Featured image of post Announcing TFLint Ruleset for Microsoft Fabric Terraform Provider
Microsoft Fabric

Announcing TFLint Ruleset for Microsoft Fabric Terraform Provider

A support tool for the serious Microsoft Fabric terraformer :D

Announcing TFLint ruleset for the Microsoft Fabric Terraform provider

I’ve been thinking a bit on how to expand the ecosystem for the Microsoft Fabric Terraform provider. One thing I have been missing is a way to help validate, enforce and guardrail good practices on the Microsoft Fabric Terraform code…but there was this hurdle. Almost all existing tools supporting Terrafom providers, including the provider itself, is written in Go. Even though I started my career as a software engineer, I did not have any experience with Go and my schedule was a bit packed.

That said, one of my favorite quotes is from Astrid Lindgrens books about Pippi Longstocking. She says “I have never tried that before, so I think I should definitely be able to do that”, which is a mindset I truly can subscribe to. So I started looking into what was required and just got going. The ruleset is inspired by how the ruleset for AzureRM is built, which relies on the specifications of the REST APIs to build a majority of the rules. This is rules like maximum length on name and descriptions attributes and valid enumeration values for other kind of attributes. To reduce the amount of work to handle this I built a tool that generates these rules automagically based on the current version of the Fabric REST API specifications. In addition I have created a few other rules, let’s call them “business logic” rules, where one is given more advice on your code. As an example, if you omit filling out the description attribute you will be reminded why it is a good idea to do just that.
So after quite a few hours putting this together, and with some help from GitHub Copilot, the very first public version of the ruleset is now ready to be used 🀩.

I already have seen ways to improve the usability of the ruleset and I will continue to work on improving it, but I hereby also invite the community to take it for a spin and provide feedback, or even contribute with expanding the ruleset.
If reading long blog-posts is not your favorite activity and you want to get going quickly, here is the GitHub repo for the ruleset which also contains installation instructions -> https://github.com/RuneORakeie/tflint-ruleset-fabric

βΈ»

“I have never tried that before, so I think I should definitely be able to do that” β€” Pippi Longstocking (by Astrid Lindgren)

βΈ»

What is a linter and why it matters

I believe it’s helpful to clarify what a linter is, and why we care β€” especially in the IaC (Infrastructure as Code) world, so here goes…

Definition and origins

According to the Wikipedia article on Lint, the original “lint” tool was developed in 1978 at Bell Labs by Stephen C. Johnson to analyse C code for portability issues. In CompSci terms Lint is a tool for “static code analysis used to flag programming errors, bugs, stylistic errors and suspicious constructs” as it is defined in the mentioned Wikipedia article. The term Lint was borrowed from the word lint, the tiny bits of fluff and fiber caught in the lint-trap in your clothes-dryer and the analogy being: “a lint-trap for code” that catches little things before they cause trouble.

Why use a linter in IaC / Terraform / Cloud infrastructure

As with application code, infrastructure-as-code files (for Terraform, Bicep, etc) benefit from early validation: catching typos, misconfigurations, policy violations, or anti-patterns before they hit production. With a linter you can enforce consistency, readability, and maintainability β€” making life easier for reviewers, future maintainers (future you?), and automation pipelines. For example: ensuring naming conventions, configurations settings, correct region settings, etc. In large organisations (or community modules) it helps teams align on standards, reduce “configuration drift”, and avoid repeating known pitfalls.

Following the notion of “shift-left testing”: the earlier you catch a defect (or anti-pattern) in your pipeline, the cheaper and less risky it is. That is why implementing Linters is seen as following good practices.

βΈ»

What tflint-ruleset-fabric does and why it’s useful

So what does the new ruleset provide, and why should you care?

Purpose

The aim of tflint-ruleset-fabric is to bring linting capabilities to your Microsoft Fabric Terraform codebase. More specifically:

  • It provides rule definitions (checks) specific to the Microsoft Fabric Terraform provider
  • It can help enforce best-practices for Fabric deployments: for example correct resource naming, required tags (eventually?), default values, use of managed identities, region constraints, module usage patterns, etc.
  • It integrates with the popular TFLint tool β€” meaning you can run it as part of your CI/CD pipeline, pre-commit hook, review process, etc.
  • It is open source and community-friendly: you’re invited to try it, provide feedback, raise issues or pull-requests, and help building it to becomer more feature-rich.

