Skip to content

Add google_disabled_api rule #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 7, 2021
Merged

Add google_disabled_api rule #75

merged 4 commits into from
Mar 7, 2021

Conversation

wata727
Copy link
Member

@wata727 wata727 commented Feb 23, 2021
edited
Loading

Fixes #2

This PR enables deep checking for the Google provider. As a feature of the deep checking, I will add the google_disabled_api rule that finds resources that depend on APIs that have not been enabled using the Service Usage API.

$ tflint
1 issue(s) found:

Error: Compute Engine API has not been used in [project_id] before or it is disabled. (google_disabled_api)

  on template.tf line 25:
  25: resource "google_compute_network" "vpc_network" {

The correspondence between Terraform resources and API uses the products file generated from the Magic Module. See also terraform-linters/magic-modules#1

To enable this rule, change the plugin definition to enable deep checking as follows:

plugin "google" {
  enabled = true
  deep_check = true
}

I'm using the Service Usage API to get API status, but I'm wondering if this is the best option. In order to take advantage of this rule, you need to enable the Service Usage API, so it might be better to implement a rule for each resource and call an API in each rule.

TODO

  • Describe limitations of credentials in deep checking
  • Cache API response
  • Add tests

@wata727 wata727 force-pushed the google_disabled_api_rule branch from be7a60f to c967ef8 Compare March 7, 2021 08:11
@wata727 wata727 force-pushed the google_disabled_api_rule branch from c967ef8 to fd76cc4 Compare March 7, 2021 13:59
@wata727 wata727 force-pushed the google_disabled_api_rule branch from fd76cc4 to 63f2c76 Compare March 7, 2021 14:01
@wata727 wata727 marked this pull request as ready for review March 7, 2021 14:07
@wata727 wata727 merged commit 2d4dc1b into master Mar 7, 2021
@wata727 wata727 deleted the google_disabled_api_rule branch March 7, 2021 15:40
@wata727 wata727 mentioned this pull request Mar 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

API not active rule
1 participant
@wata727