Back to Details

azure-verified-modules

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Azure Verified Modules (AVM) Requirements

Azure Verified Modules (AVM) 要求

This guide covers the mandatory requirements for Azure Verified Modules certification. These requirements ensure consistency, quality, and maintainability across Azure Terraform modules.
References:
本指南涵盖了Azure Verified Modules认证的强制性要求。这些要求确保Azure Terraform模块在一致性、质量和可维护性方面达到标准。
参考资料:

Table of Contents

目录

Module Cross-Referencing

模块交叉引用

Severity: MUST | Requirement: TFFR1
When building Resource or Pattern modules, module owners MAY cross-reference other modules. However:
  • Modules MUST be referenced using HashiCorp Terraform registry reference to a pinned version
    • Example: 
      source = "Azure/xxx/azurerm"
      with 
      version = "1.2.3"
  • Modules MUST NOT use git references (e.g., 
    git::https://xxx.yyy/xxx.git
    or 
    github.com/xxx/yyy
    )
  • Modules MUST NOT contain references to non-AVM modules
严重程度:必须遵循 | 要求编号:TFFR1
在构建资源或模式模块时,模块所有者可以交叉引用其他模块。但需满足:
  • 模块必须使用HashiCorp Terraform注册表引用并固定版本
    • 示例:
      source = "Azure/xxx/azurerm"
      搭配 
      version = "1.2.3"
  • 模块禁止使用Git引用(例如:
    git::https://xxx.yyy/xxx.git
    github.com/xxx/yyy
  • 模块禁止引用非AVM模块

Azure Provider Requirements

Azure Provider 要求

Severity: MUST | Requirement: TFFR3
Authors MUST only use the following Azure providers:
ProviderMin VersionMax Version
azapi>= 2.0< 3.0
azurerm>= 4.0< 5.0
Requirements:
  • Authors MAY select either Azurerm, Azapi, or both providers
  • MUST use 
    required_providers
    block to enforce provider versions
  • SHOULD use pessimistic version constraint operator (
    ~>
    )
Example:
hcl
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
    azapi = {
      source  = "Azure/azapi"
      version = "~> 2.0"
    }
  }
}
严重程度:必须遵循 | 要求编号:TFFR3
作者必须仅使用以下Azure Provider:
Provider最低版本最高版本
azapi>= 2.0< 3.0
azurerm>= 4.0< 5.0
要求细节:
  • 作者可以选择Azurerm、Azapi,或同时使用两者
  • 必须使用
    required_providers
    块来强制指定Provider版本
  • 建议使用悲观版本约束运算符(
    ~>
示例:
hcl
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
    azapi = {
      source  = "Azure/azapi"
      version = "~> 2.0"
    }
  }
}

Code Style Standards

代码风格标准

Lower snake_casing

小写蛇形命名法

Severity: MUST | Requirement: TFNFR4
MUST use lower snake_casing for:
  • Locals
  • Variables
  • Outputs
  • Resources (symbolic names)
  • Modules (symbolic names)
Example: 
snake_casing_example
严重程度:必须遵循 | 要求编号:TFNFR4
必须对以下元素使用小写蛇形命名法:
  • 本地值(Locals)
  • 变量(Variables)
  • 输出(Outputs)
  • 资源(符号名称)
  • 模块(符号名称)
示例:
snake_casing_example

Resource & Data Source Ordering

资源与数据源排序

Severity: SHOULD | Requirement: TFNFR6
  • Resources that are depended on SHOULD come first
  • Resources with dependencies SHOULD be defined close to each other
严重程度:建议遵循 | 要求编号:TFNFR6
  • 被依赖的资源建议放在前面
  • 有依赖关系的资源建议定义在彼此附近

