Merge pull request #34 from padok-team/feat/tooling

feat(tooling): init

README.md

@@ -64,7 +64,7 @@ You’ll find below details of the standards to follow when working with Terrafo
 > Reusable solution to a commonly occurring problem within a given context
 
 - [WYSIWYG pattern](terraform/wysiwg_patterns.md)
-- [Context pattern aka the terragrunt implementation](terragrunt/context_pattern.md)
+- [Context pattern aka the Terragrunt implementation](terragrunt/context_pattern.md)
 
 ### 🎓 Standards
 
@@ -81,7 +81,7 @@ You’ll find below details of the standards to follow when working with Terrafo
 
 #### Terragrunt
 
-- [Terragrunt ADR](terragrunt/adr-terragrunt.md)
+- [Why Terragrunt (ADR)](terragrunt/adr-terragrunt.md)
 - [Terragrunt guidelines](terragrunt/context_pattern.md)
 - [Distant values references](./terragrunt/refering_to_resources_from_other_layers.md)
 
@@ -94,7 +94,8 @@ You’ll find below details of the standards to follow when working with Terrafo
 
 ### 🛠️ Tooling
 
-- [Pre-commits](terraform/pre-commits.md)
+- [Useful tooling for Terragrunt/Terraform](tooling/README.md)
+- [Terraform pre-commits](terraform/pre-commits.md)
 
 ## License
 

tooling/README.md

@@ -0,0 +1,79 @@
+# Useful tooling for Terragrunt/Terraform
+
+The goal of this page is to list some useful tooling for Terragrunt/Terraform.
+
+- [Useful tooling for Terragrunt/Terraform](#useful-tooling-for-terragruntterraform)
+  - [Code quality](#code-quality)
+  - [Code security](#code-security)
+  - [Documentation](#documentation)
+  - [Readability of plan and apply](#readability-of-plan-and-apply)
+  - [How to operate this tools](#how-to-operate-this-tools)
+
+## Code quality
+
+> Good code quality is a must-have for any project
+
+- [tflint](tflint.md) ✨ - Linter for Terraform
+  - [Default configuration](tflint.md#default-configuration)
+  - We recommend this one because it can check a wide range of cloud providers as well as Terraform code
+- [terraform fmt](https://developer.hashicorp.com/terraform/cli/commands/fmt) - Rewrites all Terraform configuration files to a canonical format
+  - Example usage : `terraform fmt -recursive -diff -write=true`
+- [terragrunt hclfmt](https://terragrunt.gruntwork.io/docs/reference/cli-options/#hclfmt) - Rewrites all Terragrunt configuration files to a canonical format
+  - Example usage : `terragrunt hclfmt`
+
+## Code security
+
+> Left shift security related tasks as much as possible
+
+- [checkov](https://github.com/bridgecrewio/checkov) ✨ - Static code analysis tool for infrastructure-as-code
+  - Example : `checkov -d . --framework terraform --skip-file baseline.skip`
+  - We recommend this one because it can check a wide range of cloud providers as well as Terraform code
+- [tfsec](https://github.com/aquasecurity/tfsec) - Static analysis powered security scanner for your terraform code
+  - Example : `tfsec .`
+- [terrascan](https://runterrascan.io/) - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
+  - Example : `terrascan scan -i terraform -d .`
+
+## Documentation
+
+> Documentation is a must-have for any project
+
+- [terraform-docs](https://github.com/terraform-docs/terraform-docs) - Generate documentation from Terraform modules in various output formats
+  - Example : `terraform-docs markdown .`
+
+## Readability of plan and apply
+
+> When working with Terraform and even more so for Terragrunt, reading plan can be a pain.
+> Terraform is not fixing it any time soon : [Github issue on concise plan](https://github.com/hashicorp/terraform/issues/10507)
+
+- grep ✨
+  - `terraform plan -no-color | grep -E '(^.*[#~+-] .*|^[[:punct:]]|Plan|Changes)'`
+  - We recommend this one because it's simple and efficient
+- [tfnotify](https://github.com/mercari/tfnotify)
+- [tftools](https://github.com/containerscrew/tftools)
+- [tf-summarize](https://github.com/dineshba/tf-summarize)
+
+## How to operate this tools
+
+- [pre-commit](https://pre-commit.com/) - A framework for managing and maintaining multi-language pre-commit hooks
+
+For terraform fmt, terragrunt hcl and checkov you can use the following configuration :
+
+```yaml
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.77.0
+    hooks:
+      - id: terraform_fmt
+      - id: terragrunt_fmt
+      - id: terraform_checkov
+        args:
+          - --args=--quiet    
+          - --args=--framework=terraform
+      - id: terraform_providers_lock
+        args:
+          - --hook-config=--mode=only-check-is-current-lockfile-cross-platform
+```
+
+For tflint check [here](tflint.md#how-to-use-it)
+
+- [CI/CD](tbd) - Run these tools in your CI/CD pipeline

tooling/tflint.md

@@ -0,0 +1,53 @@
+# Tflint
+
+The goal of this page is to list some useful information about [tflint](https://github.com/terraform-linters/tflint)
+
+## Default configuration
+
+Within the `.tflint.hcl` file, you can define a default configuration for all your projects.
+
+```hcl
+plugin "terraform" {
+  enabled = true
+  source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+  preset  = "all"
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+# Change it depending on your cloud providers
+plugin "aws" {
+  enabled = true
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+```
+
+- [AWS](https://github.com/terraform-linters/tflint-ruleset-aws)
+- [Azure](https://github.com/terraform-linters/tflint-ruleset-azurerm)
+- [GCP](https://github.com/terraform-linters/tflint-ruleset-google)
+
+## How to use it
+
+- In the console : `tflint --recursive -f compact`
+- In terragrunt 
+  - Create an after_hook script for the validate command (Example below 👇)
+  - Run `terragrunt run-all validate`
+
+```hcl
+terraform {
+  after_hook "validate_tflint" {
+    commands = ["validate"]
+    execute = [
+      "sh", "-c", <<EOT
+        echo "Run tflint for layer '${path_relative_to_include()}'..."
+        (tflint --config="${get_repo_root()}/.tflint.hcl" --force --color -f compact)
+        error_code=$?
+        echo "Run tflint for layer '${path_relative_to_include()}'...DONE\n"
+        exit $error_code
+      EOT
+    ]
+  }
+}
+```