Add TFSec and Terraform Docs to Terraform features (#327)

* Add TFSec and Terraform Docs * PR Review * code review
author: Pierre-Emmanuel Mercier <acesyde@gmail.com> 2022-12-13 21:58:22 +0300
committer: GitHub <noreply@github.com> 2022-12-13 21:58:22 +0300
commit: 84f3e62d1c5ea8a62152606e7aec81ef711eae0a (patch)
tree: 9c4fda03ba904cd0380ff364bb01b71264821bfc
parent: 7b009e661f13085629b19fc157b577916587f6bc (diff)
5 files changed, 104 insertions, 2 deletions
diff --git a/src/terraform/devcontainer-feature.json b/src/terraform/devcontainer-feature.json
index f8274c6..66e53f0 100644
--- a/src/terraform/devcontainer-feature.json
+++ b/src/terraform/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "terraform",
-    "version": "1.0.7",
+    "version": "1.1.0",
     "name": "Terraform, tflint, and TFGrunt",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/terraform",
     "description": "Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.",
@@ -32,6 +32,16 @@
             ],
             "default": "latest",
             "description": "Terragrunt version"
+        },
+        "installTFsec": {
+            "type": "boolean",
+            "default": false,
+            "description": "Install tfsec, a tool to spot potential misconfigurations for your terraform code"
+        },
+        "installTerraformDocs": {
+            "type": "boolean",
+            "default": false,
+            "description": "Install terraform-docs, a utility to generate documentation from Terraform modules"
         }
     },
     "customizations": {
@@ -52,4 +62,4 @@
     "installsAfter": [
         "ghcr.io/devcontainers/features/common-utils"
     ]
-}
+}
+\ No newline at end of file
diff --git a/src/terraform/install.sh b/src/terraform/install.sh
index fc523b8..0f9e4db 100755
--- a/src/terraform/install.sh
+++ b/src/terraform/install.sh
@@ -15,10 +15,14 @@ rm -rf /var/lib/apt/lists/*
 TERRAFORM_VERSION="${VERSION:-"latest"}"
 TFLINT_VERSION="${TFLINT:-"latest"}"
 TERRAGRUNT_VERSION="${TERRAGRUNT:-"latest"}"
+INSTALL_TFSEC=${INSTALLTFSEC:-false}
+INSTALL_TERRAFORM_DOCS=${INSTALLTERRAFORMDOCS:-false}
 
 TERRAFORM_SHA256="${TERRAFORM_SHA256:-"automatic"}"
 TFLINT_SHA256="${TFLINT_SHA256:-"automatic"}"
 TERRAGRUNT_SHA256="${TERRAGRUNT_SHA256:-"automatic"}"
+TFSEC_SHA256="${TFSEC_SHA256:-"automatic"}"
+TERRAFORM_DOCS_SHA256="${TERRAFORM_DOCS_SHA256:-"automatic"}"
 
 TERRAFORM_GPG_KEY="72D7468F"
 TFLINT_GPG_KEY_URI="https://raw.githubusercontent.com/terraform-linters/tflint/master/8CE69160EB3F2FE9.key"
@@ -212,6 +216,46 @@ if [ "${TERRAGRUNT_VERSION}" != "none" ]; then
     mv -f /tmp/tf-downloads/${terragrunt_filename} /usr/local/bin/terragrunt
 fi
 