Count & for_each Usage

Count & for_each 使用规范

Severity: MUST | Requirement: TFNFR7
  • Use 
    count
    for conditional resource creation
  • MUST use 
    map(xxx)
    or 
    set(xxx)
    as resource's 
    for_each
    collection
  • The map's key or set's element MUST be static literals
Example:
hcl
resource "azurerm_subnet" "pair" {
  for_each             = var.subnet_map  # map(string)
  name                 = "${each.value}-pair"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
}
严重程度:必须遵循 | 要求编号:TFNFR7
  • 使用
    count
    实现条件式资源创建
  • 必须使用
    map(xxx)
    set(xxx)
    作为资源的
    for_each
    集合
  • 映射的键或集合的元素必须是静态字面量
示例:
hcl
resource "azurerm_subnet" "pair" {
  for_each             = var.subnet_map  # map(string)
  name                 = "${each.value}-pair"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
}

Resource & Data Block Internal Ordering

资源与数据块内部排序

Severity: SHOULD | Requirement: TFNFR8
Order within resource/data blocks:
  1. Meta-arguments (top):
    • provider
    • count
    • for_each
  2. Arguments/blocks (middle, alphabetical):
    • Required arguments
    • Optional arguments
    • Required nested blocks
    • Optional nested blocks
  3. Meta-arguments (bottom):
    • depends_on
    • lifecycle
      (with sub-order: 
      create_before_destroy
      , 
      ignore_changes
      , 
      prevent_destroy
      )
Separate sections with blank lines.
严重程度:建议遵循 | 要求编号:TFNFR8
资源/数据块内的顺序:
  1. 元参数(顶部):
    • provider
    • count
    • for_each
  2. 参数/块(中间,按字母顺序):
    • 必填参数
    • 可选参数
    • 必填嵌套块
    • 可选嵌套块
  3. 元参数(底部):
    • depends_on
    • lifecycle
      (子顺序:
      create_before_destroy
      , 
      ignore_changes
      , 
      prevent_destroy
各部分之间用空行分隔。

Module Block Ordering

模块块排序

Severity: SHOULD | Requirement: TFNFR9
Order within module blocks:
  1. Top meta-arguments:
    • source
    • version
    • count
    • for_each
  2. Arguments (alphabetical):
    • Required arguments
    • Optional arguments
  3. Bottom meta-arguments:
    • depends_on
    • providers
严重程度:建议遵循 | 要求编号:TFNFR9
模块块内的顺序:
  1. 顶部元参数:
    • source
    • version
    • count
    • for_each
  2. 参数(按字母顺序):
    • 必填参数
    • 可选参数
  3. 底部元参数:
    • depends_on
    • providers

Lifecycle ignore_changes Syntax

Lifecycle ignore_changes 语法

Severity: MUST | Requirement: TFNFR10
The 
ignore_changes
attribute MUST NOT be enclosed in double quotes.
Good:
hcl
lifecycle {
  ignore_changes = [tags]
}
Bad:
hcl
lifecycle {
  ignore_changes = ["tags"]
}
严重程度:必须遵循 | 要求编号:TFNFR10
ignore_changes
属性禁止用双引号包裹。
正确写法:
hcl
lifecycle {
  ignore_changes = [tags]
}
错误写法:
hcl
lifecycle {
  ignore_changes = ["tags"]
}

Null Comparison for Conditional Creation

条件创建的空值比较

Severity: SHOULD | Requirement: TFNFR11
For parameters requiring conditional resource creation, wrap with 
object
type to avoid "known after apply" issues during plan stage.
Recommended:
hcl
variable "security_group" {
  type = object({
    id = string
  })
  default = null
}
严重程度:建议遵循 | 要求编号:TFNFR11
对于需要条件式资源创建的参数,使用
object
类型包装,以避免在计划阶段出现“应用后才可知”的问题。
推荐写法:
hcl
variable "security_group" {
  type = object({
    id = string
  })
  default = null
}

