add rule: terraform_module_version #1182
Conversation
|
Whoops, tagged the wrong # above |
| "github.com/terraform-linters/tflint/tflint" | ||
| ) | ||
|
|
||
| var exactVersionRegexp = regexp.MustCompile(`^=?\s*\d+\.\d+\.\d+$`) |
There was a problem hiding this comment.
I'm a little worried if this regex is enough. For instance, go-version uses the following regexp:
https://github.com/hashicorp/go-version/blob/v1.3.0/version.go#L18-L31
Ideally, it would be nice to be able to verify that the f in the Constraint is the constraintEqual, but this struct doesn't seem to expose the logic...
https://github.com/hashicorp/go-version/blob/v1.3.0/constraint.go#L30-L31
There was a problem hiding this comment.
Agree. Spent a bunch of time looking at constraints and saw that the constraint type was not exposed. Was thinking of this more complicated regexp compilation:
But the version one is easy to reuse.
There was a problem hiding this comment.
After trying this, the go-version regex doesn't require major/minor/patch and the test ensuring 1.0 is rejected as exact fails. Grabbed a regex from the semver.org docs and added a test ensuring that prerelease suffixes work.
|
Revised per your comments, ready for another look |
Adds a
terraform_module_versionrule that Terraform modules from the registry should set a source. Similar toterraform_module_pinned_source, this is enabled by default.Users can optionally specify
exact = trueto require thatversionbe an exact 3 part version.This brings back some Terraform files in
addrsas well as dependent packages. They were necessary to determine whether asourceresolves to a registry:https://github.com/hashicorp/terraform/blob/120629848761f5434c75b9876a030f8145abf043/internal/addrs/module_source.go#L63-L73
This could also be useful for terraform-linters/tflint-ruleset-terraform#18 which would want to check whether a
sourceis a local one before applying some rules to it.Fixes #1176