Skip to content

MEDIUM PRIORITY: Improve Code Quality and Linting Configuration #121

New issue
New issue
Closed
Closed
MEDIUM PRIORITY: Improve Code Quality and Linting Configuration#121
Labels
code-qualityenhancementNew feature or requestlintingmedium-priority
@lgallard

Description

@lgallard
lgallard
opened on Jun 21, 2025

Issue: Improve Code Quality and Linting Configuration

Priority: 🟠 MEDIUM

Problem Statement

The module has some linting configurations but lacks comprehensive code quality tools and standards that would help maintain consistent code quality and catch potential issues early.

Current State

  • Basic pre-commit hooks are configured
  • terraform_fmt and terraform_validate are enabled
  • terraform_docs is configured
  • terraform_tflint is present but may need configuration refinement
  • terraform_checkov is commented out

Areas for Improvement

1. Enhanced TFLint Configuration

Current .tflint.hcl configuration needs to be reviewed and potentially missing:

# .tflint.hcl - Enhanced configuration needed
plugin "aws" {
  enabled = true
  version = "0.24.1"
  source  = "github.com/terraform-linters/tflint-ruleset-aws"
}

rule "terraform_comment_syntax" {
  enabled = true
}

rule "terraform_deprecated_index" {
  enabled = true
}

rule "terraform_unused_declarations" {
  enabled = true
}

rule "terraform_standard_module_structure" {
  enabled = true
}

rule "aws_instance_invalid_type" {
  enabled = true
}

rule "aws_backup_vault_invalid_kms_key" {
  enabled = true
}

2. Security Scanning Integration

# Uncomment and configure Checkov in pre-commit
- id: terraform_checkov
  args:
    - --args=--quiet
    - --args=--framework terraform
    - --args=--skip-check CKV_AWS_18  # Skip checks that don't apply
    - --args=--skip-check CKV_AWS_144 # Skip if needed

3. Code Formatting Standards

# Add additional formatting tools
- repo: https://github.com/pre-commit/pre-commit-hooks
  rev: v4.5.0
  hooks:
    - id: trailing-whitespace
    - id: end-of-file-fixer
    - id: check-added-large-files
      args: ['--maxkb=500']
    - id: check-json
    - id: check-yaml
    - id: check-toml
    - id: check-merge-conflict
    - id: detect-private-key
    - id: mixed-line-ending
      args: ['--fix=lf']

4. Documentation Quality

# Enhanced terraform-docs configuration
- id: terraform_docs
  args:
    - --args=--config=.terraform-docs.yml
    - --args=--recursive
    - --args=--recursive-path=examples

5. Dependency Management

# Add dependency scanning
- repo: https://github.com/Yelp/detect-secrets
  rev: v1.4.0
  hooks:
    - id: detect-secrets
      args: ['--baseline', '.secrets.baseline']

Current Issues in Code

1. Inconsistent Error Messages

Some error messages could be more descriptive and consistent:

# Current
error_message = "The changeable_for_days must be between 3 and 365 days."

# Improved
error_message = "changeable_for_days must be between 3 and 365 days. Current value: ${var.changeable_for_days}. This parameter controls the compliance mode lock period."

2. Complex Conditional Logic

Some conditions in main.tf could be simplified:

# Current complex condition
check_retention_days = var.locked ? (
  var.min_retention_days == null ? false : (
    var.max_retention_days == null ? false : (
      var.min_retention_days <= var.max_retention_days
    )
  )
) : true

# Could be simplified with better validation

3. Magic Numbers

Some values are hardcoded and could be made configurable:

# In lifecycle defaults
delete_after = try(lifecycle.value.delete_after, 90)  # 90 is magic number
cold_storage_after = try(lifecycle.value.cold_storage_after, 0)  # Should be 30 for cold storage

Proposed Solution

1. Comprehensive Linting Setup

  • Configure TFLint with AWS ruleset
  • Enable all relevant Terraform linting rules
  • Add custom rules for module-specific patterns

2. Enhanced Pre-commit Configuration

  • Enable Checkov security scanning
  • Add secrets detection
  • Include dependency vulnerability scanning
  • Add spell checking for documentation

3. Code Quality Standards

  • Establish naming conventions
  • Define code organization standards
  • Create code review checklist
  • Add automated code quality metrics

4. Documentation Standards

  • Standardize comment format
  • Require examples for complex variables
  • Mandate changelog updates
  • Add architectural decision records (ADRs)

Expected Benefits

  • Improved code consistency
  • Earlier detection of issues
  • Better security posture
  • Enhanced maintainability
  • Reduced review time
  • Higher code quality standards

Tasks

  • Review and enhance .tflint.hcl configuration
  • Enable and configure Checkov security scanning
  • Add secrets detection to pre-commit
  • Create code quality standards document
  • Add spell checking for documentation
  • Configure dependency vulnerability scanning
  • Add automated code quality metrics
  • Create code review checklist
  • Refactor complex conditional logic
  • Replace magic numbers with constants
  • Standardize error message format

Metadata

Metadata

Assignees

No one assigned

    Labels

    code-qualityenhancementNew feature or requestlintingmedium-priority

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions