Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/magodo/hclgrep
Syntax based grep for HCL(v2)
https://github.com/magodo/hclgrep
cli grep-like hcl2 syntax terraform
Last synced: 2 months ago
JSON representation
Syntax based grep for HCL(v2)
- Host: GitHub
- URL: https://github.com/magodo/hclgrep
- Owner: magodo
- License: bsd-3-clause
- Created: 2021-12-22T12:15:33.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-03-07T08:21:19.000Z (9 months ago)
- Last Synced: 2024-09-30T12:41:29.748Z (2 months ago)
- Topics: cli, grep-like, hcl2, syntax, terraform
- Language: Go
- Homepage:
- Size: 89.8 KB
- Stars: 88
- Watchers: 2
- Forks: 7
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-tf - hclgrep - Syntax based grep for HCL(v2). (Tools / Community providers)
README
# hclgrep
![workflow](https://github.com/magodo/hclgrep/actions/workflows/go.yml/badge.svg)
Search for HCL(v2) using syntax tree.
The idea is heavily inspired by https://github.com/mvdan/gogrep.
## Install
go install github.com/magodo/hclgrep@latest
## Usage
usage: hclgrep [options] commands [FILE...]
An option is one of the following:
-H prefix the filename and byte offset of a match
A command is one of the following:
-x pattern find all nodes matching a pattern
-g pattern discard nodes not matching a pattern
-v pattern discard nodes matching a pattern
-p number navigate up a number of node parents
-rx name="regexp" filter nodes by regexp against wildcard value of "name"
-w name print the wildcard node only (must be the last command)A pattern is a piece of HCL code which may include wildcards. It can be:
- A [body](https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md#bodies) (zero or more attributes, and zero or more blocks)
- An [expression](https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md#expressions)There are two types of wildcards can be used in a pattern, depending on the scope it resides in:
- Attribute wildcard ("@"): represents an [attribute](https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md#attribute-definitions), a [block](https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md#blocks), or an [object element](https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md#collection-values)
- Expression wildcard ("$"): represents an [expression](https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md#expressions) or a place that a string is accepted (i.e. as a block type, block label)The wildcards are followed by a name. Each wildcard with the same name must match the same node/string, excluding "\_". Example:
$x.$_ = $x # assignment of self to a field in self
The wildcard name is only recorded for "-x" command or "-g" command (the first match in DFS).
If "\*" is before the name, it will match **any** number of nodes. Example:
[$*_] # any number of elements in a tuple
resource foo "name" {
@*_ # any number of attributes/blocks inside the resource block body
}## Example
- Grep dynamic blocks used in Terraform config
$ hclgrep -x 'dynamic $_ {@*_}' main.tf
- Grep potential mis-used "count" in Terraform config
$ hclgrep -x 'var.$_[count.index]' main.tf
- Grep module source addresses in Terraform config
$ hclgrep -x 'module $_ {@*_}' \
-x 'source = $addr' \
-w addr main.tf- Grep AzureRM Terraform network security rule resource which allows 22 port for inbound traffic
$ hclgrep -x 'resource azurerm_network_security_rule $_ {@*_}' \
-g 'direction = "Inbound"' \
-g 'access = "Allow"' \
-g 'destination_port_range = $port' \
-rx 'port="22|\*"' \
main.tf- Grep for the evaluated Terraform configurations, run following command in the root module (given there is no output variables defined)
$ terraform show -no-color | sed --expression 's;(sensitive value);"";' | hclgrep -x ''
## Limitation
- The **any** expression wildcard (`$*`) doesn't work inside a traversal.
- The **any** wildcard doesn't remember the matched wildcard name.