Dynamic Blocks for Optional Nested Objects

可选嵌套对象的动态块

Severity: MUST | Requirement: TFNFR12
Nested blocks under conditions MUST use this pattern:
hcl
dynamic "identity" {
  for_each = <condition> ? [<some_item>] : []

  content {
    # block content
  }
}
严重程度:必须遵循 | 要求编号:TFNFR12
条件下的嵌套块必须使用以下模式:
hcl
dynamic "identity" {
  for_each = <condition> ? [<some_item>] : []

  content {
    # 块内容
  }
}

Default Values with coalesce/try

使用coalesce/try设置默认值

Severity: SHOULD | Requirement: TFNFR13
Good:
hcl
coalesce(var.new_network_security_group_name, "${var.subnet_name}-nsg")
Bad:
hcl
var.new_network_security_group_name == null ? "${var.subnet_name}-nsg" : var.new_network_security_group_name
严重程度:建议遵循 | 要求编号:TFNFR13
正确写法:
hcl
coalesce(var.new_network_security_group_name, "${var.subnet_name}-nsg")
错误写法:
hcl
var.new_network_security_group_name == null ? "${var.subnet_name}-nsg" : var.new_network_security_group_name

Provider Declarations in Modules

模块中的Provider声明

Severity: MUST | Requirement: TFNFR27
  • provider
    MUST NOT be declared in modules (except for 
    configuration_aliases
    )
  • provider
    blocks in modules MUST only use 
    alias
  • Provider configurations SHOULD be passed in by module users
严重程度:必须遵循 | 要求编号:TFNFR27
  • 模块中禁止声明
    provider
    configuration_aliases
    除外)
  • 模块中的
    provider
    必须仅使用
    alias
  • Provider配置建议由模块使用者传入

Variable Requirements

变量要求

Not Allowed Variables

不允许的变量

Severity: MUST | Requirement: TFNFR14
Module owners MUST NOT add variables like 
enabled
or 
module_depends_on
to control entire module operation. Boolean feature toggles for specific resources are acceptable.
严重程度:必须遵循 | 要求编号:TFNFR14
模块所有者禁止添加
enabled
module_depends_on
这类用于控制整个模块运行的变量。针对特定资源的布尔型功能开关是允许的。

Variable Definition Order

变量定义顺序

Severity: SHOULD | Requirement: TFNFR15
Variables SHOULD follow this order:
  1. All required fields (alphabetical)
  2. All optional fields (alphabetical)
严重程度:建议遵循 | 要求编号:TFNFR15
变量建议遵循以下顺序:
  1. 所有必填字段(按字母顺序)
  2. 所有可选字段(按字母顺序)

Variable Naming Rules

变量命名规则

Severity: SHOULD | Requirement: TFNFR16
严重程度:建议遵循 | 要求编号:TFNFR16

Variables with Descriptions

带描述的变量

Severity: SHOULD | Requirement: TFNFR17
  • description
    SHOULD precisely describe the parameter's purpose and expected data type
  • Target audience is module users, not developers
  • For 
    object
    types, use HEREDOC format
严重程度:建议遵循 | 要求编号:TFNFR17
  • description
    建议精准描述参数的用途和预期数据类型
  • 目标受众是模块使用者,而非开发者
  • 对于
    object
    类型,使用HEREDOC格式

Variables with Types

带类型的变量

Severity: MUST | Requirement: TFNFR18
  • type
    MUST be defined for every variable
  • type
    SHOULD be as precise as possible
  • any
    MAY only be used with adequate reasons
  • Use 
    bool
    instead of 
    string
    /
    number
    for true/false values
  • Use concrete 
    object
    instead of 
    map(any)
严重程度:必须遵循 | 要求编号:TFNFR18
  • 每个变量必须定义
    type
  • type
    建议尽可能精准
  • any
    仅可在有充分理由的情况下使用
  • 布尔值使用
    bool
    而非
    string
    /
    number
  • 使用具体的
    object
    而非
    map(any)

Sensitive Data Variables

敏感数据变量

Severity: SHOULD | Requirement: TFNFR19
If a variable's type is 
object
and contains sensitive fields, the entire variable SHOULD be 
sensitive = true
, or extract sensitive fields into separate variables.
严重程度:建议遵循 | 要求编号:TFNFR19
如果变量类型是
object
且包含敏感字段,整个变量建议设置为
sensitive = true
,或者将敏感字段提取为单独的变量。

