These functions are a list of available custom functions in addition to OPA's default built-in functions.
resources := terraform.resources(resource_type, schema, options)Returns Terraform resources.
resource_type(string): resource type to retrieve. "*" is a special character that returns all resources.schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
resources(array[object<type: string, name: string, config: body, decl_range: range>]): Terraform "resource" blocks.
Types:
| Name | Type |
|---|---|
schema |
object[string: any<string, schema>] |
body |
object[string: any<expr, array[nested_block]>] |
expr |
object<value: any, unknown: boolean, sensitive: boolean, range: range> |
nested_block |
object<config: object[string: any<expr, array[nested_block]>], labels: array[string], decl_range: range> |
range |
object<filename: string, start: pos, end: pos> |
pos |
object<line: number, column: number, byte: number> |
See also Terraform Schema for more information on schema type.
The options object parameter may contain the following fields:
| Field | Required | Type | Description |
|---|---|---|---|
expand_mode |
no | string |
Whether to expand resources and dynamic blocks. Valid values are none and expand(default). |
Examples:
Top level attributes
resource "aws_instance" "main" {
instance_type = "t2.micro"
}terraform.resources("aws_instance", {"instance_type": "string"}, {})[
{
"type": "aws_instance",
"name": "main",
"config": {
"instance_type": {
"value": "t2.micro",
"unknown": false,
"sensitive": false,
"range": {
"filename": "main.tf",
"start": { "line": 2, "column": 19, "byte": 51 },
"end": { "line": 2, "column": 29, "byte": 61 }
}
}
},
"decl_range": {...}
}
]Nested blocks
resource "aws_instance" "main" {
ebs_block_device {
volume_size = 50
}
}terraform.resources("aws_instance", {"ebs_block_device": {"volume_size": "number"}}, {})[
{
"type": "aws_instance",
"name": "main",
"config": {
"ebs_block_device": [
{
"config": {
"volume_size": {
"value": 50,
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"labels": null,
"decl_range": {...}
}
]
},
"decl_range": {...}
}
]Expand mode
resource "aws_instance" "count" {
count = 0
}
resource "aws_instance" "for_each" {
for_each = toset([])
}
resource "aws_instance" "dynamic" {
dynamic "ebs_block_device" {
for_each = toset([])
}
}Expand mode: expand (default)
terraform.resources("aws_instance", {"dynamic": {"__labels": ["type"]}}, {"expand_mode": "expand"})[
{
"type": "aws_instance",
"name": "dynamic",
"config": {},
"decl_range": {...}
}
]Expan mode: none
terraform.resources("aws_instance", {"dynamic": {"__labels": ["type"]}}, {"expand_mode": "none"})[
{
"type": "aws_instance",
"name": "count",
"config": {},
"decl_range": {...}
}
{
"type": "aws_instance",
"name": "for_each",
"config": {},
"decl_range": {...}
}
{
"type": "aws_instance",
"name": "dynamic",
"config": {
"dynamic": [
{
"config": {},
"labels": ["ebs_block_device"],
"decl_range": {...}
}
]
},
"decl_range": {...}
}
]data_sources := terraform.data_sources(data_type, schema, options)Returns Terraform data sources.
