From inf-base : Terraform, TFLint, Pre-commit, providers upgraded

.github/workflows/build.yml

@@ -10,6 +10,7 @@ jobs:
     strategy:
       matrix:
         terraform_version:
+          - 1.9.6
           - 1.9.5
           - 1.9.4
           - 1.9.3

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.88.2
+    rev: v1.96.1
     hooks:
       - id: terraform_tflint
       - id: terraform_fmt
@@ -18,7 +18,7 @@ repos:
           - --hook-config=--create-file-if-not-exist=true
           - --hook-config=--use-standard-markers=true
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
       - id: check-added-large-files
       - id: check-executables-have-shebangs

.terraform-version

@@ -1 +1 @@
-1.7.5
+1.9.6

.tflint.hcl

@@ -1,32 +1,108 @@
 config {
-  module = true
-  force  = false
+  call_module_type = "all"
+  force            = false
+  format           = "compact"
+}
+
+tflint {
+  required_version = ">= 0.53"
 }
 
 // Only the AWS plugin is enabled. The Google and Azure plugins are not enabled as we have no current use for them.
 plugin "aws" {
   enabled    = true
   source     = "github.com/terraform-linters/tflint-ruleset-aws"
-  version    = "0.30.0"
+  version    = "0.33.0"
   deep_check = true
 }
 
-rule "terraform_naming_convention" {
+#
+# Please check https://github.com/terraform-linters/tflint-ruleset-terraform/tree/v0.5.0/docs/rules for new rules
+# (adjust the version accordinginly)
+#
+
+# Use '#' for comments rather than '//'.
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+# List items should be accessed using square brackets
+rule "terraform_deprecated_index" {
   enabled = true
 }
 
+# Interpolation-only expressions are deprecated in Terraform v0.12.14
 rule "terraform_deprecated_interpolation" {
   enabled = true
 }
 
+# Lookup with 2 arguments is deprecated
+rule "terraform_deprecated_lookup" {
+  enabled = true
+}
+
+# Outputs require a description
 rule "terraform_documented_outputs" {
   enabled = true
 }
 
+# Variables require a description
 rule "terraform_documented_variables" {
   enabled = true
 }
 
-rule "terraform_module_pinned_source" {
+# Comparing a collection with an empty list is invalid. To detect an empty collection, check its length
+rule "terraform_empty_list_equality" {
+  enabled = true
+}
+
+# Disallow specifying a git or mercurial repository as a module source without pinning to a version
+rule terraform_module_pinned_source {
+  enabled = true
+}
+
+# Ensure that all modules sourced from a Terraform Registry specify a version
+rule "terraform_module_version" {
+  enabled = true
+  exact   = false # default
+}
+
+# Enforces naming conventions
+rule "terraform_naming_convention" {
+  enabled = true
+  format  = "snake_case"
+}
+
+# Require that all providers specify a source and version constraint through required_providers
+rule "terraform_required_providers" {
+  enabled = true
+
+  # defaults
+  source = true
+  version = true
+}
+
+# Disallow terraform declarations without required_version
+rule "terraform_required_version" {
+  enabled = true
+}
+
+# Ensure that a module complies with the Terraform Standard Module Structure / https://www.terraform.io/docs/modules/index.html#standard-module-structure
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+# Disallow variable declarations without type
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+# Disallow variables, data sources, and locals that are declared but never used
+rule terraform_unused_declarations {
+  enabled = true
+}
+
+# Check that all required_providers are used in the module
+rule terraform_unused_required_providers {
   enabled = true
 }

README.md

@@ -106,8 +106,8 @@ Further information regarding the use of external IDs can be found [here](https:
 
 | Name | Version |
 |------|---------|
-| <a name="provider_external"></a> [external](#provider\_external) | 2.3.3 |
-| <a name="provider_local"></a> [local](#provider\_local) | 2.5.1 |
+| <a name="provider_external"></a> [external](#provider\_external) | 2.3.4 |
+| <a name="provider_local"></a> [local](#provider\_local) | 2.5.2 |
 
 ## Modules
 
@@ -122,16 +122,16 @@ No modules.
 