Non-Nullable Defaults for Collections

集合类型的非空默认值

Severity: SHOULD | Requirement: TFNFR20
Nullable SHOULD be set to 
false
for collection values (sets, maps, lists) when using them in loops. For scalar values, null may have semantic meaning.
严重程度:建议遵循 | 要求编号:TFNFR20
当在循环中使用集合值(集合、映射、列表)时,
nullable
建议设置为
false
。对于标量值,空值可能具有语义意义。

Discourage Nullability by Default

默认情况下不鼓励空值

Severity: MUST | Requirement: TFNFR21
nullable = true
MUST be avoided unless there's a specific semantic need for null values.
严重程度:必须遵循 | 要求编号:TFNFR21
nullable = true
必须避免使用,除非对空值有特定的语义需求。

Avoid sensitive = false

避免设置sensitive = false

Severity: MUST | Requirement: TFNFR22
sensitive = false
MUST be avoided (this is the default).
严重程度:必须遵循 | 要求编号:TFNFR22
sensitive = false
必须避免使用(这是默认值)。

Sensitive Default Value Conditions

敏感默认值的限制

Severity: MUST | Requirement: TFNFR23
A default value MUST NOT be set for sensitive inputs (e.g., default passwords).
严重程度:必须遵循 | 要求编号:TFNFR23
敏感输入(例如默认密码)禁止设置默认值。

Handling Deprecated Variables

已弃用变量的处理

Severity: MUST | Requirement: TFNFR24
  • Move deprecated variables to 
    deprecated_variables.tf
  • Annotate with 
    DEPRECATED
    at the beginning of description
  • Declare the replacement's name
  • Clean up during major version releases
严重程度:必须遵循 | 要求编号:TFNFR24
  • 将已弃用的变量移至
    deprecated_variables.tf
  • 在描述开头标注
    DEPRECATED
  • 声明替代变量的名称
  • 在大版本发布时清理

Output Requirements

输出要求

Additional Terraform Outputs

额外的Terraform输出

Severity: SHOULD | Requirement: TFFR2
Authors SHOULD NOT output entire resource objects as these may contain sensitive data and the schema can change with API or provider versions.
Best Practices:
  • Output computed attributes of resources as discrete outputs (anti-corruption layer pattern)
  • SHOULD NOT output values that are already inputs (except 
    name
    )
  • Use 
    sensitive = true
    for sensitive attributes
  • For resources deployed with 
    for_each
    , output computed attributes in a map structure
Examples:
hcl
undefined
严重程度:建议遵循 | 要求编号:TFFR2
作者建议不要输出整个资源对象,因为这些对象可能包含敏感数据,且其架构可能随API或Provider版本变化。
最佳实践:
  • 将资源的计算属性作为离散输出(防腐层模式)
  • 建议不要输出已作为输入的值(
    name
    除外)
  • 敏感属性使用
    sensitive = true
  • 对于使用
    for_each
    部署的资源,以映射结构输出计算属性
示例:
hcl
undefined

Single resource computed attribute

单个资源的计算属性

output "foo" { description = "MyResource foo attribute" value = azurerm_resource_myresource.foo }
output "foo" { description = "MyResource foo属性" value = azurerm_resource_myresource.foo }

for_each resources

for_each资源

output "childresource_foos" { description = "MyResource children's foo attributes" value = { for key, value in azurerm_resource_mychildresource : key => value.foo } }
output "childresource_foos" { description = "MyResource子资源的foo属性" value = { for key, value in azurerm_resource_mychildresource : key => value.foo } }

Sensitive output

敏感输出

output "bar" { description = "MyResource bar attribute" value = azurerm_resource_myresource.bar sensitive = true }
undefined
output "bar" { description = "MyResource bar属性" value = azurerm_resource_myresource.bar sensitive = true }
undefined

Sensitive Data Outputs

敏感数据输出

Severity: MUST | Requirement: TFNFR29
Outputs containing confidential data MUST be declared with 
sensitive = true
.
严重程度:必须遵循 | 要求编号:TFNFR29
包含机密数据的输出必须声明为
sensitive = true

