plugin

package

v0.0.5 Latest Latest Go to latest Published: Nov 24, 2025 License: MPL-2.0 Imports: 30 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/SoeldnerConsult/tofulint

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func FindPluginPath(config *InstallConfig) (string, error)
type Checksummer
- func NewChecksummer(f io.Reader) (*Checksummer, error)
- func (c *Checksummer) Verify(filename string, f io.Reader) error
type GRPCServer
- func NewGRPCServer(runner *tflint.Runner, rootRunner *tflint.Runner, files map[string]*hcl.File, ...) *GRPCServer
type InstallConfig
- func NewInstallConfig(config *tflint.Config, pluginCfg *tflint.PluginConfig) *InstallConfig
type Plugin
- func Discovery(config *tflint.Config) (*Plugin, error)
- func (p *Plugin) Clean()
type SignatureChecker
- func NewSignatureChecker(config *InstallConfig) *SignatureChecker

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	PluginRoot = "~/.tflint.d/plugins"
)

PluginRoot is the root directory of the plugins This variable is exposed for testing.

View Source

var SDKVersionConstraints = version.MustConstraints(version.NewConstraint(">= 0.0.7"))

SDKVersionConstraints is the version constraint of the supported SDK version.

Functions ¶

func FindPluginPath ¶

func FindPluginPath(config *InstallConfig) (string, error)

Types ¶

func NewChecksummer ¶

func NewChecksummer(f io.Reader) (*Checksummer, error)

NewChecksummer returns a new Checksummer from passed checksums.txt file. The checksums.txt must contain multiple lines containing sha256 hashes and filenames separated by spaces. An example is shown below:

3a61fff3689f27c89bce22893219919c629d2e10b96e7eadd5fef9f0e90bb353 tflint-ruleset-aws_darwin_amd64.zip 482419fdeed00692304e59558b5b0d915d4727868b88a5adbbbb76f5ed1b537a tflint-ruleset-aws_linux_amd64.zip db4eed4c0abcfb0b851da5bbfe8d0c71e1c2b6afe4fd627638a462c655045902 tflint-ruleset-aws_windows_amd64.zip

func (*Checksummer) Verify ¶

func (c *Checksummer) Verify(filename string, f io.Reader) error

Verify calculates the sha256 hash of the passed file and compares it to the expected hash value based on the filename.

type GRPCServer ¶

type GRPCServer struct {
	// contains filtered or unexported fields
}

GRPCServer is a gRPC server for responding to requests from plugins.

func NewGRPCServer ¶

func NewGRPCServer(runner *tflint.Runner, rootRunner *tflint.Runner, files map[string]*hcl.File, sdkVersion *version.Version) *GRPCServer

NewGRPCServer initializes a gRPC server for plugins.

func (*GRPCServer) ApplyChanges ¶

func (s *GRPCServer) ApplyChanges(changes map[string][]byte) error

ApplyChanges applies the autofix changes to the runner.

func (*GRPCServer) EmitIssue ¶

func (s *GRPCServer) EmitIssue(rule sdk.Rule, message string, location hcl.Range, fixable bool) (bool, error)

EmitIssue stores an issue in the server based on passed rule, message, and location. It attempts to detect whether the issue range represents an expression and emits it based on that context. However, some ranges may be syntactically valid but not actually represent an expression. In these cases, the "expression" is still provided as context and the client should ignore any errors when attempting to evaluate it.

func (*GRPCServer) EvaluateExpr ¶

func (s *GRPCServer) EvaluateExpr(expr hcl.Expression, opts sdk.EvaluateExprOption) (cty.Value, error)

EvaluateExpr returns the value of the passed expression.

func (*GRPCServer) GetFile ¶

func (s *GRPCServer) GetFile(name string) (*hcl.File, error)

GetFile returns the hcl.File based on passed the file name.

func (*GRPCServer) GetFiles ¶

func (s *GRPCServer) GetFiles(ty sdk.ModuleCtxType) map[string][]byte

GetFiles returns all hcl.File in the module.

func (*GRPCServer) GetModuleContent ¶

func (s *GRPCServer) GetModuleContent(bodyS *hclext.BodySchema, opts sdk.GetModuleContentOption) (*hclext.BodyContent, hcl.Diagnostics)

GetModuleContent returns module content based on the passed schema and options.

func (*GRPCServer) GetModulePath ¶

func (s *GRPCServer) GetModulePath() []string

GetModulePath returns the current module path.

func (*GRPCServer) GetOriginalwd ¶

func (s *GRPCServer) GetOriginalwd() string

GetOriginalwd returns the original working directory.

