required_providers: warn on legacy version syntax, missing source (#64)

bendrucker · web-flow · commit 9dfba73cf0b4 · 2023-03-23T11:01:57.000-07:00
diff --git a/docs/rules/terraform_required_providers.md b/docs/rules/terraform_required_providers.md
@@ -1,6 +1,6 @@
 # terraform_required_providers
 
-Require that all providers have version constraints through `required_providers`.
+Require that all providers specify a `source` and `version` constraint through `required_providers`.
 
 > This rule is enabled by "recommended" preset.
 
@@ -9,6 +9,10 @@ Require that all providers have version constraints through `required_providers`
 ```hcl
 rule "terraform_required_providers" {
   enabled = true
+
+  # defaults
+  source = true
+  version = true
 }
 ```
 
@@ -22,7 +26,7 @@ provider "template" {}
 $ tflint
 1 issue(s) found:
 
-Warning: Missing version constraint for provider "template" in "required_providers" (terraform_required_providers)
+Warning: Missing version constraint for provider "template" in `required_providers` (terraform_required_providers)
 
   on main.tf line 1:
    1: provider "template" {}
@@ -49,28 +53,89 @@ Warning: provider.template: version constraint should be specified via "required
 
 Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_required_providers.md
 
-Warning: Missing version constraint for provider "template" in "required_providers" (terraform_required_providers)
+Warning: Missing version constraint for provider "template" in `required_providers` (terraform_required_providers)
 
   on main.tf line 1:
    1: provider "template" {
 
 Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_required_providers.md
 ```
 
+<hr>
+
+```hcl
+provider "template" {}
+
+terraform {
+  required_providers {
+    template = {
+      version = "~> 2"
+    }
+  }
+}
+```
+
+```
+$ tflint
+1 issue(s) found:
+
+Warning: Legacy version constraint for provider "template" in `required_providers` (terraform_required_providers)
+
+  on main.tf line 5:
+   5:     template = "~> 2"
+
+Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_required_providers.md
+```
+
+<hr>
+
+```hcl
+provider "template" {}
+
+terraform {
+  required_providers {
+    template = {
+      version = "~> 2"
+    }
+  }
+}
+```
+
+```
+$ tflint
+1 issue(s) found:
+
+Warning: Missing `source` for provider "template" in `required_providers` (terraform_required_providers)
+
+  on main.tf line 5:
+   5:     template = {
+   6:       version = "~> 2"
+   7:     }
+
+Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_required_providers.md
+```
+
 ## Why
 
 Providers are plugins released on a separate rhythm from Terraform itself, and so they have their own version numbers. For production use, you should constrain the acceptable provider versions via configuration, to ensure that new versions with breaking changes will not be automatically installed by `terraform init` in future.
 
+Terraform supports multiple provider registries/namespaces through the [`source` address](https://developer.hashicorp.com/terraform/language/providers/requirements#source-addresses) attribute. While this is optional for providers in `registry.terraform.io` under the `hashicorp` namespace (the defaults), it is required for all other providers. Omitting `source` is a common error when using third-party providers and using explicit source addresses for all providers is recommended.
+
 ## How To Fix
 
-Add the [`required_providers`](https://www.terraform.io/docs/configuration/terraform.html#specifying-required-provider-versions) block to the `terraform` configuration block and include current versions for all providers. For example:
+Add the [`required_providers`](https://developer.hashicorp.com/terraform/language/providers/requirements#requiring-providers) block to the `terraform` configuration block and include current versions for all providers. For example:
 
