auto terraform review
Project description
Terraform automatic reviewer
terraform scripts checker.
This package helps you to review your tf script.
(ex: confirm add logging rule to all s3 bucket)
1 Installation
$ pip install tf_cop
2 Usage
2.1 cli use
at your console
$ tfcop TERRAFORM_ROOT_PATH REVIEW_BOOK_ROOT_PATH(optional)
sample output
☁ tf_cop [master] ⚡ tfcop test
==========================================================
RESOURCE AWS_S3_BUCKET.TEST_TF_REVIEW_BUCKET
==========================================================
[WARN] desc_checker : description not use
{ 'acl': 'private',
'bucket': '${terraform.env}-tf-review-bucket'}
[ALERT] tag_checker : tags not use
{ 'acl': 'private',
'bucket': '${terraform.env}-tf-review-bucket'}
==========================================================
RESOURCE AWS_S3_BUCKET.TEST_TF_REVIEW_BUCKET2
==========================================================
[WARN] desc_checker : description not use
{ 'acl': 'private',
'bucket': '${terraform.env}-tf-review-bucket2',
'lifecycle_rule': {...},
'logging': {...},
'tags': {...}}
[PASS] tag_checker : passed
[PASS] name_checker : passed
[PASS] env_checker : passed
=======================
| RESOURCE NUM : 2 |
| SKIP NUM : 0 |
| PASS NUM : 3 |
| WARN NUM : 2 |
| ALERT NUM : 1 |
=======================
2.2 module use
2.2.1 do review
pass terraform root path
& review_book root path
import tf_cop
if __name__ == '__main__':
test = tf_cop.TfCop()
test.tf_review("./test", "./review_book_default")
2.2.2 get output
output = test.output(color_flg=True)
print(output["output_log"])
print(output["output_summary_log"])
print(output["program_error_log"])
print(output["system_log"])
3 Review_book yaml rule
3.1 file name rule
review_book_yaml = resource_name.split("_")[1] + '.yaml'
(ex. aws_s3_bucket => s3.yaml)
3.2 key rule
key | description | required |
---|---|---|
title | test title | required |
desc | description for test | option |
mode | test mode (existance|value|nested) | required |
key | test target key (ex. tags) | required |
value | correct value regex | option |
nest | for nested test | option |
warn | for warn message | option (default False) |
3.2.1 existance test
check if target key is exist.
(ex. description)
3.2.2 value test
check if target value is correct.
(ex. name = "(prd|stg|dev)-s3-.*-terraform")
3.2.3 nested test
test to nested key_value
tags {
Name = "${terraform.env}-tf-review-bucket"
Env = "dev"
}
3.3 sample
aws_s3_bucket:
-
title: description_checker
description: simple existance checker
mode: existance
warn: True
key: description
-
title: private_checker
description: simple value checker
mode: value
key: acl
value: private
-
title: bucket_checker
description: simple value regex checker
mode: value
key: bucket
value: .*-tf-review-bucket.*
-
title: tag_checker
description: nested value checker
mode: nested
key: tags
nest:
-
title: name_checker
description: nested value checker
mode: value
key: Name
value: .*-tf-review-bucket.*
-
title: env_checker
description: nested value checker
mode: value
warn: True
key: Env
value: (dev|stg|prd)
-
title: if_checker
mode: if
key: logging
nest:
title: name_checker
mode: existance
key: lifecycle_rule
4 Testing
python test.py
5 Sample usage
test terraform files using docker.
├── Dockerfile
├── main.py
└── requirements.txt
FROM python:3.6
RUN apt-get update
ENV LANG ja_JP.UTF-8
ENV LANGUAGE ja_JP:ja
ENV LC_ALL ja_JP.UTF-8
ENV TZ JST-9
RUN pip install --upgrade pip
RUN pip install --upgrade setuptools
WORKDIR /tmp
COPY requirements.txt ./
RUN pip install -r requirements.txt
COPY . .
CMD ["python","main.py"]
import tf_cop
if __name__ == '__main__':
test = tf_cop.TfCop()
test.tf_review("./terraform", "./review_book")
output = test.output(color_flg=True)
print(output["output_log"])
print(output["output_summary_log"])
print(output["program_error_log"])
set TF_ROOT_PATH
& REVIEW_BOOK_PATH
docker build -t tf_cop .
docker run \
-v `pwd`/${TF_ROOT_PATH}:/tmp/terraform \
-v `pwd`/${REVIEW_BOOK_PATH}:/tmp/review_book \
tf_cop
6 Author
ys-tydy
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
tf_cop-0.1.1.tar.gz
(7.6 kB
view hashes)