func (*GRPCServer) GetRuleConfigContent ¶

func (s *GRPCServer) GetRuleConfigContent(name string, bodyS *hclext.BodySchema) (*hclext.BodyContent, map[string][]byte, error)

GetRuleConfigContent extracts the rule config based on the schema. It returns an extracted body content and sources. The reason for returning sources is to encode the expression, and there is room for improvement here.

type InstallConfig ¶

type InstallConfig struct {
	*tflint.PluginConfig
	// contains filtered or unexported fields
}

InstallConfig is a config for plugin installation. This is a wrapper for PluginConfig and manages naming conventions and directory names for installation. Note that need a global config to manage installation directory.

func NewInstallConfig ¶

func NewInstallConfig(config *tflint.Config, pluginCfg *tflint.PluginConfig) *InstallConfig

NewInstallConfig returns a new InstallConfig from passed PluginConfig.

func (*InstallConfig) AltAssetName ¶

func (c *InstallConfig) AltAssetName() string

AltAssetName returns the alternative asset name used by newer plugin releases.

func (*InstallConfig) AssetName ¶

func (c *InstallConfig) AssetName() string

AssetName returns the preferred asset name.

func (*InstallConfig) Install ¶

func (c *InstallConfig) Install() (string, error)

Install fetches the release from GitHub and puts the binary in the plugin directory. This installation process will automatically check the checksum of the downloaded zip file. Therefore, the release must always contain a checksum file. In addition, the release must meet the following conventions:

The release must be tagged with a name like v1.1.1
The release must contain an asset with a name like tflint-ruleset-{name}_{GOOS}_{GOARCH}.zip
The zip file must contain a binary named tflint-ruleset-{name} (tflint-ruleset-{name}.exe in Windows)
The release must contain a checksum file for the zip file with the name checksums.txt
The checksum file must contain a sha256 hash and filename

For security, you can also make sure that the checksum file is signed correctly. In that case, the release must additionally meet the following conventions:

The release must contain a signature file for the checksum file with the name checksums.txt.sig
The signature file must be binary OpenPGP format

func (*InstallConfig) InstallPath ¶

func (c *InstallConfig) InstallPath(useAlt bool) string

InstallPath returns an installation path from the plugin directory. The prefix is determined based on which asset was found.

func (*InstallConfig) ManuallyInstalled ¶

func (c *InstallConfig) ManuallyInstalled() bool

ManuallyInstalled returns whether the plugin should be installed manually. If source or version is omitted, you will have to install it manually.

func (*InstallConfig) TagName ¶

func (c *InstallConfig) TagName() string

TagName returns a tag name that the GitHub release should meet. The version must not contain leading "v", as the prefix "v" is added here, and the release tag must be in a format similar to `v1.1.1`.

type Plugin ¶

type Plugin struct {
	RuleSets map[string]*host2plugin.Client
	// contains filtered or unexported fields
}

Plugin is an object handling plugins Basically, it is a wrapper for go-plugin and provides an API to handle them collectively.

func Discovery ¶

func Discovery(config *tflint.Config) (*Plugin, error)

Discovery searches and launches plugins according the passed configuration. If the plugin is not enabled, skip without starting. The Terraform Language plugin is treated specially. Plugins for which no version is specified will launch the bundled plugin instead of returning an error.

func (*Plugin) Clean ¶

func (p *Plugin) Clean()

Clean is a helper for ending plugin processes

type SignatureChecker ¶

type SignatureChecker struct {
	// contains filtered or unexported fields
}

SignatureChecker checks the signature of GitHub releases. Determines whether to select a signing key or skip it based on the InstallConfig.

func NewSignatureChecker ¶

func NewSignatureChecker(config *InstallConfig) *SignatureChecker

NewSignatureChecker returns a new SignatureChecker from passed InstallConfig.

func (*SignatureChecker) GetSigningKey ¶

func (c *SignatureChecker) GetSigningKey() string

GetSigningKey returns an ASCII armored signing key. If the plugin is under the terraform-linters organization, you can use the built-in key even if the signing_key is omitted.

func (*SignatureChecker) HasSigningKey ¶

func (c *SignatureChecker) HasSigningKey() bool

HasSigningKey determines whether the checker should verify the signature. Skip verification if no signing key is set.

func (*SignatureChecker) Verify ¶

func (c *SignatureChecker) Verify(target, signature io.Reader) error

Verify returns the results of signature verification. The signing key must be ASCII armored and the signature must be in binary OpenPGP format.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
stub-generator
sources/bar command
sources/customrulesettesting command
sources/customrulesettesting/custom
sources/customrulesettesting/rules
sources/example command
sources/foo command
sources/incompatiblehost command
sources/testing command
sources/testing/rules

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL