DevOps Maintainability Checker
Verify infrastructure code follows maintainable patterns.
Maintainability Checklist
| Check | Good | Bad |
|-------|------|-----|
| Resource naming | Consistent ${project}-${env}-${type} | Random or inconsistent |
| Variable naming | Descriptive with defaults | Cryptic, no descriptions |
| Code formatting | tofu fmt passes | Inconsistent indentation |
| DRY principle | Locals for repeated values | Hardcoded values repeated |
| Version constraints | Pinned ~> X.Y | Unpinned or exact versions |
Verification Commands
# Format check
tofu fmt -check -recursive 2>&1 || echo "FAIL: Needs formatting"
# Variable descriptions
grep -L "description" variables.tf && echo "WARN: Variables missing descriptions"
# Locals usage (should have some)
grep -c "local\." *.tf | awk -F: '$2 < 3 {print "WARN: Underusing locals in "$1}'
# Hardcoded values (potential DRY violations)
grep -E '^\s+(region|zone|size)\s*=\s*"[^$]' *.tf
# Provider version constraints
grep -E "version\s*=\s*\"[0-9]" *.tf | grep -v "~>" && echo "WARN: Exact versions, use ~>"
Naming Conventions
Resource Names:
# GOOD
resource "aws_instance" "web" {
tags = {
Name = "${var.project}-${var.environment}-web"
}
}
# BAD
resource "aws_instance" "instance1" {
tags = {
Name = "my-server"
}
}
Variable Names:
# GOOD
variable "database_instance_class" {
description = "RDS instance class for the database"
type = string
default = "db.t3.micro"
}
# BAD
variable "db_class" {
type = string
}
DRY Patterns
Use Locals:
locals {
common_tags = {
Project = var.project
Environment = var.environment
ManagedBy = "terraform"
}
name_prefix = "${var.project}-${var.environment}"
}
resource "aws_instance" "web" {
tags = merge(local.common_tags, {
Name = "${local.name_prefix}-web"
})
}
Avoid Repetition:
# BAD - hardcoded everywhere
resource "aws_instance" "web" {
tags = { Project = "myapp", Environment = "prod" }
}
resource "aws_instance" "api" {
tags = { Project = "myapp", Environment = "prod" }
}
# GOOD - use locals
resource "aws_instance" "web" {
tags = local.common_tags
}
Version Constraints
# GOOD - allows patch updates
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
# BAD - exact version (breaks updates)
version = "5.31.0"
# BAD - no constraint (unpredictable)
version = ">= 5.0"
Report Format
MAINTAINABILITY SCORE: X/10
Formatting: PASS/FAIL
Variable Descriptions: X/Y documented
Locals Usage: GOOD/UNDERUSED
Naming Consistency: CONSISTENT/INCONSISTENT
Version Constraints: PROPER/NEEDS FIX
Issues Found:
- [ ] Run `tofu fmt -recursive`
- [ ] Add descriptions to variables: X, Y, Z
- [ ] Extract repeated value "us-east-1" to local
- [ ] Change exact version to ~> constraint