From 90bd2a5727d2bbd5d5a27ed5390073f11c359a0c Mon Sep 17 00:00:00 2001 From: rahul lokurte Date: Tue, 4 Jan 2022 22:58:01 +0530 Subject: [PATCH 1/8] Add terrafmt hook --- .pre-commit-hooks.yaml | 9 +++++++ Dockerfile | 43 ++++++++++++++++++------------ README.md | 18 +++++++++++++ terrafmt.sh | 59 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 112 insertions(+), 17 deletions(-) create mode 100644 terrafmt.sh diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 95a000ffb..b0e0a43cc 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -111,3 +111,12 @@ files: \.tf$ exclude: \.terraform\/.*$ require_serial: true + +- id: terrafmt + name: terrafmt + description: Runs terrafmt on Markdown files. + language: script + entry: terrafmt.sh + files: \.md$ + exclude: \.md\/.*$ + require_serial: true diff --git a/Dockerfile b/Dockerfile index 9266eb346..3072767fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG TAG=3.9.7-alpine3.14 +ARG TAG=3.9-alpine3.12 FROM python:${TAG} as builder WORKDIR /bin_dir @@ -12,16 +12,15 @@ RUN apk add --no-cache \ ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest} ARG TERRAFORM_VERSION=${TERRAFORM_VERSION:-latest} - # Install pre-commit RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \ || pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION} # Install terraform because pre-commit needs it RUN if [ "${TERRAFORM_VERSION}" = "latest" ]; then \ - TERRAFORM_VERSION="$(curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \ + TERRAFORM_VERSION="$(curl -s --insecure https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \ ; fi && \ - curl -L "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" > terraform.zip && \ + curl -L --insecure "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" > terraform.zip && \ unzip terraform.zip terraform && rm terraform.zip # @@ -34,6 +33,7 @@ ARG TERRAGRUNT_VERSION=${TERRAGRUNT_VERSION:-false} ARG TERRASCAN_VERSION=${TERRASCAN_VERSION:-false} ARG TFLINT_VERSION=${TFLINT_VERSION:-false} ARG TFSEC_VERSION=${TFSEC_VERSION:-false} +ARG TERRAFMT_VERSION=${TERRAFMT_VERSION:-false} # Tricky thing to install all tools by set only one arg. @@ -47,7 +47,8 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \ echo "export TERRAGRUNT_VERSION=latest" >> /.env && \ echo "export TERRASCAN_VERSION=latest" >> /.env && \ echo "export TFLINT_VERSION=latest" >> /.env && \ - echo "export TFSEC_VERSION=latest" >> /.env \ + echo "export TFSEC_VERSION=latest" >> /.env && \ + echo "export TERRAFMT_VERSION=latest" >> /.env \ ; else \ touch /.env \ ; fi @@ -69,8 +70,8 @@ RUN . /.env && \ if [ "$INFRACOST_VERSION" != "false" ]; then \ ( \ INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \ - [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > infracost.tgz \ - || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-linux-amd64.tar.gz")" > infracost.tgz \ + [ "$INFRACOST_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > infracost.tgz \ + || curl -L --insecure "$(curl -s --insecure ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-linux-amd64.tar.gz")" > infracost.tgz \ ) && tar -xzf infracost.tgz && rm infracost.tgz && mv infracost-linux-amd64 infracost \ ; fi @@ -79,8 +80,8 @@ RUN . /.env && \ if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then \ ( \ TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \ - [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > terraform-docs.tgz \ - || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz")" > terraform-docs.tgz \ + [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > terraform-docs.tgz \ + || curl -L --insecure "$(curl -s --insecure ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz")" > terraform-docs.tgz \ ) && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs \ ; fi @@ -89,8 +90,8 @@ RUN . /.env \ && if [ "$TERRAGRUNT_VERSION" != "false" ]; then \ ( \ TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \ - [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_linux_amd64")" > terragrunt \ - || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64")" > terragrunt \ + [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_linux_amd64")" > terragrunt \ + || curl -L --insecure "$(curl -s --insecure ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64")" > terragrunt \ ) && chmod +x terragrunt \ ; fi @@ -100,8 +101,8 @@ RUN . /.env && \ if [ "$TERRASCAN_VERSION" != "false" ]; then \ ( \ TERRASCAN_RELEASES="https://api.github.com/repos/accurics/terrascan/releases" && \ - [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ - || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ + [ "$TERRASCAN_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ + || curl -L --insecure "$(curl -s --insecure ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ ) && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \ ./terrascan init \ ; fi @@ -111,8 +112,8 @@ RUN . /.env && \ if [ "$TFLINT_VERSION" != "false" ]; then \ ( \ TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \ - [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_linux_amd64.zip")" > tflint.zip \ - || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_linux_amd64.zip")" > tflint.zip \ + [ "$TFLINT_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_linux_amd64.zip")" > tflint.zip \ + || curl -L --insecure "$(curl -s --insecure ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_linux_amd64.zip")" > tflint.zip \ ) && unzip tflint.zip && rm tflint.zip \ ; fi @@ -121,11 +122,18 @@ RUN . /.env && \ if [ "$TFSEC_VERSION" != "false" ]; then \ ( \ TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \ - [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-linux-amd64")" > tfsec \ - || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-linux-amd64")" > tfsec \ + [ "$TFSEC_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-linux-amd64")" > tfsec \ + || curl -L --insecure "$(curl -s --insecure ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-linux-amd64")" > tfsec \ ) && chmod +x tfsec \ ; fi +RUN . /.env && \ + if [ "TERRAFMT_VERSION" != "false" ]; then \ + ( \ + curl -L --insecure "https://github.com/katbyte/terrafmt/archive/refs/tags/v0.3.0.zip" > terrafmt.zip \ + ) && unzip terrafmt.zip && rm terrafmt.zip \ + ; fi + # Checking binaries versions and write it to debug file RUN . /.env && \ F=tools_versions_info && \ @@ -138,6 +146,7 @@ RUN . /.env && \ (if [ "$TERRASCAN_VERSION" != "false" ]; then echo "terrascan $(./terrascan version)" >> $F; else echo "terrascan SKIPPED" >> $F ; fi) && \ (if [ "$TFLINT_VERSION" != "false" ]; then ./tflint --version >> $F; else echo "tflint SKIPPED" >> $F ; fi) && \ (if [ "$TFSEC_VERSION" != "false" ]; then echo "tfsec $(./tfsec --version)" >> $F; else echo "tfsec SKIPPED" >> $F ; fi) && \ + (if [ "$TERRAFMT_VERSION" != "false" ]; then echo "terrafmt $(terrafmt version)" >> $F; else echo "terrafmt SKIPPED" >> $F ; fi) && \ echo -e "\n\n" && cat $F && echo -e "\n\n" diff --git a/README.md b/README.md index 2c2375a2b..b4f1e402f 100644 --- a/README.md +++ b/README.md @@ -568,6 +568,24 @@ Example: 3. Use `--skip-rules="ruleID1,ruleID2"` parameter to skip one or more rules globally while scanning (e.g.: `--args=--skip-rules="ruleID1,ruleID2"`). 4. Use the syntax `#ts:skip=RuleID optional_comment` inside a resource to skip the rule for that resource. +### terrafmt + +1. `terrafmt` supports custom arguments so you can pass [supported flags](https://github.com/katbyte/terrafmt). Eg: + +```tf + resource "aws_lambda_function" "pass" { + function_name = "test-env" + role = "" + runtime = "python3.8" + + environment { + variables = { + AWS_DEFAULT_REGION = "us-west-2" + } + } + } +``` + ## Authors This repository is managed by [Anton Babenko](https://github.com/antonbabenko) with help from these awesome contributors: diff --git a/terrafmt.sh b/terrafmt.sh new file mode 100644 index 000000000..8b0fbf3c7 --- /dev/null +++ b/terrafmt.