+if [ "${INSTALL_TFSEC}" = "true" ]; then
+    TFSEC_VERSION="latest"
+    find_version_from_git_tags TFSEC_VERSION 'https://github.com/aquasecurity/tfsec'
+    tfsec_filename="tfsec_${TFSEC_VERSION}_linux_${architecture}.tar.gz"
+    echo "(*) Downloading TFSec... ${tfsec_filename}"
+    curl -sSL -o /tmp/tf-downloads/${tfsec_filename} https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/${tfsec_filename}
+    if [ "${TFSEC_SHA256}" != "dev-mode" ]; then
+        if [ "${TFSEC_SHA256}" = "automatic" ]; then
+            curl -sSL -o tfsec_SHA256SUMS https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec_${TFSEC_VERSION}_checksums.txt
+        else
+            echo "${TFSEC_SHA256} *${tfsec_filename}" > tfsec_SHA256SUMS
+        fi
+        sha256sum --ignore-missing -c tfsec_SHA256SUMS
+    fi
+    mkdir -p /tmp/tf-downloads/tfsec
+    tar -xzf /tmp/tf-downloads/${tfsec_filename} -C /tmp/tf-downloads/tfsec
+    chmod a+x /tmp/tf-downloads/tfsec/tfsec
+    mv -f /tmp/tf-downloads/tfsec/tfsec /usr/local/bin/tfsec
+fi
+
+if [ "${INSTALL_TERRAFORM_DOCS}" = "true" ]; then
+    TERRAFORM_DOCS_VERSION="latest"
+    find_version_from_git_tags TERRAFORM_DOCS_VERSION 'https://github.com/terraform-docs/terraform-docs'
+    tfdocs_filename="terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-${architecture}.tar.gz"
+    echo "(*) Downloading Terraform docs... ${tfdocs_filename}"
+    curl -sSL -o /tmp/tf-downloads/${tfdocs_filename} https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/${tfdocs_filename}
+    if [ "${TERRAFORM_DOCS_SHA256}" != "dev-mode" ]; then
+        if [ "${TERRAFORM_DOCS_SHA256}" = "automatic" ]; then
+            curl -sSL -o tfdocs_SHA256SUMS https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/terraform-docs-v${TERRAFORM_DOCS_VERSION}.sha256sum
+        else
+            echo "${TERRAFORM_DOCS_SHA256} *${tfsec_filename}" > tfdocs_SHA256SUMS
+        fi
+        sha256sum --ignore-missing -c tfdocs_SHA256SUMS
+    fi
+    mkdir -p /tmp/tf-downloads/tfdocs
+    tar -xzf /tmp/tf-downloads/${tfdocs_filename} -C /tmp/tf-downloads/tfdocs
+    chmod a+x /tmp/tf-downloads/tfdocs/terraform-docs
+    mv -f /tmp/tf-downloads/tfdocs/terraform-docs /usr/local/bin/terraform-docs
+fi
+
 rm -rf /tmp/tf-downloads ${GNUPGHOME}
 
 # Clean up
diff --git a/test/terraform/install_terraform_docs.sh b/test/terraform/install_terraform_docs.sh
new file mode 100644
index 0000000..4ca0b16
--- /dev/null
+++ b/test/terraform/install_terraform_docs.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+# Import test library for `check` command
+source dev-container-features-test-lib
+
+# Check to make sure the user is vscode
+check "user is vscode" whoami | grep vscode
+
+# Terraform Docs specific tests
+check "tfsec" terraform-docs --version
+
+# Report result
+reportResults
+\ No newline at end of file
diff --git a/test/terraform/install_tfsec.sh b/test/terraform/install_tfsec.sh
new file mode 100644
index 0000000..0c9a48b
--- /dev/null
+++ b/test/terraform/install_tfsec.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+# Import test library for `check` command
+source dev-container-features-test-lib
+
+# Check to make sure the user is vscode
+check "user is vscode" whoami | grep vscode
+
+# TFSec specific tests
+check "tfsec" tfsec --version
+
+# Report result
+reportResults
+\ No newline at end of file
diff --git a/test/terraform/scenarios.json b/test/terraform/scenarios.json
new file mode 100644
index 0000000..2365643
--- /dev/null
+++ b/test/terraform/scenarios.json
@@ -0,0 +1,18 @@
+{
+    "install_tfsec": {
+        "image": "mcr.microsoft.com/devcontainers/base:jammy",
+        "features": {
+            "terraform": {
+                "installTFsec": true
+            }
+        }
+    },
+    "install_terraform_docs": {
+        "image": "mcr.microsoft.com/devcontainers/base:jammy",
+        "features": {
+            "terraform": {
+                "installTerraformDocs": true
+            }
+        }
+    }
+}
+\ No newline at end of file
author	Pierre-Emmanuel Mercier <acesyde@gmail.com>	2022-12-13 21:58:22 +0300
committer	GitHub <noreply@github.com>	2022-12-13 21:58:22 +0300
commit	84f3e62d1c5ea8a62152606e7aec81ef711eae0a (patch)
tree	9c4fda03ba904cd0380ff364bb01b71264821bfc
parent	7b009e661f13085629b19fc157b577916587f6bc (diff)