Replies: 1 comment
-
Thank you for addressing this issue with the AWS ruleset, @aristosvo! What ephemeral resources are supported depends on the provider, so in principle we recommend implementing rules for each provider. We would like to avoid having rules in TFLint itself. However, there is room for consideration in supporting small providers such as |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Introduction
I have introduced two rules for ephemeral resources/write-only arguments for the AWS provider linter based on this issue, the last one being under review (tflint-ruleset-aws #861).
The question is how to bring these rules towards other providers, because this is not an issue limited to one provider.
Proposals
Proposal 1:
The first proposal is to implement these two rules for every provider ruleset. This should not take long, as the code can be basically copy-pasted into each ruleset. The rules logic could lean more on the SDK to reduce the amount of code duplication.
Proposal 2:
As the specific rulesets don't cover all known providers (and most specifically the
hashicorp/random
provider), we miss one of the most of the ephemeral replacement options:resource.random_password
➡ephemeral.random_password
To fix that we would have to include the same two rules for all other (or just a list of most used, to be extended) providers in
tflint
itself.To fix that we would have to include the same two rules for all other (or just a list of most used, to be extended) providers in a separate ruleset.
References
Beta Was this translation helpful? Give feedback.
All reactions