From 6bd09768028d884702d54074a3eb9d41557f3a99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Wed, 27 Sep 2023 22:42:23 +0200
Subject: [PATCH] init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 README.md   |  9 +++++++++
 policy.yaml | 16 ++++++++++++++++
 s3.tf       | 17 +++++++++++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 README.md
 create mode 100644 policy.yaml
 create mode 100644 s3.tf

diff --git a/README.md b/README.md
new file mode 100644
index 00000000..ed7051af
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+# tf-kyverno
+
+```console
+# create a plan
+terraform plan -out=tf.plan
+
+# show plan in json
+terraform show -json tf.plan > tf.plan.json
+```
\ No newline at end of file
diff --git a/policy.yaml b/policy.yaml
new file mode 100644
index 00000000..d48f8dd0
--- /dev/null
+++ b/policy.yaml
@@ -0,0 +1,16 @@
+apiVersion: tf.kyverno.io/v1
+kind: Policy
+metadata:
+  name: require-label
+spec:
+  rules:
+    - name: require-label
+      match:
+        any:
+        - type: aws_s3_bucket
+      validate:
+        message: 'A team tag is required for all S3 buckets'
+        pattern:
+          values:
+            tags:
+              team: ?*
diff --git a/s3.tf b/s3.tf
new file mode 100644
index 00000000..a52a385a
--- /dev/null
+++ b/s3.tf
@@ -0,0 +1,17 @@
+provider "aws" {
+  region                      = "eu-west-1"
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  access_key                  = "mock_access_key"
+  secret_key                  = "mock_secret_key"
+}
+
+resource "aws_s3_bucket" "example" {
+  bucket = "my-tf-test-bucket"
+
+  tags = {
+    Name        = "My bucket"
+    Environment = "Dev"
+  }
+}
\ No newline at end of file