[FEATURE] preserve comment in the generated code

[worawatwi]

Is your feature request related to a problem? Please describe. We added comment to ignore specific tfsec rule but these comments were removed in the generated codes.

Describe the solution you'd like Provide comment prefix or pattern indicated that the comment should not be removed in the generated code.

Describe alternatives you've considered N/A.

[vtimd]

Hey there @worawatwi, just wanted to acknowledge that we've seen this. We're looking into it internally and will get back to you. Thank you for bringing this to our attention.

[wanderanimrod]

+1 I wanted to generate some code with #tflint-ignore: <rule> lines but I can't. Would be very helpful if this feature was added.

[soerenmartius]

Thanks for reporting this issue and for upvoting it, too! We're looking into possible ways on how to solve this and will get back with an ETA once we aligned on a solution

[soerenmartius]

Hi all,

Again, thanks for reporting this issue. We are currently looking into solutions. Our challenge is that the HCL parser needs to preserve comments for generated code by default. This issue has been reported and discussed a couple of times, and the community has provided various fixes. However, so far, HashiCorp hasn't addressed any of the open PRs aimed at fixing that.

We are still evaluating possible workarounds and will get back to you with an update asap.

Thanks for being patient with us!

[mariux]

as @soerenmartius mentioned, HCL does not support this out of the box and we will need to reimplement a bunch of things to make it work.

Instead of just preserving any comments, we plan to support the given use cases via an tflint and tfsec integration in our code generation. The team is currently investigating the details and requirement of the tools and will continue the work on finding solutions.

[solovyevt]

@mariux Just a reminder that tfsec is now being deprecated in favor of trivy, so it's probably worth focusing on the latter