 ```tf
 terraform {
   required_providers {
-    template = "~> 2.0"
+    template = {
+      source  = "hashicorp/template"
+      version = "~> 2"
+    }
   }
 }
 ```
 
-Provider version constraints can be specified using a [version argument within a provider block](https://www.terraform.io/docs/configuration/providers.html#provider-versions) for backwards compatability. This approach is now discouraged, particularly for child modules.
+Provider version constraints can be specified using a [version argument within a provider block](https://www.terraform.io/docs/configuration/providers.html#provider-versions) for backwards compatibility. This approach is now discouraged, particularly for child modules.
+
+Optionally, you can disable enforcement of either `source` or `version` by setting the corresponding attribute in the rule configuration to `false`.
diff --git a/rules/terraform_required_providers.go b/rules/terraform_required_providers.go
@@ -17,6 +17,13 @@ type TerraformRequiredProvidersRule struct {
 	tflint.DefaultRule
 }
 
+type terraformRequiredProvidersRuleConfig struct {
+	// Source specifies whether the rule should assert the presence of a `source` attribute
+	Source *bool `hclext:"source,optional"`
+	// Version specifies whether the rule should assert the presence of a `version` attribute
+	Version *bool `hclext:"version,optional"`
+}
+
 // NewTerraformRequiredProvidersRule returns new rule with default attributes
 func NewTerraformRequiredProvidersRule() *TerraformRequiredProvidersRule {
 	return &TerraformRequiredProvidersRule{}
@@ -42,6 +49,26 @@ func (r *TerraformRequiredProvidersRule) Link() string {
 	return project.ReferenceLink(r.Name())
 }
 
+// config returns the rule config, with defaults
+func (r *TerraformRequiredProvidersRule) config(runner tflint.Runner) (*terraformRequiredProvidersRuleConfig, error) {
+	config := &terraformRequiredProvidersRuleConfig{}
+
+	if err := runner.DecodeRuleConfig(r.Name(), config); err != nil {
+		return nil, err
+	}
+
+	dv := true
+	if config.Source == nil {
+		config.Source = &dv
+	}
+
+	if config.Version == nil {
+		config.Version = &dv
+	}
+
+	return config, nil
+}
+
 // Check Checks whether provider required version is set
 func (r *TerraformRequiredProvidersRule) Check(rr tflint.Runner) error {
 	runner := rr.(*terraform.Runner)
@@ -55,6 +82,11 @@ func (r *TerraformRequiredProvidersRule) Check(rr tflint.Runner) error {
 		return nil
 	}
 
+	config, err := r.config(runner)
+	if err != nil {
+		return fmt.Errorf("failed to parse rule config: %w", err)
+	}
+
 	body, err := runner.GetModuleContent(&hclext.BodySchema{
 		Blocks: []hclext.BlockSchema{
 			{
@@ -76,7 +108,7 @@ func (r *TerraformRequiredProvidersRule) Check(rr tflint.Runner) error {
 		if _, exists := provider.Body.Attributes["version"]; exists {
 			if err := runner.EmitIssue(
 				r,
-				`provider version constraint should be specified via "required_providers"`,
+				"provider version constraint should be specified via `required_providers`",
 				provider.DefRange,
 			); err != nil {
 				return err
@@ -131,7 +163,11 @@ func (r *TerraformRequiredProvidersRule) Check(rr tflint.Runner) error {
 
 		requiredProvider, exists := requiredProviders[name]
 		if !exists {
-			if err := runner.EmitIssue(r, fmt.Sprintf(`Missing version constraint for provider "%s" in "required_providers"`, name), ref.DefRange); err != nil {
+			if err := runner.EmitIssue(
+				r,
+				fmt.Sprintf("Missing version constraint for provider %q in `required_providers`", name),
+				ref.DefRange,
+			); err != nil {
 				return err
 			}
 			continue
@@ -148,25 +184,46 @@ func (r *TerraformRequiredProvidersRule) Check(rr tflint.Runner) error {
 		if diags.HasErrors() {
 			return diags
 		}
-		// Look for a single static string, in case we have the legacy version-only
-		// format in the configuration.
+
 		if val.Type() == cty.String {
+			if err := runner.EmitIssue(
+				r,
+				fmt.Sprintf("Legacy version constraint for provider %q in `required_providers`", name),
+				requiredProvider.Expr.Range(),
+			); err != nil {
+				return err
+			}
+
 			continue
 		}
 
 		vm := val.AsValueMap()
-		if _, exists := vm["version"]; !exists {
-			if source, exists := vm["source"]; exists {
-				p, err := tfaddr.ParseProviderSource(source.AsString())
-				if err != nil {
-					return err
-				}
-
-				if p.IsBuiltIn() {
-					continue
-				}
+
+		if source, exists := vm["source"]; exists {
+			p, err := tfaddr.ParseProviderSource(source.AsString())
+			if err != nil {
+				return err
 			}
-			if err := runner.EmitIssue(r, fmt.Sprintf(`Missing version constraint for provider "%s" in "required_providers"`, name), requiredProvider.Expr.Range()); err != nil {
+
+			if p.IsBuiltIn() {
+				continue
+			}
+		} else if *config.Source {
+			if err := runner.EmitIssue(
+				r,
+				fmt.Sprintf("Missing `source` for provider %q in `required_providers`", name),
+				requiredProvider.Expr.Range(),
+			); err != nil {
+				return err
+			}
+		}
+
+		if _, exists := vm["version"]; !exists && *config.Version {
+			if err := runner.EmitIssue(
+				r,
+				fmt.Sprintf("Missing version constraint for provider %q in `required_providers`", name),
+				requiredProvider.Expr.Range(),
+			); err != nil {
 				return err
 			}
 		}
diff --git a/rules/terraform_required_providers_test.go b/rules/terraform_required_providers_test.go