Handling Deprecated Outputs

已弃用输出的处理

Severity: MUST | Requirement: TFNFR30
  • Move deprecated outputs to 
    deprecated_outputs.tf
  • Define new outputs in 
    outputs.tf
  • Clean up during major version releases
严重程度:必须遵循 | 要求编号:TFNFR30
  • 将已弃用的输出移至
    deprecated_outputs.tf
  • outputs.tf
    中定义新输出
  • 在大版本发布时清理

Local Values Standards

本地值标准

locals.tf Organization

locals.tf 组织方式

Severity: MAY | Requirement: TFNFR31
  • locals.tf
    SHOULD only contain 
    locals
    blocks
  • MAY declare 
    locals
    blocks next to resources for advanced scenarios
严重程度:可选遵循 | 要求编号:TFNFR31
  • locals.tf
    建议仅包含
    locals
  • 可以在高级场景中,将
    locals
    块声明在资源旁边

Alphabetical Local Arrangement

本地值按字母顺序排列

Severity: MUST | Requirement: TFNFR32
Expressions in 
locals
blocks MUST be arranged alphabetically.
严重程度:必须遵循 | 要求编号:TFNFR32
locals
块中的表达式必须按字母顺序排列。

Precise Local Types

精准的本地值类型

Severity: SHOULD | Requirement: TFNFR33
Use precise types (e.g., 
number
for age, not 
string
).
严重程度:建议遵循 | 要求编号:TFNFR33
使用精准类型(例如年龄使用
number
而非
string
)。

Terraform Configuration Requirements

Terraform配置要求

Terraform Version Requirements

Terraform版本要求

Severity: MUST | Requirement: TFNFR25
terraform.tf
requirements:
  • MUST contain only one 
    terraform
    block
  • First line MUST define 
    required_version
  • MUST include minimum version constraint
  • MUST include maximum major version constraint
  • SHOULD use 
    ~> #.#
    or 
    >= #.#.#, < #.#.#
    format
Example:
hcl
terraform {
  required_version = "~> 1.6"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
  }
}
严重程度:必须遵循 | 要求编号:TFNFR25
terraform.tf
要求:
  • 必须仅包含一个
    terraform
  • 第一行必须定义
    required_version
  • 必须包含最低版本约束
  • 必须包含最高主版本约束
  • 建议使用
    ~> #.#
    >= #.#.#, < #.#.#
    格式
示例:
hcl
terraform {
  required_version = "~> 1.6"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 4.0"
    }
  }
}

Providers in required_providers

required_providers中的Provider

Severity: MUST | Requirement: TFNFR26
  • terraform
    block MUST contain 
    required_providers
    block
  • Each provider MUST specify 
    source
    and 
    version
  • Providers SHOULD be sorted alphabetically
  • Only include directly required providers
  • source
    MUST be in format 
    namespace/name
  • version
    MUST include minimum and maximum major version constraints
  • SHOULD use 
    ~> #.#
    or 
    >= #.#.#, < #.#.#
    format
严重程度:必须遵循 | 要求编号:TFNFR26
  • terraform
    必须包含
    required_providers
  • 每个Provider必须指定
    source
    version
  • Provider建议按字母顺序排序
  • 仅包含直接依赖的Provider
  • source
    必须
    namespace/name
    格式
  • version
    必须包含最低和最高主版本约束
  • 建议使用
    ~> #.#
    >= #.#.#, < #.#.#
    格式

Testing Requirements

测试要求

Test Tooling

测试工具

Severity: MUST | Requirement: TFNFR5
Required testing tools for AVM:
  • Terraform (
    terraform validate/fmt/test
    )
  • terrafmt
  • Checkov
  • tflint (with azurerm ruleset)
  • Go (optional for custom tests)
严重程度:必须遵循 | 要求编号:TFNFR5
AVM所需的测试工具:
  • Terraform(
    terraform validate/fmt/test
  • terrafmt
  • Checkov
  • tflint(搭配azurerm规则集)
  • Go(自定义测试可选)

