tfproviderlint
Static analysis libraries and tooling for Terraform Provider code.
Install
Local Install
Release binaries are available in the Releases section.
To instead use Go to install into your $GOBIN directory (e.g. $GOPATH/bin):
$ go get github.com/bflad/tfproviderlint/cmd/tfproviderlintIf you wish to install the command which includes all linting checks, including Extra Lint Checks:
$ go get github.com/bflad/tfproviderlint/cmd/tfproviderlintxDocker Install
$ docker pull bflad/tfproviderlintHomebrew Install
$ brew install bflad/tap/tfproviderlintUsage
The tfproviderlint and tfproviderlintx tools operate similarly except for which checks are available. Additional information about usage and configuration options can be found by passing the help argument:
$ tfproviderlint helpLocal Usage
To report issues, change into the directory of the Terraform Provider code and run:
$ tfproviderlint ./...To apply automated fixes for checks that support them, change into the directory of the Terraform Provider code and run:
$ tfproviderlint -fix ./...It is also possible to run via go vet:
$ go vet -vettool $(which tfproviderlint) ./...Docker Usage
Change into the directory of the Terraform Provider code and run:
$ docker run -v $(pwd):/src bflad/tfproviderlint ./...GitHub Action Usage
A GitHub Action is available: tfproviderlint-github-action
Standard Lint Checks
Standard lint checks are enabled by default in the tfproviderlint tool. Opt-in checks can be found in the Extra Lint Checks section. For additional information about each check, you can run tfproviderlint help NAME.
Standard Acceptance Test Checks
| Check | Description | Type |
|---|---|---|
| AT001 | check for TestCase missing CheckDestroy |
AST |
| AT002 | check for acceptance test function names including the word import | AST |
| AT003 | check for acceptance test function names missing an underscore | AST |
| AT004 | check for TestStep Config containing provider configuration |
AST |
| AT005 | check for acceptance test function names missing TestAcc prefix |
AST |
| AT006 | check for acceptance test functions containing multiple resource.Test() invocations |
AST |
| AT007 | check for acceptance test functions containing multiple resource.ParallelTest() invocations |
AST |
| AT008 | check for acceptance test function declaration *testing.T parameter naming |
AST |
Standard Resource Checks
| Check | Description | Type |
|---|---|---|
| R001 | check for ResourceData.Set() calls using complex key argument |
AST |
| R002 | check for ResourceData.Set() calls using * dereferences |
AST |
| R003 | check for Resource having Exists functions |
AST |
| R004 | check for ResourceData.Set() calls using incompatible value types |
AST |
| R005 | check for ResourceData.HasChange() calls that can be combined into one HasChanges() call |
AST |
| R006 | check for RetryFunc that omit retryable errors |
AST |
| R007 | check for deprecated (schema.ResourceData).Partial usage |
AST |
| R008 | check for deprecated (schema.ResourceData).SetPartial usage |
AST |
| R009 | check for Go panic usage | AST |
| R010 | check for (schema.ResourceData).GetChange assignment which should use (schema.ResourceData).Get |
AST |
| R011 | check for Resource that configure MigrateState |
AST |
| R012 | check for data source Resource that configure CustomizeDiff |
AST |
| R013 | check for map[string]*Resource that resource names contain at least one underscore |
AST |
| R014 | check for CreateFunc, DeleteFunc, ReadFunc, and UpdateFunc parameter naming |
AST |
Standard Schema Checks
| Check | Description | Type |
|---|---|---|
| S001 | check for Schema of TypeList or TypeSet missing Elem |
AST |
| S002 | check for Schema with both Required and Optional enabled |
AST |
| S003 | check for Schema with both Required and Computed enabled |
AST |
| S004 | check for Schema with both Required and Default configured |
AST |
| S005 | check for Schema with both Computed and Default configured |
AST |
| S006 | check for Schema of TypeMap missing Elem |
AST |
| S007 | check for Schema with both Required and ConflictsWith configured |
AST |
| S008 | check for Schema of TypeList or TypeSet with Default configured |
AST |
| S009 | check for Schema of TypeList or TypeSet with ValidateFunc configured |
AST |
| S010 | check for Schema of Computed only with ValidateFunc configured |
AST |
| S011 | check for Schema of Computed only with DiffSuppressFunc configured |
AST |
| S012 | check for Schema that Type is configured |
AST |
| S013 | check for map[string]*Schema that one of Computed, Optional, or Required is configured |
AST |
| S014 | check for Schema within Elem that Computed, Optional, and Required are not configured |
AST |
| S015 | check for map[string]*Schema that attribute names are valid |
AST |
| S016 | check for Schema that Set is only configured for TypeSet |
AST |
| S017 | check for Schema that MaxItems and MinItems are only configured for TypeList, TypeMap, or TypeSet |
AST |
| S018 | check for Schema that should use TypeList with MaxItems: 1 |
AST |
| S019 | check for Schema that should omit Computed, Optional, or Required set to false |
AST |
| S020 | check for Schema of Computed only with ForceNew enabled |
AST |
| S021 | check for Schema that should omit ComputedWhen |