 ## Inputs
 
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_alternative_path"></a> [alternative\_path](#input\_alternative\_path) | Use an alternative path for all files produced internally | `string` | `""` | no |
-| <a name="input_assume_role_arn"></a> [assume\_role\_arn](#input\_assume\_role\_arn) | The ARN of the role being assumed (optional).<br><br>  The optional ARN must match the format documented in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html. | `string` | `""` | no |
-| <a name="input_aws_cli_commands"></a> [aws\_cli\_commands](#input\_aws\_cli\_commands) | The AWS CLI command, subcommands, and options.<br><br>  For options that can accept a value, then the following examples are both fine to use:<br>  1. `"--option", "value"`<br>  2. `"--option=value"`<br><br>  In the event that the value contains a space, it must be wrapped with quotes.<br>  1. `"--option", "'value with a space wrapped in single quotes'"`<br>  2. `"--option='value with a space wrapped in single quotes'"` | `list(string)` | n/a | yes |
-| <a name="input_aws_cli_query"></a> [aws\_cli\_query](#input\_aws\_cli\_query) | The `--query` value for the AWS CLI call.<br><br>  The value for `var.aws_cli_query` is based upon JMESPath, and you can get good information from https://jmespath.org.<br>  If not supplied, then the entire results from the AWS CLI call will be returned. | `string` | `""` | no |
-| <a name="input_external_id"></a> [external\_id](#input\_external\_id) | External id for assuming the role (optional).<br><br>  The length of optional external\_id, when supplied, must be between 2 and 1224 characters.<br>  The optional external\_id can only contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: `=,.@-`.<br>  The optional external\_id match the regular expression `^[\w=,.@-]*$`. | `string` | `""` | no |
-| <a name="input_profile"></a> [profile](#input\_profile) | The specific AWS profile to use (must be configured appropriately and is optional).<br><br>  The optional profile must start with a letter and can only contain letters, numbers, hyphens, and underscores. | `string` | `""` | no |
-| <a name="input_region"></a> [region](#input\_region) | The specific AWS region to use.<br><br>  The region must start with two letters representing the geographical area, followed by one or more letters or digits representing the specific region within that area. | `string` | `""` | no |
-| <a name="input_role_session_name"></a> [role\_session\_name](#input\_role\_session\_name) | The role session name that will be used when assuming a role (optional)<br><br>  The length of the optional role session name, when supplied, must be between 2 and 64 characters.<br>  The optional role session name can only contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: `=,.@-`.<br>  The optional role session name match the regular expression `^[\w=,.@-]*$`.<br><br>  If the assume\_role\_arn is supplied, but the role\_session\_name is left empty, an internal default of "AssumingRole" will be used. | `string` | `""` | no |
+| Name | Description | Type | Default | Required | Validation |
+|------|-------------|------|---------|:--------:|------------|
+| <a name="input_alternative_path"></a> [alternative\_path](#input\_alternative\_path) | Use an alternative path for all files produced internally | `string` | `""` | no | None |
+| <a name="input_assume_role_arn"></a> [assume\_role\_arn](#input\_assume\_role\_arn) | The ARN of the role being assumed (optional).<br/><br/>  The optional ARN must match the format documented in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html. | `string` | `""` | no | The optional ARN must match the format documented in https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html. |
+| <a name="input_aws_cli_commands"></a> [aws\_cli\_commands](#input\_aws\_cli\_commands) | The AWS CLI command, subcommands, and options.<br/><br/>  For options that can accept a value, then the following examples are both fine to use:<br/>  1. `"--option", "value"`<br/>  2. `"--option=value"`<br/><br/>  In the event that the value contains a space, it must be wrapped with quotes.<br/>  1. `"--option", "'value with a space wrapped in single quotes'"`<br/>  2. `"--option='value with a space wrapped in single quotes'"` | `list(string)` | n/a | yes | None |
+| <a name="input_aws_cli_query"></a> [aws\_cli\_query](#input\_aws\_cli\_query) | The `--query` value for the AWS CLI call.<br/><br/>  The value for `var.aws_cli_query` is based upon JMESPath, and you can get good information from https://jmespath.org.<br/>  If not supplied, then the entire results from the AWS CLI call will be returned. | `string` | `""` | no | None |
+| <a name="input_external_id"></a> [external\_id](#input\_external\_id) | External id for assuming the role (optional).<br/><br/>  The length of optional external\_id, when supplied, must be between 2 and 1224 characters.<br/>  The optional external\_id can only contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: `=,.@-`.<br/>  The optional external\_id match the regular expression `^[\w=,.@-]*$`. | `string` | `""` | no | The length of optional external\_id, when supplied, must be between 2 and 1224 characters.<br>The optional external\_id must match the regular expression '^[\w=,.@-]*$'. |
+| <a name="input_profile"></a> [profile](#input\_profile) | The specific AWS profile to use (must be configured appropriately and is optional).<br/><br/>  The optional profile must start with a letter and can only contain letters, numbers, hyphens, and underscores. | `string` | `""` | no | The optional profile must start with a letter and can only contain letters, numbers, hyphens, and underscores. |
+| <a name="input_region"></a> [region](#input\_region) | The specific AWS region to use.<br/><br/>  The region must start with two letters representing the geographical area, followed by one or more letters or digits representing the specific region within that area. | `string` | `""` | no | The optional region must start with two letters representing the geographical area, followed by one or more letters or digits representing the specific region within that area. |
+| <a name="input_role_session_name"></a> [role\_session\_name](#input\_role\_session\_name) | The role session name that will be used when assuming a role (optional)<br/><br/>  The length of the optional role session name, when supplied, must be between 2 and 64 characters.<br/>  The optional role session name can only contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: `=,.@-`.<br/>  The optional role session name match the regular expression `^[\w=,.@-]*$`.<br/><br/>  If the assume\_role\_arn is supplied, but the role\_session\_name is left empty, an internal default of "AssumingRole" will be used. | `string` | `""` | no | The length of the optional role session name, when supplied, must be between 2 and 64 characters.<br>The role session name match the regular expression '^[\w=,.@-]*$'. |
 
