Switch AWS rules implementation to the tflint-ruleset-aws plugin #1009
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request switches an existing AWS rule implementation to the tflint-ruleset-aws plugin. This is a change that has a significant impact on the implementation of TFLint, so I'm going to describe more details.
Why?
Currently, TFLint is primarily focused on the AWS provider, but I think that support other providers is just as important. However, the current implementation of TFLint provides AWS rules built-in, and if we want to support other providers, we must change the repository (TFLint core).
This is not scaleable. TFLint should be a "pluggable" linter so that it can support more providers and many rules by plugins. To achieve this, I have been implementing the plugin system. I'm trying to cut out existing AWS rules into the plugin.
What's happened?
The goal of this change is to switch the implementation to the plugin, but there are some tricks to minimize the impact of the migration.
First, TFLint binary will also act as the
tflint-ruleset-aws
plugin. So that you don't have to download thetflint-ruleset-aws
plugin separately. Of course, like other plugins, you can install the plugin separately. In that case, the installed plugin will take precedence. The bundled plugin will only be used if you don't have thetflint-ruleset-aws
installed.If you want to see which plugin is enabled, check the version output:
Plugins ending in -bundled indicate that they are plugins built into TFLint itself, called "bundled plugins".
In the future, I plan to remove this mechanism as well, but at least after implementing a mechanism that makes it easy to download plugins, such as
terraform init
.The other one, the
tflint-ruleset-aws
plugin is automatically enabled from the Terraform configurations. This implementation is similar to Terraform's automatic installation of providers. For example, it is automatically enabled for the following configurations:If you want to see the plugin is automatically enabled, check the version output. You can also control the activation of plugins by explicitly writing a plugin configuration, whether it is automatically enabled or not:
When used as a Language Server, the AWS plugin is always enabled, regardless of the Terraform configurations. If you want to disable it, such as when using another provider, write the plugin configuration explicitly and disable it.
What should we do?
I try to minimize the impact of this change as much as possible, but it does affect users who use deep checking.
The global
--deep
option will no longer be available to enable deep checking for AWS rules. If you want to continue using it, set thedeep_check
attribute of theaws
plugin setting totrue
.See the tflint-ruleset-aws plugin configurations for details.
Remove the
--deep
option is out of scope for this pull request, but will be removed by the next release.What's next?
Unless there are any major issues, I plan to merge this change in the next minor release. If you have any questions about this change, please let me know. Thanks.