init

Signed-off-by: Charles-Edouard Brétéché <[email protected]>
kyverno · Sep 27, 2023 · 6bd0976 · 6bd0976
commit 6bd0976
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,9 @@
+# tf-kyverno
+
+```console
+# create a plan
+terraform plan -out=tf.plan
+
+# show plan in json
+terraform show -json tf.plan > tf.plan.json
+```
diff --git a/policy.yaml b/policy.yaml
@@ -0,0 +1,16 @@
+apiVersion: tf.kyverno.io/v1
+kind: Policy
+metadata:
+  name: require-label
+spec:
+  rules:
+    - name: require-label
+      match:
+        any:
+        - type: aws_s3_bucket
+      validate:
+        message: 'A team tag is required for all S3 buckets'
+        pattern:
+          values:
+            tags:
+              team: ?*
diff --git a/s3.tf b/s3.tf
@@ -0,0 +1,17 @@
+provider "aws" {
+  region                      = "eu-west-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  access_key                  = "mock_access_key"
+  secret_key                  = "mock_secret_key"
+}
+
+resource "aws_s3_bucket" "example" {
+  bucket = "my-tf-test-bucket"
+
+  tags = {
+    Name        = "My bucket"
+    Environment = "Dev"
+  }
+}