Releases: terraform-linters/tflint
Releases · terraform-linters/tflint
v0.10.1
v0.10.0
0.10.0 (2019-08-17)
GPG key ID: 8CE69160EB3F2FE9
Breaking Changes
- #361: Get an AWS session in the same way as Terraform
- It will take a region and access keys in the
providerblock written in configuration files into account. - Added support for ECS/CodeBuild task roles and EC2 roles.
- There are breaking changes to credential priorities. It affects under the following cases:
- If you have a region or access keys in the
providerblock, it prefers them over environment variables and shared credentials. - If there are environment variables and shared credentials, it prefers the environment variables. Previously, it prefers shared credentials.
- If you have a region or access keys in the
- It will take a region and access keys in the
Changes
- #378: Remove aws_instance_default_standard_volume rule
- #379: Remove aws_db_instance_readable_password rule
Enhancements
- #384: Add terraform_dash_in_resource_name rule (@kulinacs)
- This rule is disabled by default.
- #388: Bump terraform-provider-aws from v2.20.0 to v2.24.0
- Added
me-south-1as a valid region inaws_route53_health_check_invalid_cloudwatch_alarm_regionrule andaws_route53_zone_association_invalid_vpc_regionrule. - Added
capacityOptimizedas a valid strategy inaws_spot_fleet_request_invalid_allocation_strategyrule.
- Added
Chores
v0.9.3
0.9.3 (2019-08-02)
GPG key ID: 8CE69160EB3F2FE9
Enhancements
- #375: Update dependencies to Terraform 0.12.6 (@lawliet89)
- Resource
for-eachsyntax doesn't report an error, but TFLint still ignoreeach.*expressions. - See https://github.com/hashicorp/terraform/releases/tag/v0.12.6
- Resource
- #377: Bump terraform-provider-aws from v2.20.0 to v2.22.0
aws_secretsmanager_secret_invalid_policyrule now allows up to 20480.aws_secretsmanager_secret_version_invalid_secret_stringrule now allows up to 10240.aws_ssm_maintenance_window_target_invalid_resource_typerule now allowsRESOURCE_GROUPas a valid type.
Chores
v0.9.2
0.9.2 (2019-07-20)
GPG key ID: 8CE69160EB3F2FE9
Enhancements
- #360: Allow settings shared credentials file path
- Added
--aws-creds-filein CLI flags - Added
shared_credentials_filein config attributes
- Added
- #365: TFLint is now compatible with Terraform v0.12.5
- #367: TFLint is now compatible with Terraform AWS provider v2.20.0
- Updated
aws_cloudwatch_metric_alarm_invalid_comparison_operatorrule
- Updated
v0.9.1
v0.9.0
0.9.0 (2019-06-29)
GPG key ID: 8CE69160EB3F2FE9
This release includes breaking changes due to the removal of some CLI flags and options. Please see the "Breaking Changes" section for details.
As a major improvement, added 700+ rules in this release. These rules are automatically generated from aws-sdk validations and can be used without deep checking. For example, you can check whether a resource name matches the regular expression, whether it satisfies length constraints, whether it is included in the list of valid values, etc. before running terraform plan or terraform apply.
Breaking Changes
- #310: Remove
--fastoption- It disables only
aws_instance_invalid_amiwhen passed this flag. But the rule is already faster in v0.8.2. Therefore, this flag is not necessary.
- It disables only
- #311: Remove terraform_version option
terraform_versionoption is no longer used.
- #313: Make non-zero exit status default if issues found
- Previously, it has return 0 as exit status even if an issue was found, but now it will return 2.
- If you would like to keep the previous behavior, you can use
--forceoption.
- #329: Disable module inspection by default
- You no longer need to run
terraform initjust to runtflint. - If you also want to check module calls, pass the
--moduleoption. In that case, you need to runterraform initas before.
- You no longer need to run
Changes
- #340: Replace aws_cloudwatch_metric_alarm_invalid_init with auto-generated
- The output message has changed, but there has been no other change.
Enhancements
- #274: Auto generate rules from AWS API models
- These rules are based on Terraform AWS provider v2.16.0.
- #332, #336: TFLint is now compatible with Terraform v0.12.3
- #343: Update valid instance type list
BugFixes
- #341: Fix false negatives in the S3 invalid ACL rule
Chores
v0.8.3
0.8.3 (2019-06-09)
GPG key ID: 8CE69160EB3F2FE9
Enhancements
- #318: Added 3 checks for AWS Launch Configuration. (@krzyzakp)
aws_launch_configuration_invalid_iam_profileaws_launch_configuration_invalid_image_idaws_launch_configuration_invalid_type
- #321: Add
--varoptions. - #322: Add new rule: aws_s3_bucket_invalid_acl. (@ineffyble)
- #324: TFLint is now compatible with Terraform v0.12.1.
