Light

padok-team / guacamole Goto Github PK

View Code? Open in Web Editor NEW

13.0 3.0 0.0 17.25 MB

Evaluate your IaC quality

License: Apache License 2.0

Go 95.23% HCL 1.85% Dockerfile 2.92%

cli golang iac quality terraform terragrunt

guacamole's Introduction

Guacamole 🥑

A CLI tool that runs opinionated quality checks on your IaC codebase.

Check the IaC guild guidelines for more information on the quality checks.

Install

With Homebrew

ℹ️ If you use Linux, you can install Linuxbrew

brew tap padok-team/tap
brew install guacamole

From GitHub

Prerequisites :

Golang
Terraform
Terragrunt

One-liner installer (in /tmp) :

DIR=$(pwd) cd /tmp && git clone [email protected]:padok-team/guacamole.git && cd guacamole && go build && alias guacamole=/tmp/guacamole/guacamole && cd $DIR

For a more permanent installation, just move the /tmp/guacamole/guacamole binary into a directory present in your $PATH.

Usage

Three modes currently exist :

Static mode : runs quality checks on the codebase without running Terraform / Terragrunt commands
```
guacamole static -p /path/to/your/codebase
```
[EXPERIMENTAL] State mode : runs quality checks based on your layers' state

We recommend to use this command after checking that your codebase has been initialized properly.
```
guacamole state -p /path/to/your/codebase
```
[EXPERIMENTAL] Profile mode : creates a detailed report of the contents of your codebase

We recommend to use this command after checking that your codebase has been initialized properly.
```
guacamole profile -p /path/to/your/codebase
```

A verbose mode (-v) exists to add more infos to the output.

Demo

List of checks

Static

TF_MOD_001 - Remote module call should be pinned to a specific version
TF_MOD_002 - Provider should be defined by the consumer of the module
TF_MOD_003 - Required provider versions in modules should be set with ~> operator
TF_NAM_001 - Resources and datasources in modules should be named "this" or "these" if their type is unique
TF_NAM_002 - snake_case should be used for all resource names
TF_NAM_003 - Stuttering in the naming of resources
TF_NAM_004 - Variable name's number should match its type
TF_VAR_001 - Variable should contain a description
TF_VAR_002 - Variable should declare a specific type

State

TF_MOD_004 - Use for_each to create multiple resources of the same type

License

guacamole's People

Contributors

Stargazers

Watchers

guacamole's Issues

Issue with the TF_MOD_001 check

The TF_MOD_001 (Remote module call should be pinned to a specific version) fails for my codebase when it should pass.

My module is defined as such:

module "keyvault" {
  source = "[email protected]:/padok-team/terraform-azurerm-keyvault?ref=v0.5.1"
  name   = local.name
  ...
}

The module version is pinned to 0.5.1, therefore the check should pass.

Feature: Skip a specific finding

It would be nice to be able to skip some checks which are found to be false positives.
Several ways of implementing it:

A comment above a terraform block with the check identifier makes Guacamole skip the check on the specific block
A comment on top of a terraform file with the check identifier makes Guacamole skip the check on the entire file
Checkov-style baseline file

With Guacamole being public, the brew tap download strategy should be too

The. .goreleaser.yaml config creates new releases with a download strategy that requires to be part of padok-team to download Guacamole through Padok's Homebrew tap. With Guacamole being now public, this restriction should be lifted.

Here are the relevant lines:
https://github.com/padok-team/guacamole/blob/1862a03dc11c58927cecead59277dce76b2b10e2/.goreleaser.yaml#L48C1-L57C39

Improvement on check TF_NAM_004

The check TF_NAM_004 assumes that the name of a variable of type number should not be plural, but there are a lot of reasons why this doesn't make sens.

Example

variable "number_of_hosts" {
  description = "Number of hosts you want to create"
  type        = number
}

Cool project !

@cterence @Laudenlaruto damn that is cool ! Love the heritage and learning from YATAS in the code ! Looks amazing guys !

You can close the issue ;)

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

chore(deps): update docker/build-push-action action to v6

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

dockerfile

Dockerfile

docker.io/library/golang 1.22.0@sha256:4a3e85e88ca4edb571679a3e8b86aaef16ad65134d3aba68760741a850d69f41

docker.io/library/alpine 3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b

github-actions

.github/workflows/ci.yaml

actions/checkout v4

docker/setup-buildx-action v3

docker/login-action v3

docker/build-push-action v5

.github/workflows/release.yaml

actions/checkout v4

actions/setup-go v5

goreleaser/goreleaser-action v5

gomod

go.mod

go 1.21

go 1.21.5

github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc@d8f796af33cc

github.com/fatih/color v1.16.0

github.com/gertd/go-pluralize v0.2.1

github.com/gruntwork-io/terragrunt v0.55.1

github.com/hashicorp/hcl/v2 v2.19.1

github.com/hashicorp/terraform-config-inspect v0.0.0-20231204233900-a34142ec2a72@a34142ec2a72

github.com/hashicorp/terraform-exec v0.20.0

github.com/hashicorp/terraform-json v0.21.0

github.com/jedib0t/go-pretty/v6 v6.5.4

github.com/savioxavier/termlink v1.3.0

github.com/spf13/cobra v1.8.0

github.com/spf13/viper v1.18.2

github.com/zclconf/go-cty v1.14.2

golang.org/x/exp v0.0.0-20240213143201-ec583247a57a@ec583247a57a

golang.org/x/term v0.17.0

terraform

example/modules/random-pets/main.tf

Check this box to trigger a request for Renovate to run again on this repository

Find unused datasources or module output

While it is not a minor issues, it can lead to longer plan and general complexity in the codebase.

Note that for a module which is distributed (not imbeded in the codebase), the rule might not be relevant since you don't know which outputs will actually be used or not.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.