cdemers · April 1, 2025 18:24
diff --git a/Makefile.terraform b/Makefile.terraform
 # Terraform Static Analysis Makefile v4.2.0 (Makefile.terraform)

 .PHONY: tests

 # Default target runs tests:
 tests:
 	@echo "Running terraform fmt check..."
 	@(terraform fmt -recursive -check && echo "All terraform files are formatted correctly.") || { echo "Error: Some Terraform files are not formatted correctly." >&2; exit 1; }
 	@echo "Running tflint tests..."
 	@which tflint >/dev/null 2>&1; \
 	if [ $$? -eq 0 ]; then \
 		tflint --init > /dev/null; \
 		tflint && echo "All tflint tests passed." ; \
 	else \
 		echo "The command 'tflint' is not installed, skipping."; \
 	fi
 	@echo "Running terrascan tests..."
 	@KEEP=$$([[ -d ".terraform" ]] && echo yes); \
 	SKIP="AC_AWS_0476,AC_AWS_0133,AC_AWS_0214"; \
 	which terrascan >/dev/null 2>&1; \
 	if [ $$? -eq 0 ]; then \
 		if [ "$$KEEP" != "yes" ]; then \
 			terraform get; \
 		fi; \
 		terrascan \
 			scan -i \
 			terraform -d . \
 			--skip-rules=$${SKIP} \
 			–-non-recursive -o yaml \
 			--use-terraform-cache && echo "All terrascan tests passed." ; \
 	else \
 		echo "The command 'terrascan' is not installed, skipping."; \
 	fi; \
 	if [ "$$KEEP" != "yes" ]; then \
        rm -rf .terraform; \
    fi
 	@echo "Tests completed."

 ### EXAMPLE DOCUMENTATION BELOW, UPDATE TO MATCH YOUR OWN CONTEXT ###

 # Skipping terrascan violations:
 # - AC_AWS_0476: Ensure IAM permissions are not given directly to users
 #   Why? Low priority in our company, we'll have to investigate to see if avoiding API keys is possible.
 # - AC_AWS_0133: Ensure that there are no exposed Amazon IAM access keys in order to protect your AWS resources against unapproved access
 #   Why? There are no alternatives to IAM access keys for tool XY, so we'll have to rely on them for now.
 # - AC_AWS_0214: Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
 #   Why? Versionning is not relevant for this use case.
	# Terraform Static Analysis Makefile v4.2.0 (Makefile.terraform)

	.PHONY: tests

	# Default target runs tests:
	tests:
	@echo "Running terraform fmt check..."
	@(terraform fmt -recursive -check && echo "All terraform files are formatted correctly.") \|\| { echo "Error: Some Terraform files are not formatted correctly." >&2; exit 1; }
	@echo "Running tflint tests..."
	@which tflint >/dev/null 2>&1; \
	if [ $$? -eq 0 ]; then \
	tflint --init > /dev/null; \
	tflint && echo "All tflint tests passed." ; \
	else \
	echo "The command 'tflint' is not installed, skipping."; \
	fi
	@echo "Running terrascan tests..."
	@KEEP=$$([[ -d ".terraform" ]] && echo yes); \
	SKIP="AC_AWS_0476,AC_AWS_0133,AC_AWS_0214"; \
	which terrascan >/dev/null 2>&1; \
	if [ $$? -eq 0 ]; then \
	if [ "$$KEEP" != "yes" ]; then \
	terraform get; \
	fi; \
	terrascan \
	scan -i \
	terraform -d . \
	--skip-rules=$${SKIP} \
	–-non-recursive -o yaml \
	--use-terraform-cache && echo "All terrascan tests passed." ; \
	else \
	echo "The command 'terrascan' is not installed, skipping."; \
	fi; \
	if [ "$$KEEP" != "yes" ]; then \
	rm -rf .terraform; \
	fi
	@echo "Tests completed."

	### EXAMPLE DOCUMENTATION BELOW, UPDATE TO MATCH YOUR OWN CONTEXT ###

	# Skipping terrascan violations:
	# - AC_AWS_0476: Ensure IAM permissions are not given directly to users
	# Why? Low priority in our company, we'll have to investigate to see if avoiding API keys is possible.
	# - AC_AWS_0133: Ensure that there are no exposed Amazon IAM access keys in order to protect your AWS resources against unapproved access
	# Why? There are no alternatives to IAM access keys for tool XY, so we'll have to rely on them for now.
	# - AC_AWS_0214: Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites
	# Why? Versionning is not relevant for this use case.
No results found