From abd53840ba3191e6b2f46724b91da97bdb65a60d Mon Sep 17 00:00:00 2001
From: Simon Gottschlag <simon.gottschlag@xenit.se>
Date: Fri, 26 Feb 2021 16:30:30 +0100
Subject: [PATCH 1/3] Update tflint

---
 docker/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 02781fd..92c7656 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -46,7 +46,7 @@ RUN /usr/src/install-scripts/packer.sh --version="1.6.5" --sha="a49f6408a50c220f
 
 # Install tflint
 COPY install-scripts/tflint.sh /usr/src/install-scripts/tflint.sh
-RUN /usr/src/install-scripts/tflint.sh --version="v0.21.0" --sha="f80a85dbe88d39231faef5ad10f3a2ecccca70496476ebbc608a78bfabcaa904"
+RUN /usr/src/install-scripts/tflint.sh --version="v0.24.1" --sha="2dbe3b423f5d3e0bb458d51761c97d51a4fd6c3d7bd1efd87c4aa3dc5199e7b2"
 
 # Install terraform (tfenv)
 COPY install-scripts/tfenv.sh /usr/src/install-scripts/tfenv.sh

From 8b8d3e0a25bf1b3f3fdd5fb8a873ef7e5a0c8e11 Mon Sep 17 00:00:00 2001
From: Simon Gottschlag <simon.gottschlag@xenit.se>
Date: Fri, 26 Feb 2021 16:57:33 +0100
Subject: [PATCH 2/3] Add tflint rules

---
 docker/Dockerfile                        |  8 ++-
 docker/config/.tflint.hcl                | 65 ++++++++++++++++++++++++
 docker/install-scripts/tflint-ruleset.sh | 40 +++++++++++++++
 docker/install-scripts/tflint.sh         |  4 ++
 4 files changed, 116 insertions(+), 1 deletion(-)
 create mode 100644 docker/config/.tflint.hcl
 create mode 100755 docker/install-scripts/tflint-ruleset.sh

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 92c7656..a3ddcc8 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -46,7 +46,13 @@ RUN /usr/src/install-scripts/packer.sh --version="1.6.5" --sha="a49f6408a50c220f
 
 # Install tflint
 COPY install-scripts/tflint.sh /usr/src/install-scripts/tflint.sh
-RUN /usr/src/install-scripts/tflint.sh --version="v0.24.1" --sha="2dbe3b423f5d3e0bb458d51761c97d51a4fd6c3d7bd1efd87c4aa3dc5199e7b2"
+RUN /usr/src/install-scripts/tflint.sh --version="v0.24.1" --sha="2dbe3b423f5d3e0bb458d51761c97d51a4fd6c3d7bd1efd87c4aa3dc5199e7b2" --user="${USER}"
+COPY config/.tflint.hcl /home/${USER}/.tflint.d/.tflint.hcl
+
+# Install tflint ruleset
+COPY install-scripts/tflint-ruleset.sh /usr/src/install-scripts/tflint-ruleset.sh
+RUN /usr/src/install-scripts/tflint-ruleset.sh --ruleset="azurerm" --version="v0.8.2" --sha="4ef97bbc847bde194401c3206eb127fffaf4ce430127e0408878a8a833242a30" --user="${USER}" --group="${GROUP}"
+RUN /usr/src/install-scripts/tflint-ruleset.sh --ruleset="aws" --version="v0.2.1" --sha="ec2a992a8413227e2321d985b62cde34bc34287599894f966b0fc8904aba0d8a" --user="${USER}" --group="${GROUP}"
 
 # Install terraform (tfenv)
 COPY install-scripts/tfenv.sh /usr/src/install-scripts/tfenv.sh
diff --git a/docker/config/.tflint.hcl b/docker/config/.tflint.hcl
new file mode 100644
index 0000000..5884c6c
--- /dev/null
+++ b/docker/config/.tflint.hcl
@@ -0,0 +1,65 @@
+config {
+  module = false
+  force = false
+  disabled_by_default = false
+}
+
+plugin "azurerm" {
+    enabled = true
+}
+
+plugin "azurerm" {
+    enabled = aws
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+rule "terraform_workspace_remote" {
+  enabled = true
+}
diff --git a/docker/install-scripts/tflint-ruleset.sh b/docker/install-scripts/tflint-ruleset.sh
new file mode 100755
index 0000000..2d9637d
--- /dev/null
+++ b/docker/install-scripts/tflint-ruleset.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+set -e
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --ruleset=*)
+      RULESET="${1#*=}"
+      ;;
+    --version=*)
+      VERSION="${1#*=}"
+      ;;
+    --sha=*)
+      SHA="${1#*=}"
+      ;;
+    --user=*)
+      USER="${1#*=}"
+      ;;
+    --group=*)
+      GROUP="${1#*=}"
+      ;;
+    *)
+      echo "Error: Invalid argument."
+      exit 1
+  esac
+  shift
+done
+
+wget https://github.com/terraform-linters/tflint-ruleset-${RULESET}/releases/download/${VERSION}/tflint-ruleset-${RULESET}_linux_amd64.zip
+
+DOWNLOAD_SHA=$(openssl sha1 -sha256 tflint-ruleset-${RULESET}_linux_amd64.zip | awk '{print $2}')
+if [[ "${SHA}" != "${DOWNLOAD_SHA}" ]]; then
+    echo "Downloaded checksum (${DOWNLOAD_SHA}) does not match expected value: ${SHA}"
+    exit 1
+fi
+
+unzip tflint-ruleset-${RULESET}_linux_amd64.zip
+rm tflint-ruleset-${RULESET}_linux_amd64.zip
+mkdir -p /home/${USER}/.tflint.d/plugins/
+mv tflint-ruleset-${RULESET} /home/${USER}/.tflint.d/plugins/tflint-ruleset-${RULESET}
+chown -R ${USER}:${GROUP} /home/${USER}/.tflint.d
\ No newline at end of file
diff --git a/docker/install-scripts/tflint.sh b/docker/install-scripts/tflint.sh
index f94ed6b..74454fc 100755
--- a/docker/install-scripts/tflint.sh
+++ b/docker/install-scripts/tflint.sh
@@ -9,6 +9,9 @@ while [ $# -gt 0 ]; do
     --sha=*)
       SHA="${1#*=}"
       ;;
+    --user=*)
+      USER="${1#*=}"
+      ;;
     *)
       echo "Error: Invalid argument."
       exit 1
@@ -27,3 +30,4 @@ fi
 unzip tflint_linux_amd64.zip
 rm tflint_linux_amd64.zip
 mv tflint /usr/local/bin/tflint
+mkdir -p /home/${USER}/.tflint.d
\ No newline at end of file

