This repository contains the TFLint ruleset for Azure Verified Modules.
- TFLint v0.42+
- Go v1.22
TODO: This template repository does not contain release binaries, so this installation will not work. Please rewrite for your repository. See the "Building the plugin" section to get this template ruleset working.
You can install the plugin with tflint --init. Declare a config in .tflint.hcl as follows:
plugin "avm" {
enabled = true
version = "0.2.0"
source = "github.com/Azure/tflint-ruleset-avm"
signing_key = <<-KEY
----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BSN Pgp v1.1.0.0
mQENBF9hII8BCADEOCDl3/1tAZQp/1BCVJN+tqIRCd3ywzhOXTC38XWC0zVbFtiA
vbBFL1e78aoDIyUFDZcphCyYDqBkweXeYyYVCojZFVniyKklc2xZ15LDwlMBhneU
yEPSzDCltFn67wMPQMKa4+TujZJ3TIs1OUnUTsCPrjavGgmrfAdxAF/EjCDrnVp9
XmRWJii/9elAnMqWLDkMDfPaWkv3lWuyYCBHc7avOJE9oWypmWoEPOujwmtika/i
FhmvZbojZN6huf7pykXGRl1wEpu0MMEFvm4UsfEOv8JHVBZEu2w6glQugT6a+IZ6
atH3zyy+i1mmgsJPlMF1soHNEufeK1CabMklABEBAAG0Q1RlcnJhZm9ybSBBRE8g
cHJvdmlkZXIgcmVsZWFzZSA8dGVycmFmb3JtYWRvcHJvdmlkZXJAbWljcm9zb2Z0
LmNvbT6JATgEEwEIACIFAl9hII8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
AAoJEG8Lkb3phHjPT+YH/3aksw2yhoqVl+Dxkrpsq9LIsXBHmHfbk8/nwbZ7F6o6
fZetwozQzS/v5IriE42NFdk2omilDa/Iumk5soPrCamIIToYMbGvZJ9MJzCflXzp
H3crqEgoCwu/93FVot4hhNOGmS2ra538zDQ3JsSbsVSc2TyPeBCF08+qJrr9VSML
LceuEvCKUN8P8LH+PXN4kKM1xNlSVw4RfH6mNJKdUG1Klvh2nbq0kuw8jiHITn2F
ALGvKXPLwggdNA86RIQc9tc3z/uJrBGSA2n6UkJbV1gFZDETjHzVtgDqqEQwap7D
/i9e5KqIAEIf14OPm3h+e6kCdWXRG0RJWWVWeOHIEfQ=
=KwXd
-----END PGP PUBLIC KEY BLOCK-----
KEY
}| Name | Enabled | Severity | Link |
|---|---|---|---|
| azapi_data_response_export_values | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/a... |
| azapi_replace_triggers_refs | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/a... |
| azapi_response_export_values | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/a... |
| azurerm_resource_tag | false | NOTICE | https://github.com/Azure/tflint-ruleset-azurerm-ext/blob/... |
| customer_managed_key | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/i... |
| diagnostic_settings | true | ERROR | - |
| location | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/r... |
| lock | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/i... |
| managed_identities | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/i... |
| no_entire_resource_output_tffr2 | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/r... |
| private_endpoints | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/i... |
| provider_azapi_version_constraint | true | ERROR | - |
| provider_azurerm_disallowed | true | ERROR | - |
| provider_azurerm_version_constraint | true | ERROR | - |
| provider_modtm_version_constraint | true | ERROR | - |
| required_module_source_tffr1 | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/terr... |
| required_module_source_tfnfr10 | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/terr... |
| required_output_rmfr7 | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/shar... |
| role_assignments | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/i... |
| tags | true | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/tf/i... |
| terraform_heredoc_usage | false | NOTICE | - |
| terraform_module_provider_declaration | false | WARNING | - |
| terraform_output_separate | false | NOTICE | https://github.com/Azure/tflint-ruleset-basic-ext/blob/v0... |
| terraform_required_providers_declaration | false | NOTICE | - |
| terraform_required_version_declaration | false | NOTICE | - |
| terraform_sensitive_variable_no_default | false | WARNING | - |
| terraform_variable_nullable_false | false | NOTICE | https://github.com/Azure/tflint-ruleset-basic-ext/blob/v0... |
| terraform_variable_separate | false | NOTICE | https://github.com/Azure/tflint-ruleset-basic-ext/blob/v0... |
| tfnfr26 | false | ERROR | https://azure.github.io/Azure-Verified-Modules/specs/terr... |
See RULES.md for the full rules reference (same content, kept in sync automatically).
The full list of rules is generated automatically into RULES.md and mirrored into the ## Rules section above.
To regenerate after adding, removing, or modifying rules, run:
./scripts/update-readme.shThis script:
- Runs
go generate ./..., which executescmd/rulesdocto refreshRULES.mdfromrules.Rules. - Splices the rules table from
RULES.mdinto the<!-- RULES:START --> ... <!-- RULES:END -->markers inREADME.md.
A GitHub Actions workflow (.github/workflows/rules-docs-check.yml) runs the same script on pull requests that touch rule sources and fails the build if README.md or RULES.md is out of date, so drift cannot land on main.
Clone the repository locally and run the following command:
makeYou can easily install the built plugin with the following:
make installYou can run the built plugin like the following:
$ cat << EOS > .tflint.hcl
plugin "avm" {
enabled = true
}
EOS
$ tflint