 ## Outputs
 

main.tf

@@ -37,21 +37,3 @@ data "local_file" "awscli_results_file" {
     }
   }
 }
-
-output "result" {
-  depends_on  = [data.local_file.awscli_results_file]
-  description = "The output of the AWS CLI command, if it can be JSON decoded"
-  value       = try(jsondecode(data.local_file.awscli_results_file.content), "")
-}
-
-output "result_raw" {
-  depends_on  = [data.local_file.awscli_results_file]
-  description = "The raw, non JSON decoded output of the AWS CLI command"
-  value       = data.local_file.awscli_results_file.content
-}
-
-output "result_was_decoded" {
-  depends_on  = [data.local_file.awscli_results_file]
-  description = "Can the output from the AWS CLI command can be JSON decoded"
-  value       = can(jsondecode(data.local_file.awscli_results_file.content))
-}

outputs.tf

@@ -0,0 +1,17 @@
+output "result" {
+  depends_on  = [data.local_file.awscli_results_file]
+  description = "The output of the AWS CLI command, if it can be JSON decoded"
+  value       = try(jsondecode(data.local_file.awscli_results_file.content), "")
+}
+
+output "result_raw" {
+  depends_on  = [data.local_file.awscli_results_file]
+  description = "The raw, non JSON decoded output of the AWS CLI command"
+  value       = data.local_file.awscli_results_file.content
+}
+
+output "result_was_decoded" {
+  depends_on  = [data.local_file.awscli_results_file]
+  description = "Can the output from the AWS CLI command can be JSON decoded"
+  value       = can(jsondecode(data.local_file.awscli_results_file.content))
+}