Merge branch 'master' into dependabot/pip/pytest-7.4.0

.github/workflows/cd.yml

@@ -47,8 +47,8 @@ jobs:
 
  - name: Publish to PyPI
  env:
- TWINE_USERNAME: ${{ secrets.PYPI_USER }}
- TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+ TWINE_USERNAME: ${{ secrets.PYPI_API_USER }}
+ TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
  run: twine upload --skip-existing dist/*
 
  - name: Publish to Docker Hub

CHANGELOG.md

@@ -1,5 +1,8 @@
 # CHANGELOG
 
+# 1.3.45 (2023-09-10)
+* Support for Terraform v1.6*
+
 # 1.3.42 (2023-03-29)
 * Fixed an issue where some `tmp` files were not deleted properly. ([#677](https://github.com/terraform-compliance/cli/issues/677))
 

docs/pages/bdd-references/index.md

@@ -7,7 +7,7 @@ has_children: true
 
 # BDD Reference
 
-`terraform-compliance` utilises [radish](http://radish-bdd.io/) to handle BDD directives. BDD is
+`terraform-compliance` utilises [radish](https://github.com/radish-bdd/radish) to handle BDD directives. BDD is
 used in many development practices from End-to-End testing to FrontEnd testing, provides easy-to-understand
 context that is self-descriptive and easy-to-understand for someone that is reading the test results.
 