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash +set -eo pipefail + +main() { + initialize_ + parse_cmdline_ "$@" + terrafmt_ +} + +initialize_() { + # get directory containing this script + local dir + local source + source="${BASH_SOURCE[0]}" + while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink + dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" + source="$(readlink "$source")" + # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located + [[ $source != /* ]] && source="$dir/$source" + done + _SCRIPT_DIR="$(dirname "$source")" + + # source getopt function + # shellcheck source=lib_getopt + . "$_SCRIPT_DIR/lib_getopt" +} + +parse_cmdline_() { + declare argv + argv=$(getopt -o a: --long args: -- "$@") || return + eval "set -- $argv" + + for argv; do + case $argv in + -a | --args) + shift + ARGS+=("$1") + shift + ;; + --) + shift + break + ;; + esac + done +} + +terrafmt_() { + find . | grep -E "README.md" | sort | while read -r f; do + echo "Processing $f" + echo "terrafmt ${ARGS[*]} $f" + terrafmt "${ARGS[@]}" $f + done +} + +# global arrays +declare -a ARGS=() + +[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From 0b8c4a800e44ca2721b9b2bdfeec408d90f5bbac Mon Sep 17 00:00:00 2001 From: Rahul Lokurte Date: Wed, 5 Jan 2022 01:12:38 +0530 Subject: [PATCH 2/8] Fix Dockerfile --- .pre-commit-config.yaml | 9 ++++++++- Dockerfile | 32 ++++++++++++++++---------------- README.md | 14 +++++++------- 3 files changed, 31 insertions(+), 24 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f1a7a65ef..9e68e5b87 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v4.1.0 hooks: # Git style - id: check-added-large-files @@ -33,3 +33,10 @@ repos: hooks: - id: shfmt args: ['-l', '-i', '2', '-ci', '-sr', '-w'] + +- repo: https://github.com/rahulmlokurte/pre-commit-terraform + rev: 90bd2a5727d2bbd5d5a27ed5390073f11c359a0c + hooks: + - id: terrafmt + args: + - --args=fmt diff --git a/Dockerfile b/Dockerfile index 3072767fa..e19ffa7fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG TAG=3.9-alpine3.12 +ARG TAG=3.9.7-alpine3.14 FROM python:${TAG} as builder WORKDIR /bin_dir @@ -18,9 +18,9 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm # Install terraform because pre-commit needs it RUN if [ "${TERRAFORM_VERSION}" = "latest" ]; then \ - TERRAFORM_VERSION="$(curl -s --insecure https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \ + TERRAFORM_VERSION="$(curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \ ; fi && \ - curl -L --insecure "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" > terraform.zip && \ + curl -L "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" > terraform.zip && \ unzip terraform.zip terraform && rm terraform.zip # @@ -70,8 +70,8 @@ RUN . /.env && \ if [ "$INFRACOST_VERSION" != "false" ]; then \ ( \ INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \ - [ "$INFRACOST_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > infracost.tgz \ - || curl -L --insecure "$(curl -s --insecure ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-linux-amd64.tar.gz")" > infracost.tgz \ + [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > infracost.tgz \ + || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-linux-amd64.tar.gz")" > infracost.tgz \ ) && tar -xzf infracost.tgz && rm infracost.tgz && mv infracost-linux-amd64 infracost \ ; fi @@ -80,8 +80,8 @@ RUN . /.env && \ if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then \ ( \ TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \ - [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > terraform-docs.tgz \ - || curl -L --insecure "$(curl -s --insecure ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz")" > terraform-docs.tgz \ + [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > terraform-docs.tgz \ + || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz")" > terraform-docs.tgz \ ) && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs \ ; fi @@ -90,8 +90,8 @@ RUN . /.env \ && if [ "$TERRAGRUNT_VERSION" != "false" ]; then \ ( \ TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \ - [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_linux_amd64")" > terragrunt \ - || curl -L --insecure "$(curl -s --insecure ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64")" > terragrunt \ + [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_linux_amd64")" > terragrunt \ + || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64")" > terragrunt \ ) && chmod +x terragrunt \ ; fi @@ -101,8 +101,8 @@ RUN . /.env && \ if [ "$TERRASCAN_VERSION" != "false" ]; then \ ( \ TERRASCAN_RELEASES="https://api.github.com/repos/accurics/terrascan/releases" && \ - [ "$TERRASCAN_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ - || curl -L --insecure "$(curl -s --insecure ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ + [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ + || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_Linux_x86_64.tar.gz")" > terrascan.tar.gz \ ) && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \ ./terrascan init \ ; fi @@ -112,8 +112,8 @@ RUN . /.env && \ if [ "$TFLINT_VERSION" != "false" ]; then \ ( \ TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \ - [ "$TFLINT_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_linux_amd64.zip")" > tflint.zip \ - || curl -L --insecure "$(curl -s --insecure ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_linux_amd64.zip")" > tflint.zip \ + [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_linux_amd64.zip")" > tflint.zip \ + || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_linux_amd64.zip")" > tflint.zip \ ) && unzip tflint.zip && rm tflint.zip \ ; fi @@ -122,15 +122,15 @@ RUN . /.env && \ if [ "$TFSEC_VERSION" != "false" ]; then \ ( \ TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \ - [ "$TFSEC_VERSION" = "latest" ] && curl -L --insecure "$(curl -s --insecure ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-linux-amd64")" > tfsec \ - || curl -L --insecure "$(curl -s --insecure ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-linux-amd64")" > tfsec \ + [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-linux-amd64")" > tfsec \ + || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-linux-amd64")" > tfsec \ ) && chmod +x tfsec \ ; fi RUN . /.env && \ if [ "TERRAFMT_VERSION" != "false" ]; then \ ( \ - curl -L --insecure "https://github.com/katbyte/terrafmt/archive/refs/tags/v0.3.0.zip" > terrafmt.zip \ + curl -L "https://github.com/katbyte/terrafmt/archive/refs/tags/v0.3.0.zip" > terrafmt.zip \ ) && unzip terrafmt.zip && rm terrafmt.zip \ ; fi diff --git a/README.md b/README.md index b4f1e402f..b98364276 100644 --- a/README.md +++ b/README.md @@ -573,17 +573,17 @@ Example: 1. `terrafmt` supports custom arguments so you can pass [supported flags](https://github.com/katbyte/terrafmt). Eg: ```tf - resource "aws_lambda_function" "pass" { - function_name = "test-env" - role = "" - runtime = "python3.8" +resource "aws_lambda_function" "pass" { + function_name = "test-env" + role = "" + runtime = "python3.8" - environment { + environment { variables = { AWS_DEFAULT_REGION = "us-west-2" } - } - } + } +} ``` ## Authors From 99ad370793386038a5b70168ff2cb215d0ed96e9 Mon Sep 17 00:00:00 2001 From: Rahul Lokurte Date: Wed, 5 Jan 2022 01:20:26 +0530 Subject: [PATCH 3/8] Update README.md for install dependencies and available hooks section --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b98364276..13ea36b2f 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ If you are using `pre-commit-terraform` already or want to support its developme * [`TFSec`](https://github.com/liamg/tfsec) required for `terraform_tfsec` hook. * [`infracost`](https://github.com/infracost/infracost) required for `infracost_breakdown` hook. * [`jq`](https://github.com/stedolan/jq) required for `infracost_breakdown` hook. +* [`terrafmt`](https://github.com/katbyte/terrafmt) required for `terraform_fmt` hook.
Docker