data_type(string): data type to retrieve. "*" is a special character that returns all data sources.schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
data_sources(array[object<type: string, name: string, config: body, decl_range: range>]): Terraform "data" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
data "aws_ami" "main" {
owners = ["self"]
}terraform.data_sources("aws_ami", {"owners": "list(string)"}, {})[
{
"type": "aws_ami",
"name": "main",
"config": {
"owners": {
"value": ["self"],
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]modules := terraform.module_calls(schema, options)Returns Terraform module calls.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
modules(array[object<name: string, config: body, decl_range: range>]): Terraform "module" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
module "aws_instance" {
instance_type = "t2.micro"
}terraform.module_calls({"instance_type": "string"}, {})[
{
"name": "aws_instance",
"config": {
"instance_type": {
"value": "t2.micro",
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]providers := terraform.providers(schema, options)Returns Terraform providers.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
providers(array[object<name: string, config: body, decl_range: range>]): Terraform "provider" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
provider "aws" {
region = "us-east-1"
}terraform.providers({"region": "string"}, {})[
{
"name": "aws",
"config": {
"region": {
"value": "us-east-1",
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]settings := terraform.settings(schema, options)Returns Terraform settings.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
settings(array[object<config: body, decl_range: range>]): Terraform "terraform" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}terraform.settings({"required_providers": {"aws": "map(string)"}}, {})[
{
"config": {
"required_providers": [
{
"config": {
"aws": {
"value": {
"source": "hashicorp/aws",
"version": "~> 4.0"
},
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"labels": null,
"decl_range": {...}
}
]
},
"decl_range": {...}
}
]variables := terraform.variables(schema, options)Returns Terraform variables.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
variables(array[object<name: string, config: body, decl_range: range>]): Terraform "variable" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
variable "foo" {
nullable = true
}terraform.variables({"nullable": "bool"}, {})[
{
"name": "foo",
"config": {
"nullable": {
"value": true,
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]outputs := terraform.outputs(schema, options)Returns Terraform outputs.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
outputs(array[object<name: string, config: body, decl_range: range>]): Terraform "output" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
output "bar" {
description = null
}terraform.outputs({"description": "string"}, {})[
{
"name": "bar",
"config": {
"description": {
"value": null,
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]locals := terraform.locals(options)Returns Terraform local values.
options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
locals(array[object<name: string, expr: expr, decl_range: range>]): Terraform local values.
The options is equivalent to the argument of the terraform.resources function.
Examples:
locals {
foo = "bar"
}terraform.locals({})[
{
"name": "foo",
"expr": {
"value": "bar",
"unknown": false,
"sensitive": false,
"range": {...}
},
"decl_range": {...}
}
]blocks := terraform.moved_blocks(schema, options)Returns Terraform moved blocks.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
blocks(array[object<config: body, decl_range: range>]): Terraform "moved" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
moved {
from = aws_instance.foo
to = aws_instance.bar
}terraform.moved_blocks({"from": "any"}, {})[
{
"config": {
"from": {
"unknown": true,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]blocks := terraform.imports(schema, options)Returns Terraform imports blocks.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
blocks(array[object<config: body, decl_range: range>]): Terraform "import" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
import {
to = aws_instance.example
id = "i-abcd1234"
}terraform.imports({"id": "string"}, {})[
{
"config": {
"id": {
"value": "i-abcd1234",
"unknown": false,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]blocks := terraform.checks(schema, options)Returns Terraform check blocks.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
blocks(array[object<config: body, decl_range: range>]): Terraform "check" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
check "health_check" {
data "http" "terraform_io" {
url = "https://www.terraform.io"
}
assert {
condition = data.http.terraform_io.status_code == 200
error_message = "${data.http.terraform_io.url} returned an unhealthy status code"
}
}terraform.checks({"assert": {"condition": "bool"}}, {})[
{
"config": {
"assert": [
{
"config": {
"condition": {
"unknown": true,
"sensitive": false,
"range": {...}
}
},
"labels": null,
"decl_range": {...}
}
]
},
"decl_range": {...}
}
]blocks := terraform.removed_blocks(schema, options)Returns Terraform removed blocks.
schema(schema): schema for attributes referenced in rules.options(object[string: string]): options to change the retrieve/evaluate behavior.
Returns:
blocks(array[object<config: body, decl_range: range>]): Terraform "removed" blocks.
The schema and options are equivalent to the arguments of the terraform.resources function.
Examples:
removed {
from = aws_instance.example
lifecycle {
destroy = false
}
}terraform.removed_blocks({"from": "any"}, {})[
{
"config": {
"from": {
"unknown": true,
"sensitive": false,
"range": {...}
}
},
"decl_range": {...}
}
]range := terraform.module_range()Returns a range for the current Terraform module. This is useful in rules that check for non-existence.
Returns:
range(range): a range for [DIR]/main.tf:1:1
issue := tflint.issue(msg, range)Returns issue object.
Returns:
issue(object<msg: string, range: range>): issue object.