AST |
| S022 | check for Schema of TypeMap with invalid Elem of *schema.Resource |
AST |
| S023 | check for Schema that should omit Elem with incompatible Type |
AST |
| S024 | check for Schema that should omit ForceNew in data source schema attributes |
AST |
| S025 | check for Schema of Computed only with AtLeastOneOf configured |
AST |
| S026 | check for Schema of Computed only with ConflictsWith configured |
AST |
| S027 | check for Schema of Computed only with Default configured |
AST |
| S028 | check for Schema of Computed only with DefaultFunc configured |
AST |
| S029 | check for Schema of Computed only with ExactlyOneOf configured |
AST |
| S030 | check for Schema of Computed only with InputDefault configured |
AST |
| S031 | check for Schema of Computed only with MaxItems configured |
AST |
| S032 | check for Schema of Computed only with MinItems configured |
AST |
| S033 | check for Schema of Computed only with StateFunc configured |
AST |
| S034 | check for Schema that configure PromoteSingle |
AST |
| S035 | check for Schema with invalid AtLeastOneOf attribute references |
AST |
| S036 | check for Schema with invalid ConflictsWith attribute references |
AST |
| S037 | check for Schema with invalid ExactlyOneOf attribute references |
AST |
Standard Validation Checks
| Check | Description | Type |
|---|---|---|
| V001 | check for custom SchemaValidateFunc that implement validation.StringMatch() or validation.StringDoesNotMatch() |
AST |
| V002 | check for deprecated CIDRNetwork validation function usage |
AST |
| V003 | check for deprecated IPRange validation function usage |
AST |
| V004 | check for deprecated SingleIP validation function usage |
AST |
| V005 | check for deprecated ValidateJsonString validation function usage |
AST |
| V006 | check for deprecated ValidateListUniqueStrings validation function usage |
AST |
| V007 | check for deprecated ValidateRegexp validation function usage |
AST |
| V008 | check for deprecated ValidateRFC3339TimeString validation function usage |
AST |
Extra Lint Checks
Extra lint checks are not included in the tfproviderlint tool and must be accessed via the tfproviderlintx tool or added to a custom lint tool. Generally these represent advanced Terraform Plugin SDK functionality that is not appropriate for all Terraform Providers.
Extra Resource Checks
| Check | Description | Type |
|---|---|---|
| XR001 | check for usage of ResourceData.GetOkExists() calls |
AST |
| XR002 | check for Resource that should implement Importer |
AST |
| XR003 | check for Resource that should implement Timeouts |
AST |
| XR004 | check for ResourceData.Set() calls that should implement error checking with complex values |
AST |
| XR005 | check for Resource that Description is configured |
AST |
Extra Schema Checks
| Check | Description | Type |
|---|---|---|
| XS001 | check for map[string]*Schema that Description is configured |
AST |
Development and Testing
This project is built on the go/analysis framework and uses Go Modules for dependency management.
Helpful tooling for development:
astdump: a tool for displaying the AST form of Go filessadump: a tool for displaying and interpreting the SSA form of Go programs
Adding an Analyzer
- Create new analyzer in
passes/(orxpasses/for extra checks) - If the
Analyzerreports issues, add toAllChecksvariable inpasses/checks.go(orxpasses/checks.gofor extra checks) - Since the
analysistestpackage does not support Go Modules currently, each analyzer that implements testing must add a symlink to the top levelvendordirectory in thetestdata/src/adirectory. e.g.ln -s ../../../../../vendor passes/NAME/testdata/src/a/vendor
Implementing SuggestedFixes Testing
The upstream analysistest package now contains functionality to verify SuggestedFixes via RunWithSuggestedFixes.
import (
"testing"
"golang.org/x/tools/go/analysis/analysistest"
)
func TestAnalyzerFixes(t *testing.T) {
testdata := analysistest.TestData()
analysistest.RunWithSuggestedFixes(t, testdata, Analyzer, "a")
}To setup the expected file content verification, the testing expects a file suffixed with .golden (e.g. testdata/src/a/main.go.golden).
Implementing a Custom Lint Tool
The go/analysis framework and this codebase are designed for flexibility. You may wish to permanently disable certain default checks or even implement your own provider-specific checks. An example of how to incorporate all default and extra checks in a CLI command can be found in cmd/tfproviderlintx. To permanently exclude checks, each desired Analyzer must be individually included, similar to how AllChecks() is built in passes/checks.go.
The passes directory also includes the underlying Analyzer which iteratively gather AST-based information about the Terraform Provider code being analyzed. For example, passes/helper/resource/retryfuncinfo returns information from all named and anonymous declarations of helper/resource.RetryFunc().
Primatives for working with Terraform Plugin SDK primatives can be found in helper/terraformtype. Primatives for working with the Go AST can be found in helper/astutils.
Updating Dependencies
$ go get URL
$ go mod tidy
$ go mod vendorUnit Testing
$ go test ./...Local Install Testing
$ go install ./cmd/tfproviderlint