Tuvok
/ˈtuːvɒk/is a fictional character in the Star Trek media franchise. One of the main characters on the television series Star Trek: Voyager, Tuvok is a member of the fictional Vulcan species who serves as the ship's second officer, Chief of Security, and Chief Tactical Officer. In the Star Trek universe, Vulcans seek to operate by logic and reason, with as little emotion as possible.
Like the Vuclan Tuvok, this project is intended to apply logic and reason to enforce a given set of Terraform standards.
Please see the contributing guidelines for general information on contributing to this project. The process for proposing additional rules, modifying existing rules, or removing/deprecating rules will be followed like any other contribution.
We plan to follow semantic versioning for this tool.
Specifically for rules builtin to this tool, we will interpret SemVer as follows:
- Breaking changes (major version): rules being moved from WARN to ERROR
- Feature additions (minor version): rules added at WARN
- Bug fixes (patch version): correcting false positives and false negatives
To review existing tools, we used the following criteria/feature rubric:
- Style and Linting: Syntax checking, reading .tf files, reading Terraform plan files
- Matching Syntax: Golang/Python/etc rules, jq or regex syntax, others (JSON, YAML)
- Matching Targets: Attributes, Resources, Files, Order within a file
- Functional: Easy to distribute/portable, can emit warnings, can generate documentation, well-maintained
- Other/Misc: Requires additional tooling/code be written, easy to develop/popular language, supports CloudFormation too, will easily be adapted to HCL2
Some tools we reviewed, with our comments:
- json2hcl - would require additional tooling, but fairly portable
- tfjson - operates specifically on plan files
- tflint - looking more at logic bugs in AWS provider arguments than style/lint
- terraformtestinglib - some novel features, very complex rule syntax
- terraform-validator - JSON + Regex rules, string/global matching
- terraform_validate - required Python rules, more logic bug checking than linting
When writing our own tool, we wanted the following:
- Python project for easy contributions
- Convert HCL to JSON and validate JSON for future-proofing and CloudFormation cross-compatibility
- Rules could be text/data, add Python rule support later
- Allow pluggable rules to be stored in the same repository as Terraform configuration
- Allow YAML or JSON configuration files to override warn/error behavior of rules
- First-class Windows support
- Docker/HyperV/container builds, versioned with the tool
- Rules are versioned with the tool itself
- Ignore plan files for now, but consider later
- Python rule support
- Rules that may take arguments (e.g.
file_exists(main.tf)) - CloudFormation support
- Non-Terraform-specific rules (e.g. to support
tfenvstandards or enforce a file exists os.exists) - Open sourcing this tool
See issues list for specific features and ideas.