tflint: Rules across multiple resources are not supported #107
Description
Some rules, such as aws_cloudwatch_log_group_lambda_retention need to evaluate the relationship between different resources defined in Terraform. Usually, this is done by passing references to other resources. For example, for the aforementioned rule:
resource "aws_cloudwatch_log_group" "this" {
name = "/aws/lambda/${aws_lambda_function.this.function_name}
retention_in_days = 7
}The name property above is not known ahead of time, which isn't supported by TFLint. See this issue for TFLint.
Expected Behavior
Linting terraform files should be able to run with rules that cross-reference resources.
Current Behavior
tflint fails with an Unevaluable expression found error.
Possible Solution
- Disable all rules that cross-reference resources.
- Build that feature for tflint.
- Find another linter for Terraform.
- Abandon linting for Terraform and implement an alternative solution, such as evaluating resources running on AWS.
I will first disable all rules that cross-reference resources for now, while exploring other solutions.
Steps to Reproduce (for bugs)
- Clone the repository and checkout the test/tflint branch
git clone https://github.com/awslabs/serverless-rules.git
cd serverless-rules
git checkout test/tflint- Run tests for tflint
cd tflint-ruleset-aws-serverless
make test
- Get an error that the expression is unevaluable.
Error: Failed to check `aws_cloudwatch_log_group_lambda_retention` rule: Unevaluable expression found in XXX/serverless-rules/tflint-ruleset-aws-serverless/tests/aws_cloudwatch_log_group_lambda_retention.pass.tf:10
Environment
- Infrastructure as code technology used:
- (for
cfn-lint) Python, cfn-lint, and cfn-lint-serverless versions: - (for
tflint) Go, tflint versions: - Debugging logs