@@ -225,6 +226,7 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform | `terragrunt_fmt` | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. | `terragrunt` | | `terragrunt_validate` | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) | `terragrunt` | | `terrascan` | [terrascan](https://github.com/accurics/terrascan) Detect compliance and security violations. [Hook notes](#terrascan) | `terrascan` | +| `terrafmt` | [terrafmt](https://github.com/katbyte/terrafmt) Format terraform blocks embedded in files. | `terrafmt` | Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook. From 7d55d35f63e3a909518e029939d326ee20973dcd Mon Sep 17 00:00:00 2001 From: Rahul Lokurte <81438015+rahulmlokurte@users.noreply.github.com> Date: Wed, 5 Jan 2022 20:35:44 +0530 Subject: [PATCH 4/8] Enclose args into double-quotes Co-authored-by: George L. Yermulnik --- terrafmt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terrafmt.sh b/terrafmt.sh index 8b0fbf3c7..7327907c1 100644 --- a/terrafmt.sh +++ b/terrafmt.sh @@ -49,7 +49,7 @@ terrafmt_() { find . | grep -E "README.md" | sort | while read -r f; do echo "Processing $f" echo "terrafmt ${ARGS[*]} $f" - terrafmt "${ARGS[@]}" $f + terrafmt "${ARGS[@]}" "$f" done } From baffffbd27974005a72e147ae48ef6c7835e015f Mon Sep 17 00:00:00 2001 From: Rahul Lokurte <81438015+rahulmlokurte@users.noreply.github.com> Date: Wed, 5 Jan 2022 20:37:10 +0530 Subject: [PATCH 5/8] Remove duplicate echo Co-authored-by: George L. Yermulnik --- terrafmt.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/terrafmt.sh b/terrafmt.sh index 7327907c1..1cfd576d1 100644 --- a/terrafmt.sh +++ b/terrafmt.sh @@ -47,8 +47,7 @@ parse_cmdline_() { terrafmt_() { find . | grep -E "README.md" | sort | while read -r f; do - echo "Processing $f" - echo "terrafmt ${ARGS[*]} $f" + echo "terrafmt: $f" terrafmt "${ARGS[@]}" "$f" done } From d87a65e2ab97e88f9e6d3cc8a43329ddce2e948a Mon Sep 17 00:00:00 2001 From: Rahul Lokurte <81438015+rahulmlokurte@users.noreply.github.com> Date: Wed, 5 Jan 2022 22:25:45 +0530 Subject: [PATCH 6/8] URL pointed to a respective section in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 13ea36b2f..0ac65c44e 100644 --- a/README.md +++ b/README.md @@ -572,7 +572,7 @@ Example: ### terrafmt -1. `terrafmt` supports custom arguments so you can pass [supported flags](https://github.com/katbyte/terrafmt). Eg: +1. `terrafmt` supports custom arguments so you can pass [supported flags](https://github.com/katbyte/terrafmt#usage). Eg: ```tf resource "aws_lambda_function" "pass" { From 1306222ff7e8d96e9849248315b0839e01008c64 Mon Sep 17 00:00:00 2001 From: Rahul Lokurte <81438015+rahulmlokurte@users.noreply.github.com> Date: Wed, 5 Jan 2022 22:31:25 +0530 Subject: [PATCH 7/8] Remove references to hooks --- .pre-commit-config.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9e68e5b87..35d69a901 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -33,10 +33,3 @@ repos: hooks: - id: shfmt args: ['-l', '-i', '2', '-ci', '-sr', '-w'] - -- repo: https://github.com/rahulmlokurte/pre-commit-terraform - rev: 90bd2a5727d2bbd5d5a27ed5390073f11c359a0c - hooks: - - id: terrafmt - args: - - --args=fmt From b4abf14e96b843274214073844913c7b30ad5b6a Mon Sep 17 00:00:00 2001 From: Rahul Lokurte <81438015+rahulmlokurte@users.noreply.github.com> Date: Wed, 5 Jan 2022 22:48:05 +0530 Subject: [PATCH 8/8] update terrafmt documentation --- README.md | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 0ac65c44e..e37112133 100644 --- a/README.md +++ b/README.md @@ -572,21 +572,16 @@ Example: ### terrafmt -1. `terrafmt` supports custom arguments so you can pass [supported flags](https://github.com/katbyte/terrafmt#usage). Eg: +1. `terrafmt` supports custom arguments so you can pass [supported flags](https://github.com/katbyte/terrafmt#usage) like `diff` and `fmt` to see what would be formatted and to format the blocks respectively: -```tf -resource "aws_lambda_function" "pass" { - function_name = "test-env" - role = "" - runtime = "python3.8" - - environment { - variables = { - AWS_DEFAULT_REGION = "us-west-2" - } - } -} -``` + ```yaml + - id: terrafmt + args: + - --args=diff + - --args=fmt + ``` + + See the `terrafmt --help` command line help for available options ## Authors