Request for help with a custom linter

[petems]

Hello! I'm trying to do a new tf lint rule for local_file using the template

Code would be something like this:

resource "local_file" "key_file" {
  filename = "ssh-key.pem"
  content  = <<EOT
-----BEGIN CERTIFICATE-----
DUMMYCERT
-----END CERTIFICATE-----
EOT

  provisioner "local-exec" {
    command = "chmod 600 ssh-key.pem"
  }
}

I want to raise an error if a provisioner with local-exec with the command value to contain "chmod"

Right now, I'm struggling with trying to run an expression to detect if the provisioner is present at all:

func (r *LocalFileNoChmodNeeded) Check(runner tflint.Runner) error {
	return runner.WalkResourceAttributes("local_file", "provisioner", func(attribute *hcl.Attribute) error {
		var provisoner string
		err := runner.EvaluateExpr(attribute.Expr, &provisoner)

		return runner.EnsureNoError(err, func() error {
			return runner.EmitIssue(
				r,
				fmt.Sprintf("provisoner is present %s", provisoner),
				attribute.Expr.Range(),
				tflint.Metadata{Expr: attribute.Expr},
			)
		})
	})
}

Any help appreciated 😄

[wata727]

Hi @petems!

Unfortunately, the current plugin API doesn't allow to walk blocks inside resources like this provisioner. Currently, only top-level attributes such as filename and content can be walked.

This is expected to be supported in future versions of the plugin system. Please wait for a while.

[petems]

No worries, this is awesome work, I'm looking forward to it 😄

[wata727]

Hi @petems!

It is now available for plugins to handle such special attributes/blocks in TFLint v0.17.0. Please see the implementation example:
https://github.com/terraform-linters/tflint-ruleset-template/blob/291e5990cb221606ea80acebad807a42a55b8b94/rules/local_file_example_provisioner.go