BugFixes
- #320: Avoid InvalidAMIID errors.
Others
v0.8.2
0.8.2 (2019-06-03)
GPG key ID: 8CE69160EB3F2FE9
Enhancements
- #308: Make aws_instance_invalid_ami rule faster.
- The
--fastoption to disable this rule will be removed in v0.9.
- The
- #309: Accept a directory as an argument.
Others
- #298: Revise docker image.
- #300: Bump github.com/mattn/go-colorable from 0.1.1 to 0.1.2.
- #301: Bump github.com/mitchellh/go-homedir from 1.0.0 to 1.1.0.
- #302: Bump github.com/aws/aws-sdk-go from 1.19.18 to 1.19.41.
- #303: Bump github.com/k0kubun/pp from 2.3.0+incompatible to 2.4.0+incompatible.
- #304: Bump github.com/hashicorp/go-version from 1.1.0 to 1.2.0.
- #305: Bump github.com/golang/mock from 1.2.0 to 1.3.1.
- #306: Bump github.com/google/go-cmp from 0.2.0 to 0.3.0.
- #307: Remove mock package.
v0.8.1
0.8.1 (2019-05-30)
GPG key ID: 8CE69160EB3F2FE9
Enhancements
- #277: Ignore annotation support.
tflint-ignore: rule_nameannotation is now availble. See README.md.
BugFixes
- #293: Fix false negatives when
aws_instance_default_standard_volumerule checksdynamicblocks. - #297: Fix panic when checking whether an expression is null.
Others
- #292: Migrating to Go Modules.
v0.8.0
0.8.0 (2019-05-25)
GPG key ID: 8CE69160EB3F2FE9
This release includes major changes due to being dependent on Terraform v0.12 internal API. While we try to keep backward compatibility as much as possible, it does include some breaking changes.
We strongly recommend upgrading to Terraform v0.12 before trying TFLint v0.8. terraform 0.12upgrade is helpful to upgrade your configuration files.
Breaking Changes
- Always return an error when failed to evaluate an expression.
- Until now, except for module arguments, even if an error occurred, it was ignored.
- Expressions including unsupported named values (such as
${module.foo}) are not evaluated, so no error occurs.
- Drop support for
${terraform.env}.- Previously
${terraform.env}was a valid expression that returned the same as${terraform.workspace}. - This is because Terraform v0.12 doesn't support
${terraform.env}.
- Previously
- The file name of a module includes module ID instead of the source attribute.
- Up to now it was output like
github.com/wata727/example-module/instance.tf, but it will be changed likemodule_id/instance.tf.
- Up to now it was output like
- Always parse all configuration files under the current directory.
- When passing a file name as an argument, TFLint only parsed that file so far, but it now parses all configuration files under the current directory.
- Also, file arguments are only used to filter the issues obtained. Therefore, you cannot pass files other than under the current directory.
- As a known issue, If file arguments are passed, module's issues are not reported. This will be improved by changing handling of module's issues in the future.
- These behaviors have been changed as it depends on Terraform's
configloadpackage. - In addition, modules are always loaded regardless of
ignore_module.
- Raise an error when using invalid syntax as a Terraform configuration.
- For example, it didn't raise an error when using
resources(notresource) block because it is valid as HCL syntax in previous versions.
- For example, it didn't raise an error when using
- Remove
--debugoption.- Please use
TFLINT_LOGenvironment variables instead.
- Please use
- Raise an error when a file passed by
--configdoes not exist.- Previously the error was ignored and the default config was referenced.
- Remove duplicate resource rules.
- This is due to technical difficulty and user experience.
Enhancements
- HCL2 support
- Built-in Functions support
- Until now, if an expression includes function calls, it was ignored.
TF_DATA_DIRandTF_WORKSPACEenvironment variables are now available.- Until now, these variables are ignored.
- It is now possible to handle values doesn't have a default without raising errors.
- In the past, an error occurred when there was a reference to a variable that had no default value in an attribute of a module. See #205
- Terraform v0.11 module support
- Until now, it is failed to properly load a part of Terraform v0.11 module. See also #167
- Support for automatic loading
*.auto.tfvarsfiles.- Previously it was not loaded automatically.
BugFixes
- Improve expression checks
- Stop overwriting the config under the current directory by the config under the homedir.
- Fixed the problem that overwrites the config under the current directory by homedir config.
- Improve to check for
aws_db_instance_readable_password.- Previously, false positive occurred when setting values files or environment variables, but this problem has been fixed.
- Make
transit_gateway_idas a valid target onaws_route_specified_multiple_targets