tflint-ruleset-aws icon indicating copy to clipboard operation
tflint-ruleset-aws copied to clipboard

Published 20 hours ago verified publisher icon terraform-linters

TFLint support for new Terraform Provider functions

Open schniber opened this issue 3 months ago • 1 comments

Hello,

As you know, Terraform v1.8 has recently introduced the capability for providers to define provider functions.

  • E.g. with the Terraform AWS provider here:
  1. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/functions/arn_build
  2. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/functions/arn_parse
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/functions/trim_iam_role_path

TFLint is considering those as syntax errors as today:

=== TFLint Version ===
$ tflint --chdir=${CI_PROJECT_DIR} --version
TFLint version 0.48.0
+ ruleset.aws (0.26.0)
+ ruleset.terraform (0.4.0-bundled)
$ tflint --init
$ tflint --chdir=${CI_PROJECT_DIR} | tee tflint.xml
Failed to load configurations; organization.tf:57,27-28: Extra characters after interpolation expression; Template interpolation doesn't expect a colon at this location. Did you intend this to be a literal sequence to be processed as part of another language? If so, you can escape it by starting with "$${" instead of just "${".:
Error: Extra characters after interpolation expression
  on organization.tf line 57, in resource "aws_organizations_resource_policy" "security_resource_policy":
  50: {
  51:   "Version": "2012-10-17",
  52:   "Statement": [
  53:     {
  54:       "Sid": "DelegatingNecessaryDescribeListActions",
  55:       "Effect": "Allow",
  56:       "Principal": {
  57:         "AWS": "${provider::aws::arn_build(data.aws_partition.current.partition, "iam", "", var.landing_zone_configuration.securityRoles.accountId, "root")}"
Template interpolation doesn't expect a colon at this location. Did you intend this to be a literal sequence to be processed as part of another language? If so, you can escape it by starting with "$${" instead of just "${".

Thanks a lot for your support.

Bests

schniber avatar Apr 27 '24 17:04 schniber

This is tracked in https://github.com/terraform-linters/tflint/issues/1878. Also, this syntax has been valid since HCL v2.20, so we will probably need to release the latest version of the AWS ruleset as well. The current latest version (v0.30) uses HCL v2.19. https://github.com/terraform-linters/tflint-ruleset-aws/blob/v0.30.0/go.mod#L15

wata727 avatar Apr 28 '24 06:04 wata727

TFLint v0.51 + AWS ruleset v0.31 now support provider-defined functions. https://github.com/terraform-linters/tflint/releases/tag/v0.51.0 https://github.com/terraform-linters/tflint-ruleset-aws/releases/tag/v0.31.0

wata727 avatar May 03 '24 09:05 wata727