@@ -29,7 +29,7 @@ Feature: Security Groups should be used to protect services/instances
  We'll use AWS Security Groups as a Perimeter Defence
 ```
 
-This won't effect anything about the test steps, but it will ease the pain for everybody to 
+This won't affect anything about the test steps, but it will ease the pain for everybody to 
 understand what does that feature aims for.
 
 ### Scenario

docs/pages/bdd-references/using_tags.md

@@ -81,7 +81,7 @@ __Please note that__
 - nofail and noskip tags can not be used within the same scenario.
 
 ### Case Sensitivity
-All steps, under the tagged scenario will use case sensitive matching. This tag also effects regular expressions.
+All steps, under the tagged scenario will use case-sensitive matching. This tag also affects regular expressions.
 > __Possible formats:__
 >
 > ▪

docs/pages/ci-cd/circle_ci.md

@@ -0,0 +1,150 @@
+---
+layout: default
+title: CircleCI
+nav_order: 1
+has_children: false
+parent: Using in CI/CD
+---
+
+# CircleCI
+
+For this example, we are using the following Orbs to illustrate how you might implement Terraform Compliance into your
+CI/CD pipeline.
+
+- [circleci/terraform](https://circleci.com/developer/orbs/orb/circleci/terraform)
+- [circleci/python](https://circleci.com/developer/orbs/orb/circleci/python)
+
+## Workflow
+
+We have set up our pipeline to follow this basic workflow:
+
+1. `terraform validate`: Using the Job provided by the Terraform Orb
+2. `terraform plan`: Using a custom Job, we will use the `plan` command that is provided by the Terraform Orb, but we'll also export that plan to json for `terraform-compliance` to access
+3. `terraform-compliance`: Using the Python Orb and Pip to install requirements
+4. `terraform apply`: Using the Job provided by the Terraform Orb, and only run on the `main` branch
+
+## Setup
+
+You will need to add a `requirements.txt` to your project. You can rename this file to anything you would like, but
+be sure to update the name in your `.circleci/config.yml`.
+
+Following [Pip requirements format](https://pip.pypa.io/en/stable/reference/requirements-file-format/). You can specify
+any level of requirement that you desire for `terraform-compliance`.
+
+`requirements.txt`:
+
+```
+terraform-compliance >= 1.3.0
+```
+
+Below is an example of the workflow described above.
+
+`.circleci/config.yml`:
+
+```yaml
+version: '2.1'
+
+orbs:
+ # Orb used for all of our Terraform related commands/jobs
+ # https://circleci.com/developer/orbs/orb/circleci/terraform for available versions
+ terraform: circleci/terraform@3.2.1
+ # Orb used for installing and running Terraform Compliance
+ # https://circleci.com/developer/orbs/orb/circleci/python for available versions
+ python: circleci/python@2.1.1
+
+parameters:
+ terraform-tag:
+ type: string
+ description: Specify the Terraform Docker image tag for the executor
+ # https://hub.docker.com/r/hashicorp/terraform/tags for available versions
+ # If you also run Terraform locally, then you should use the same version here
+ default: 1.5.7
+ workspace-root:
+ type: string
+ description: Path of the workspace to persist to relative to workspace-root
+ # Can be updated if you desire. The default specified here matches the default used by the CircleCI's Terraform Orb
+ default: .
+ workspace-path:
+ type: string
+ description: Workspace root path that is either an absolute path or a path relative to the working directory
+ # Can be updated if you desire. The default specified here matches the default used by the CircleCI's Terraform Orb
+ default: .
+
+executors:
+ # This default executor is used for our custom job that needs to run Terraform
+ default:
+ docker:
+ # Our default executor should match the tag that the Terraform Orb will use
+ - image: hashicorp/terraform:<< pipeline.parameters.terraform-tag >>
+
+jobs:
+ terraform_plan:
+ executor: default
+ steps:
+ - checkout
+ # Invoke the terraform/plan command that is provided by the Terraform Orb
+ - terraform/plan:
+ # And also output that plan
+ out: plan.out
+ # Convert our plan to JSON so that terraform-compliance can run without the use of Terraform
+ - run:
+ command: terraform show -json plan.out > plan.out.json
+ name: Convert Terraform plan to JSON
+ # Persist our workspace so that plan.out.json is available to terraform-compliance
+ - persist_to_workspace:
+ paths:
+ - << pipeline.parameters.workspace-path >>
+ root: << pipeline.parameters.workspace-root >>
+
+ terraform_compliance:
+ executor: python/default
+ steps:
+ # Attach the workspace so that we have access to plan.out.json from terraform_plan
+ - attach_workspace:
+ at: << pipeline.parameters.workspace-root >>
+ - python/install-packages:
+ # Update requirements.txt to match the location of your requirements file. This is currently referencing a
+ # file in the root of your project
+ pip-dependency-file: requirements.txt
+ pkg-manager: pip
+ - run:
+ command: terraform-compliance -f features -p plan.out.json
+ name: Terraform Compliance
+
+workflows:
+ deploy_infra:
+ jobs:
+ # Use the standard validate job that is provided by the CircleCI Orb
+ - terraform/validate:
+ checkout: true
+ # Make sure the CircleCI Orb uses the same version of Terraform as our default executor
+ tag: << pipeline.parameters.terraform-tag >>
+
+ # For terraform plan we'll use a custom job so that we can run additional commands
+ - terraform_plan:
+ requires:
+ - terraform/validate
+
+ # For terraform-compliance we'll use another custom job, and this will also be using our Python executor
+ - terraform_compliance:
+ requires:
+ - terraform_plan
+
+ # Use the standard apply job that is provided by the CircleCI Orb
+ - terraform/apply:
+ attach-workspace: true
+ # Make sure the CircleCI Orb uses the same version of Terraform as our default executor
+ tag: << pipeline.parameters.terraform-tag >>
+ # Update your filters as you require. One provided here as an example
+ filters:
+ branches:
+ only: main
+ requires:
+ - terraform_compliance
+
+```
+
+Not provided above is the authentication method for AWS.
+
+CircleCI provides authentication through [OpenID Connect](https://circleci.com/blog/openid-connect-identity-tokens/) as
+well as through AWS user Access Keys.

docs/pages/ci-cd/github_actions.md

@@ -0,0 +1,117 @@
+---
+layout: default
+title: GitHub Actions
+nav_order: 2
