mschuchard/jenkins-devops-libs

Feature: terraform.fmt method for format validation

glarizza opened this issue · 1 comments

I mentioned it in a previous issue but thought I'd raise it here officially for comment. The use-case that I have in mind for this request is to check whether code being checked by a Jenkins pipeline (from an opened PR or via branch checking, for example) has already had terraform fmt run against it. The minimum bar for any Terraform code contribution should be proper formatting, and syntax validation (fmt and validate respectively).

terraform fmt has the -check and -diff options that, when used together, give you good visibility into whether code has been formatted, and a proper exit code response:

$ terraform fmt -check -diff terraform/main.tf
terraform/main.tf
--- old/terraform/main.tf
+++ new/terraform/main.tf
@@ -11,7 +11,7 @@

 resource "google_compute_address" "external" {
   name         = "jenkins-testing"
-  project        = "test-project"
+  project      = "test-project"
   region       = "us-west1"
   address_type = "EXTERNAL"
 }

$ echo $?
3

What I'm NOT looking for is to run terraform fmt with the intention of actually formatting the code - that should be committed by the code contributor and NOT handled via an automated process (for MY use-case at least, there may be others that are looking for that feature).

Ideally, the output of terraform fmt will be logged to the console and an error will be raised if the code is not formatted correctly (I have had some customers that prefer to fail first and fail early if terraform fmt detects formatting issues, and I have had some customers who prefer to do BOTH fmt and validate and then raise errors at the end when both of those commands are run. Exception handling would allow me to address the second use-case.).

In terraform 0.11, terraform fmt would recursively check subdirectories, and would traverse into .terraform directories if they existed. In terraform 0.12, terraform fmt stays within the specified directory by default, and has a -recursive option for traversing subdirectories. Also in 0.12 will fmt ignore any subdirectories beginning in . (like .terraform, for example). See this comment for more details.

Hopefully this is enough information to help you make a decision on whether to support fmt or not!

i botched the numbering so this was not auto-closed. Manually closing now.