Skip to main content

Custom Terraform / IaC lint rules — stdlib, pre-commit-friendly.

Project description

sarj-iac-lint

Custom Terraform / IaC lint rules — stdlib only, line/block based, pre-commit-friendly. Mined from recurring infra review comments across the org.

uv tool install sarj-iac-lint

Rules

Code Rule What it flags
SARJ201 require-deletion-protection A stateful resource (Cloud SQL, GKE, BigQuery, Spanner, AlloyDB, Bigtable, RDS, DynamoDB, ElastiCache, DocumentDB, Neptune, Azure databases, Cosmos DB, ...) without deletion_protection = true.
SARJ202 no-comment-cruft Commented-out Terraform/HCL and section-banner / divider comments.

.tf, .hcl, and .tfvars files are scanned by all rules; .yaml/.yml (Helm/k8s/Compose) are scanned by no-comment-cruft for banners only.

Pre-commit

- repo: https://github.com/sarj-ai/standards
  rev: iac-v0.2.0
  hooks:
    - id: sarj-require-deletion-protection
    - id: sarj-no-comment-cruft-iac

CLI

sarj-iac-lint check --rule require-deletion-protection iac/
sarj-iac-lint list-rules

Diagnostic format is path:line:col: CODE message — Ruff-compatible. --exit-zero reports without failing (warn mode).

Adoption

require-deletion-protection and no-comment-cruft have ~zero false positives — run them as hard (blocking) hooks.

require-deletion-protection treats variable/expression-gated protection (deletion_protection = var.enabled) and lifecycle { prevent_destroy = true } as protected — only a literal = false or a total absence is flagged.

Suppression

Inline # sarj-noqa: SARJ201 — <reason> on the offending line (the resource line for SARJ201).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sarj_iac_lint-0.2.0.tar.gz (8.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sarj_iac_lint-0.2.0-py3-none-any.whl (11.7 kB view details)

Uploaded Python 3

File details

Details for the file sarj_iac_lint-0.2.0.tar.gz.

File metadata

  • Download URL: sarj_iac_lint-0.2.0.tar.gz
  • Upload date:
  • Size: 8.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for sarj_iac_lint-0.2.0.tar.gz
Algorithm Hash digest
SHA256 47acbe209ff6590fa463099ba5d4085fb6cdc8db8bceacf85661374024a1c387
MD5 3d2569d83059524fa87aa1e27b7f2727
BLAKE2b-256 51c01a6841a7ffd4ff232e1ea175860c38b12847d359ff3947fdd606dd45a394

See more details on using hashes here.

Provenance

The following attestation bundles were made for sarj_iac_lint-0.2.0.tar.gz:

Publisher: release.yml on sarj-ai/standards

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sarj_iac_lint-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: sarj_iac_lint-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 11.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for sarj_iac_lint-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 7073f4f75decbf3e367c170f16d61a1024d81cbef2e512a32409a9ad8f3da02d
MD5 9de547ff14a9736b76693f81191f7de8
BLAKE2b-256 bd7fc20580a00c57b32489b21ca126325552cd66b4ba4dad252bc497841a3ecb

See more details on using hashes here.

Provenance

The following attestation bundles were made for sarj_iac_lint-0.2.0-py3-none-any.whl:

Publisher: release.yml on sarj-ai/standards

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page