+has_children: false
+parent: Using in CI/CD
+---
+
+# GitHub Actions
+
+For this example, we'll use the following GitHub Marketplace Actions to illustrate how you might implement Terraform 
+Compliance into your CI/CD pipeline.
+
+## Workflow
+
+We have set up our job to follow this basic workflow:
+
+1. `terraform init`
+2. `terraform validate`
+3. `terraform plan`
+4. `terraform-compliance`
+5. `terraform apply` (but only on the `main` branch)
+
+## Setup
+
+You will need to add a `requirements.txt` to your project. You can rename this file to anything you would like, but
+be sure to update the name in your `.github/workflows/main.yml`.
+
+Following [Pip requirements format](https://pip.pypa.io/en/stable/reference/requirements-file-format/). You can specify
+any level of requirement that you desire for `terraform-compliance`.
+
+`requirements.txt`:
+
+```
+terraform-compliance >= 1.3.0
+```
+
+Below is an example of the workflow described above.
+
+`.github/workflows/main.yml`:
+
+```yaml
+name: Project Name
+
+# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow for available triggers
+on:
+ # Run this workflow on all pull requests
+ pull_request:
+ # Run this workflow on commits made to the main branch 
+ push:
+ branches:
+ - main
+
+jobs:
+ test_and_deploy:
+ name: Deploy Infrastructure
+ runs-on: ubuntu-latest
+ # Required by aws-actions/configure-aws-credentials
+ permissions:
+ id-token: write
+ contents: read
+
+ steps:
+ # Checkout your code
+ - uses: actions/checkout@v4
+
+ # Set up our AWS credentials
+ - name: Configure AWS credentials
+ # https://github.com/aws-actions/configure-aws-credentials for available versions
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ # Define authentication method
+ # Check the above repo for authentication methods available
+
+ # Set up Terraform for GitHub Actions
+ - name: Setup Terraform
+ # https://github.com/hashicorp/setup-terraform for available versions
+ uses: hashicorp/setup-terraform@v2
+ with:
+ # https://hub.docker.com/r/hashicorp/terraform/tags for available versions
+ # If you also run Terraform locally, then you should use the same version here
+ terraform_version: 1.5.7
+
+ - name: Terraform Init
+ run: terraform init
+
+ - name: Terraform Validate
+ run: terraform validate
+
+ - name: Terraform Plan
+ # Run terraform plan with an output, and then convert that output to JSON for Terraform Compliance to use later
+ run: |
+ terraform plan -out=plan.out
+ terraform show -json plan.out > plan.out.json
+
+ # Set up Python
+ - name: Install Python
+ uses: actions/setup-python@v4
+ with:
+ python-version: 3.11
+ cache: 'pip'
+
+ # Install Python requirements
+ - name: Install Requirements
+ # Update requirements.txt to match the location of your requirements file. This is currently referencing a
+ # file in the root of your project
+ run: pip install -r requirements.txt
+
+ - name: Terraform Compliance
+ run: terraform-compliance -f compliance -p plan.out.json
+
+ - name: Terraform Apply
+ # Only trigger this step on the main branch
+ if: github.ref == 'refs/heads/main'
+ run: terraform apply -auto-approve
+
+```

docs/pages/ci-cd/index.md

@@ -0,0 +1,6 @@
+---
+layout: default
+title: Using in CI/CD
+nav_order: 6
+has_children: true
+---

docs/pages/contribution/index.md

@@ -30,12 +30,12 @@ If you are going to reporting something else, please create a [General Question]
 
 Normally, we expect to have either a [Bug Reporting](https://github.com/eerkunt/terraform-compliance/issues/new?assignees=eerkunt&labels=bug&template=bug_report.md&title=) or 
 a [Feature Request](https://github.com/eerkunt/terraform-compliance/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=) before 
-having a Pull Request for in the codebase that will effect any functionality. This is not a hard requirement, you are free
+having a Pull Request for in the codebase that will affect any functionality. This is not a hard requirement, you are free
 to create a new Pull Request if you find something is wrong or missing within the codebase or documentation. 
 
 There is few mandatory requirement for the Pull Requests ;
 
-1. All code changes that effects functionality MUST have [tests](https://github.com/eerkunt/terraform-compliance/tree/master/tests) implemented within the same Pull Request. 
+1. All code changes that affects functionality MUST have [tests](https://github.com/eerkunt/terraform-compliance/tree/master/tests) implemented within the same Pull Request. 
 2. Any functionality change must be recorded within the [CHANGELOG](https://github.com/eerkunt/terraform-compliance/blob/master/CHANGELOG.md).
 3. Your Pull Request must pass the CI in order to be processed.
 

terraform_compliance/__main__.py

@@ -1,3 +1,5 @@
+import sys
+
 from .main import cli
 
-cli()
+sys.exit(cli())

terraform_compliance/extensions/terraform.py

@@ -31,6 +31,10 @@ def __init__(self, filename, parse_it=True):
  '1.3.',
  '1.4.',
  '1.5.',
+ '1.6.',
+ '1.7.',
+ '1.8.',
+ '1.9.',
  )
  self.supported_format_versions = [
  '0.1',
@@ -466,7 +470,7 @@ def _mount_references(self):
  defaults = Defaults()
  console_write('{} {}: {}'.format(defaults.warning_icon,
  defaults.warning_colour('WARNING (mounting)'),
- defaults.info_colour('The reference "{}" in resource {} is ambigious.'
+ defaults.info_colour('The reference "{}" in resource {} is ambiguous.'
  ' It will be mounted to the following resources:').format(ref, resource)))
  for i, r in enumerate(ambiguous_references, 1):
  console_write(defaults.info_colour('{}. {}'.format(i, r)))
@@ -475,7 +479,7 @@ def _mount_references(self):
  else:
  console_write('{} {}: {}'.format(Defaults().warning_icon,
  Defaults().warning_colour('WARNING (mounting)'),
- Defaults().info_colour('The reference "{}" in resource {} is ambigious. It will not be mounted.'.format(ref, resource))))
+ Defaults().info_colour('The reference "{}" in resource {} is ambiguous. It will not be mounted.'.format(ref, resource))))
  continue
  elif key not in ref_list:
  ref_list[key] = self._find_resource_from_name(ref, current_module_address)

terraform_compliance/main.py

@@ -1,3 +1,4 @@
+import sys
 import os
 import shutil
 import atexit
@@ -159,4 +160,4 @@ def cli(arghandling=ArgHandling(), argparser=ArgumentParser(prog=__app_name__,
 
 
 if __name__ == '__main__':
- cli()
+ sys.exit(cli())