You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd say this is a policy enforcement issue versus adherence to official Terraform recommendations.
I also wouldn't recommend static analysis (TFLint) as a means of doing this—tfprovidercheck is taking the right approach. The actual list of used providers is determined by the whole module tree, both root and children. By using the JSON mode of terraform version, it's getting the exact versions fetched by terraform init, which in turn handles resolving provider versions from the requirements in the module tree.
If you use static analysis, a deny rule can be trivially bypassed with a module block with any remote source (registry, git, etc.).
It would be nice to integrate this into tflint via a custom ruleset or directly in the terraform ruleset
References
The text was updated successfully, but these errors were encountered: