Skip to content

Commit

Permalink
Merge pull request #10 from morethancertified/feature
Browse files Browse the repository at this point in the history
testing opa
  • Loading branch information
Derek Morgan authored Oct 22, 2024
2 parents 6322409 + d52c3ba commit 1aa2faf
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 14 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/plan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -64,5 +64,5 @@ jobs:

- name: Run OPA Tests
run: |
opaout=$(opa eval --data ../policies/plan.rego --input /tmp/plan.json "data.terraform.deny" | jq -r '.result[].expressions[].value[]')
opaout=$(opa eval --data ../policies/instance-policy.rego --input /tmp/plan.json "data.terraform.deny" | jq -r '.result[].expressions[].value[]')
[ -z "$opaout" ] && exit 0 || echo "$opaout" && gh pr comment ${{ github.event.pull_request.number }} --body "### $opaout" && exit 1
16 changes: 16 additions & 0 deletions policies/instance-policy.rego
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package terraform

import rego.v1

allowed_instance_types := ["t3.micro", "t3.small"]

deny contains msg if {
some resource in input.resource_changes
resource.type == "aws_instance"
instance_type := resource.change.after.instance_type
not instance_type in allowed_instance_types
msg := sprintf(
"instance type for '%s' is '%s', but must be '%s'",
[resource.address, instance_type, allowed_instance_types],
)
}
69 changes: 69 additions & 0 deletions policies/plan.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{
"format_version": "1.2",
"terraform_version": "1.9.8",
"resource_changes": [
{
"address": "aws_instance.grafana_server",
"mode": "managed",
"type": "aws_instance",
"name": "grafana_server",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"after": {
"instance_type": "t3.micro"
}
}
},
{
"address": "aws_internet_gateway.gitops_igw",
"mode": "managed",
"type": "aws_internet_gateway",
"name": "gitops_igw",
"provider_name": "registry.terraform.io/hashicorp/aws",
"change": {
"actions": [
"no-op"
],
"before": {
"arn": "arn:aws:ec2:us-east-1:034858642295:internet-gateway/igw-0ae0e0dee11fe2dac",
"id": "igw-0ae0e0dee11fe2dac",
"owner_id": "034858642295",
"tags": {
"Name": "gitops-igw"
},
"tags_all": {
"Name": "gitops-igw"
},
"timeouts": null,
"vpc_id": "vpc-0871ed203c7e35ead"
},
"after": {
"arn": "arn:aws:ec2:us-east-1:034858642295:internet-gateway/igw-0ae0e0dee11fe2dac",
"id": "igw-0ae0e0dee11fe2dac",
"owner_id": "034858642295",
"tags": {
"Name": "gitops-igw"
},
"tags_all": {
"Name": "gitops-igw"
},
"timeouts": null,
"vpc_id": "vpc-0871ed203c7e35ead"
},
"after_unknown": {},
"before_sensitive": {
"tags": {},
"tags_all": {}
},
"after_sensitive": {
"tags": {},
"tags_all": {}
}
}
}
],
"timestamp": "2024-10-21T20:04:15Z",
"applyable": false,
"complete": true,
"errored": false
}
13 changes: 0 additions & 13 deletions policies/plan.rego

This file was deleted.

0 comments on commit 1aa2faf

Please sign in to comment.