Test Provider Configuration

测试Provider配置

Severity: SHOULD | Requirement: TFNFR36
For robust testing, 
prevent_deletion_if_contains_resources
SHOULD be explicitly set to 
false
in test provider configurations.
严重程度:建议遵循 | 要求编号:TFNFR36
为了实现可靠测试,在测试Provider配置中建议显式将
prevent_deletion_if_contains_resources
设置为
false

Documentation Requirements

文档要求

Module Documentation Generation

模块文档生成

Severity: MUST | Requirement: TFNFR2
  • Documentation MUST be automatically generated via Terraform Docs
  • A 
    .terraform-docs.yml
    file MUST be present in the module root
严重程度:必须遵循 | 要求编号:TFNFR2
  • 文档必须通过Terraform Docs自动生成
  • 模块根目录必须存在
    .terraform-docs.yml
    文件

Breaking Changes & Feature Management

破坏性变更与功能管理

Using Feature Toggles

使用功能开关

Severity: MUST | Requirement: TFNFR34
New resources added in minor/patch versions MUST have a toggle variable to avoid creation by default:
hcl
variable "create_route_table" {
  type     = bool
  default  = false
  nullable = false
}

resource "azurerm_route_table" "this" {
  count = var.create_route_table ? 1 : 0
  # ...
}
严重程度:必须遵循 | 要求编号:TFNFR34
在小版本/补丁版本中添加的新资源必须带有开关变量,避免默认创建:
hcl
variable "create_route_table" {
  type     = bool
  default  = false
  nullable = false
}

resource "azurerm_route_table" "this" {
  count = var.create_route_table ? 1 : 0
  # ...
}

Reviewing Potential Breaking Changes

审查潜在的破坏性变更

Severity: MUST | Requirement: TFNFR35
Breaking changes requiring caution:
Resource blocks:
  1. Adding new resource without conditional creation
  2. Adding arguments with non-default values
  3. Adding nested blocks without 
    dynamic
  4. Renaming resources without 
    moved
    blocks
  5. Changing 
    count
    to 
    for_each
    or vice versa
Variable/Output blocks:
  1. Deleting/renaming variables
  2. Changing variable 
    type
  3. Changing variable 
    default
    values
  4. Changing 
    nullable
    to false
  5. Changing 
    sensitive
    from false to true
  6. Adding variables without 
    default
  7. Deleting outputs
  8. Changing output 
    value
  9. Changing output 
    sensitive
    value
严重程度:必须遵循 | 要求编号:TFNFR35
需要谨慎处理的破坏性变更:
资源块:
  1. 添加无条件创建的新资源
  2. 添加带非默认值的参数
  3. 添加无
    dynamic
    的嵌套块
  4. 重命名资源但未使用
    moved
  5. count
    改为
    for_each
    或反之
变量/输出块:
  1. 删除/重命名变量
  2. 更改变量
    type
  3. 更改变量
    default
  4. nullable
    改为false
  5. sensitive
    从false改为true
  6. 添加无
    default
    的变量
  7. 删除输出
  8. 更改输出
    value
  9. 更改输出
    sensitive

Contribution Standards

贡献标准

GitHub Repository Branch Protection

GitHub仓库分支保护

Severity: MUST | Requirement: TFNFR3
Module owners MUST set branch protection policies on the default branch (typically 
main
):
  1. Require Pull Request before merging
  2. Require approval of most recent reviewable push
  3. Dismiss stale PR approvals when new commits are pushed
  4. Require linear history
  5. Prevent force pushes
  6. Not allow deletions
  7. Require CODEOWNERS review
  8. No bypassing settings allowed
  9. Enforce for administrators
严重程度:必须遵循 | 要求编号:TFNFR3
模块所有者必须在默认分支(通常为
main
)上设置分支保护策略:
  1. 合并前需要拉取请求(Pull Request)
  2. 需要对最新可审核推送的批准
  3. 推送新提交时驳回过时的PR批准
  4. 要求线性提交历史
  5. 禁止强制推送
  6. 不允许删除分支
  7. 需要CODEOWNERS审查
  8. 不允许绕过设置
  9. 对管理员强制执行

