE/0n2YS2rDXh1Ckinwsleh6XILW5CXtDynaYN9dIjmV77
ixCcLLdjzK6JgBXnd0zrNZLd9ctELurWUUkH/LTbnikbJF792sgWIaFGlZ3m2suT
hCRu7KNNJufNST45sFo3ZgB7v3SnPie/OoovRom2a8cP6uGbx0bTCUjTxEx5kxer
G32eA5j/w8NGuFR3iomSXnuXe3TbE0QIQ1+zYYPKZSCQJbsp4PJJM6Dvu/7zqoBl
b236F97GYZlUZakvWpS1Qc/0a7MKNzToXGZfHxJ3TCBx7l7QPMw/O9QnDe19kHgV
gbZeMlCYzGHoIIPHeS7IPi8Lu3JxTpW+xvxZ4wxaUg0WYcdyatR91aRcQYnp+4G0
WdEqMGOY4yTukUD3zGRy9fALyEiF5EntE2b4JiQA8inDDtQgVt+1rM4L8goMWURk
wYeMFkqSsluCjDEL47bGvq0=
=hItF
-----END PGP PUBLIC KEY BLOCK-----
KEY
}
```

## Rules

|Name|Description|Severity|Enabled|Link|
| --- | --- | --- | --- | --- |
|aws_instance_example_type|Example rule for accessing and evaluating top-level attributes|ERROR|||
|aws_s3_bucket_example_lifecycle_rule|Example rule for accessing top-level/nested blocks and attributes under the blocks|ERROR|||
|google_compute_ssl_policy|Example rule with a custom rule config|WARNING|||
|terraform_backend_type|Example rule for accessing other than resources|ERROR|||
| Name | Description | Severity | Enabled | Link |
| ----------------------- | ------------------------------------------------------------ | -------- | ------- | ---- |
| vault_policy_name_reuse | Checks if multiple vault_policy resources have the same name | ERROR || |

## Building the plugin

Expand All @@ -58,7 +89,7 @@ You can run the built plugin like the following:

```
$ cat << EOS > .tflint.hcl
plugin "template" {
plugin "vault" {
enabled = true
}
EOS
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
module github.com/terraform-linters/tflint-ruleset-template
module github.com/joomcode/tflint-ruleset-vault

go 1.22.2

Expand Down
10 changes: 4 additions & 6 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,17 @@ package main
import (
"github.com/terraform-linters/tflint-plugin-sdk/plugin"
"github.com/terraform-linters/tflint-plugin-sdk/tflint"
"github.com/terraform-linters/tflint-ruleset-template/rules"

"github.com/joomcode/tflint-ruleset-vault/rules"
)

func main() {
plugin.Serve(&plugin.ServeOpts{
RuleSet: &tflint.BuiltinRuleSet{
Name: "template",
Name: "vault",
Version: "0.1.0",
Rules: []tflint.Rule{
rules.NewAwsInstanceExampleTypeRule(),
rules.NewAwsS3BucketExampleLifecycleRule(),
rules.NewGoogleComputeSSLPolicyRule(),
rules.NewTerraformBackendTypeRule(),
rules.NewVaultPolicyNameReuseRule(),
},
},
})
Expand Down
75 changes: 0 additions & 75 deletions rules/aws_instance_example_type.go
View file

This file was deleted.

81 changes: 0 additions & 81 deletions rules/aws_s3_bucket_example_lifecycle_rule.go
View file

This file was deleted.

74 changes: 0 additions & 74 deletions rules/aws_s3_bucket_example_lifecycle_rule_test.go
View file

This file was deleted.

Loading

0 comments on commit 950a37e

Please sign in to comment.