Why it matters

  • As Microsoft Fabric adoption grows, so will the complexity of its Terraform usage. A dedicated ruleset helps avoid misconfigurations and poor practices early.
  • Because the tool is built on top of TFLint, it slots into existing Terraform workflows and CI/CD pipelines with minimal friction.
  • It helps teams standardise on patterns (governance, tagging, resource naming, security controls) specific to Fabric and in general for Terraform configurations β€” in the same way you might have rulesets for Azure, AWS, GCP, etc.
  • It lowers the barrier for Terraform authors and module maintainers to adopt “linting” governance around their Fabric resources.

βΈ»

How can I start using the TFLint ruleset for Microsoft Fabric?

I recommend you try out TFlint by running it locally first. The official installation instructions and verification of the TFLint tool can be found here.
You need to configure a .tflint.hcl file and the content of this file you can use both locally and later in your CI pipeline. Checkout the example in the tflint-ruleset-fabric repo.

Testing locally

After TFLint is installed and the config file is defined, start your favorite terminal app and navigate to the folder where your Terraform code resides:

# If your .tflint.hcl is in the same folder as your Terraform code
tflinit --init

# If your .tflint.hcl is in a different location than your Terraform code
tflinit --init -c <path to .tflint.hcl>

then:

tflint -c <path to .tflint.hcl>

# It will give you resultsets like this
Warning: Adding a description improves documentation and governance of your Fabric environment. Consider including the purpose, owner, and any relevant business context. (fabric_item_description_recommended)

  on kql-resources.tf line 4:
   4: resource "fabric_eventhouse" "kql_demo" {

Reference: https://github.com/RuneORakeie/tflint-ruleset-fabric/blob/v0.1.0/docs/rules/fabric_item_description_recommended.md

Error: display_name exceeds max length 256 (fabric_eventstream_invalid_display_name)

  on kql-resources.tf line 35:
  35:   display_name = "Lorem ipsum dolor sit amet consectetur adipiscing elit quisque faucibus ex sapien vitae pellentesque sem placerat in id cursus mi pretium tellus duis convallis tempus leo eu aenean sed diam urna tempor pulvinar vivamus fringilla lacus nec metus bibendum ege"

Reference: https://github.com/microsoft/fabric-rest-api-specs/tree/main/eventstream/definitions.json

Integrating TFLint into your CI workflows

You’ll want to install TFLint in your repository (or build pipeline) and enable or reference the fabric-ruleset plugin/extension. The authors of TFLint have built and are maintaining a GitHub Action for setting up TFLint. Check out the docs to get that sorted as well

As with any linting tool, treat the output as guidance: not everything flagged might be relevant in your specific scenario, so tailor the rule-set (enable/disable rules) as needed.

βΈ»

A community invite

Since this is a community project, I encourage you to raise ideas for rules you’d like to see (or patterns you regularly enforce) in the GitHub repo. Building tflint-ruleset-fabric has been a fun side-project, and I hope it brings real value to those using Terraform and Microsoft Fabric.

So: if you’d like to help, here’s how you can contribute:

  • Try it: clone https://github.com/RuneORakeie/tflint-ruleset-fabric, add it to your Terraform repo and see what it flags.
  • Provide feedback: raise issues for false-positives, missing rules, performance glitches, or rule suggestions.
  • Contribute rules: if you spot a repeated mis-pattern in Fabric deployments (naming, tagging, identity usage, network configurations), send a PR with a new rule.
  • Share patterns: If your organisation has specific governance rules around Fabric, share them β€” maybe they become part of the standard ruleset.
  • Spread the word: If you find it useful, share with your team, peers, user-groups or conferences (yes I’m eyeballing you #SQLFamily) 😊.

βΈ»

Final thoughts

If you’re working with Terraform and Microsoft Fabric and you don’t yet have linting for your infra modules, I hope tflint-ruleset-fabric becomes a useful addition to your toolchain. Let’s raise the quality bar together β€” catch the lint before it trips you in production.

Thank you for reading β€” happy linting! πŸ”§

β€” Rune Ovlien Rakeie

GitHub ➜ https://github.com/RuneORakeie/tflint-ruleset-fabric

βΈ»

© 2024 - 2025 datarune.online
Notes from the field...my internet-stored long term memory
Built with Hugo
Theme Stack designed by Jimmy