Compliance Checklist

合规性检查表

Use this checklist when developing or reviewing Azure Verified Modules:
开发或审核Azure Verified Modules时使用本检查表:

Module Structure

模块结构

  • Module cross-references use registry sources with pinned versions
  • Azure providers (azurerm/azapi) versions meet AVM requirements
  • .terraform-docs.yml
    present in module root
  • CODEOWNERS file present
  • 模块交叉引用使用带固定版本的注册表源
  • Azure Provider(azurerm/azapi)版本符合AVM要求
  • 模块根目录存在
    .terraform-docs.yml
  • 存在CODEOWNERS文件

Code Style

代码风格

  • All names use lower snake_casing
  • Resources ordered with dependencies first
  • for_each
    uses 
    map()
    or 
    set()
    with static keys
  • Resource/data/module blocks follow proper internal ordering
  • ignore_changes
    not quoted
  • Dynamic blocks used for conditional nested objects
  • coalesce()
    or 
    try()
    used for default values
  • 所有名称使用小写蛇形命名法
  • 资源按依赖顺序排列,被依赖项在前
  • for_each
    使用带静态键的
    map()
    set()
  • 资源/数据/模块块遵循正确的内部顺序
  • ignore_changes
    未加引号
  • 条件嵌套对象使用动态块
  • 默认值使用
    coalesce()
    try()

Variables

变量

  • No 
    enabled
    or 
    module_depends_on
    variables
  • Variables ordered: required (alphabetical) then optional (alphabetical)
  • All variables have precise types (avoid 
    any
    )
  • All variables have descriptions
  • Collections have 
    nullable = false
  • No 
    sensitive = false
    declarations
  • No default values for sensitive inputs
  • Deprecated variables moved to 
    deprecated_variables.tf
  • enabled
    module_depends_on
    变量
  • 变量顺序:必填项(按字母顺序)后接可选项(按字母顺序)
  • 所有变量具有精准类型(避免
    any
  • 所有变量带有描述
  • 集合类型设置
    nullable = false
  • sensitive = false
    声明
  • 敏感输入无默认值
  • 已弃用变量移至
    deprecated_variables.tf

Outputs

输出

  • Outputs use anti-corruption layer pattern (discrete attributes)
  • Sensitive outputs marked 
    sensitive = true
  • Deprecated outputs moved to 
    deprecated_outputs.tf
  • 输出使用防腐层模式(离散属性)
  • 敏感输出标记
    sensitive = true
  • 已弃用输出移至
    deprecated_outputs.tf

Terraform Configuration

Terraform配置

  • terraform.tf
    has version constraints (
    ~>
    format)
  • required_providers
    block present with all providers
  • No 
    provider
    declarations in module (except aliases)
  • Locals arranged alphabetically
  • terraform.tf
    包含版本约束(
    ~>
    格式)
  • 存在
    required_providers
    块并包含所有Provider
  • 模块中无
    provider
    声明(别名除外)
  • 本地值按字母顺序排列

Testing & Quality

测试与质量

  • Required testing tools configured
  • New resources have feature toggles
  • Breaking changes reviewed and documented
  • 已配置所需测试工具
  • 新资源带有功能开关
  • 破坏性变更已审查并记录

Summary Statistics

统计摘要

  • Functional Requirements: 3
  • Non-Functional Requirements: 34
  • Total Requirements: 37
  • 功能要求: 3项
  • 非功能要求: 34项
  • 总要求数: 37项

By Severity

按严重程度分类

  • MUST: 21 requirements
  • SHOULD: 14 requirements
  • MAY: 2 requirements
Based on: Azure Verified Modules - Terraform Requirements
  • 必须遵循: 21项要求
  • 建议遵循: 14项要求
  • 可选遵循: 2项要求
基于:Azure Verified Modules - Terraform Requirements