From b140d2f97eed02f9f84a327e43b99f6295d2bc9c Mon Sep 17 00:00:00 2001
From: Simon Gottschlag <simon.gottschlag@xenit.se>
Date: Wed, 3 Mar 2021 10:26:49 +0100
Subject: [PATCH 3/3] Add tfsec

---
 docker/Dockerfile               |  4 ++++
 docker/config/.tflint.hcl       |  4 ++--
 docker/install-scripts/tfsec.sh | 29 +++++++++++++++++++++++++++++
 docker/terraform.sh             | 14 +++++++++++++-
 4 files changed, 48 insertions(+), 3 deletions(-)
 create mode 100755 docker/install-scripts/tfsec.sh

diff --git a/docker/Dockerfile b/docker/Dockerfile
index a3ddcc8..e666b79 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -58,6 +58,10 @@ RUN /usr/src/install-scripts/tflint-ruleset.sh --ruleset="aws" --version="v0.2.1
 COPY install-scripts/tfenv.sh /usr/src/install-scripts/tfenv.sh
 RUN /usr/src/install-scripts/tfenv.sh --latest-terraform-version="0.14.7" --tfenv-version="v2.2.0" --user="${USER}" --group="${GROUP}"
 
+# Install tfsec
+COPY install-scripts/tfsec.sh /usr/src/install-scripts/tfsec.sh
+RUN /usr/src/install-scripts/tfsec.sh --version="v0.39.5" --sha="60e52ef9a2b2eb5aebf74fbebfbaf0d30fa107816a8bbc2759cfe5d5c2a9021d"
+
 # Install Open Policy Agent
 COPY install-scripts/opa.sh /usr/src/install-scripts/opa.sh
 RUN /usr/src/install-scripts/opa.sh --version="v0.24.0" --sha="e40bde4cca8a5819518e3c35862bc5b6c388bc2904d412227059af29170f79e9"
diff --git a/docker/config/.tflint.hcl b/docker/config/.tflint.hcl
index 5884c6c..485ed8f 100644
--- a/docker/config/.tflint.hcl
+++ b/docker/config/.tflint.hcl
@@ -8,8 +8,8 @@ plugin "azurerm" {
     enabled = true
 }
 
-plugin "azurerm" {
-    enabled = aws
+plugin "aws" {
+    enabled = true
 }
 
 rule "terraform_deprecated_interpolation" {
diff --git a/docker/install-scripts/tfsec.sh b/docker/install-scripts/tfsec.sh
new file mode 100755
index 0000000..f179021
--- /dev/null
+++ b/docker/install-scripts/tfsec.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --version=*)
+      VERSION="${1#*=}"
+      ;;
+    --sha=*)
+      SHA="${1#*=}"
+      ;;
+    *)
+      echo "Error: Invalid argument."
+      exit 1
+  esac
+  shift
+done
+
+
+wget https://github.com/tfsec/tfsec/releases/download/${VERSION}/tfsec-linux-amd64
+
+DOWNLOAD_SHA=$(openssl sha1 -sha256 tfsec-linux-amd64 | awk '{print $2}')
+if [[ "${SHA}" != "${DOWNLOAD_SHA}" ]]; then
+    echo "Downloaded checksum (${DOWNLOAD_SHA}) does not match expected value: ${SHA}"
+    exit 1
+fi
+
+chmod +x tfsec-linux-amd64
+mv tfsec-linux-amd64 /usr/local/bin/tfsec
diff --git a/docker/terraform.sh b/docker/terraform.sh
index a77e16f..65b8545 100755
--- a/docker/terraform.sh
+++ b/docker/terraform.sh
@@ -150,7 +150,15 @@ state_remove () {
   fi
 }
 
-
+validate () {
+  terraform init -input=false -backend-config="key=${BACKEND_KEY}" -backend-config="resource_group_name=${BACKEND_RG}" -backend-config="storage_account_name=${BACKEND_NAME}" -backend-config="container_name=${CONTAINER_NAME}" -backend-config="snapshot=true"
+  terraform workspace select ${ENVIRONMENT}
+  terraform validate
+  terraform fmt .
+  terraform fmt variables/
+  tflint --config="/home/${USER}/.tflint.d/.tflint.hcl" --var-file="variables/${ENVIRONMENT}.tfvars" --var-file="variables/common.tfvars" --var-file="../global.tfvars" .
+  tfsec .
+}
 
 envup() {
   if [ -f ${ENVIRONMENT_FILE} ]; then
@@ -183,4 +191,8 @@ case $ACTION in
   state-remove )
     state_remove
     ;;
+
+  validate )
+    validate
+    ;;
 esac