search

ansible / ansible-policy

ansible-policy is a prototype implementation which allows us to define and set constraints to the Ansible project in OPA Rego language.
Apache License 2.0
20 stars 10 forks source link

Support ansible loop: #47

Open ffirg opened 2 months ago

ffirg commented 2 months ago

I can't get it to handle this:

# Basic Lambda function deletion
- name: Delete Lambda functions HelloWorld and ByeBye
  lambda:
    name: '{{ item }}'
    state: absent
  loop:
    - HelloWorld
    - ByeBye

Here is my example policybook which I'm using against this:

### AWS lambda policy checks ###
---
- name: AWS Lambda based policy assurance checks
  hosts: localhost
  vars:
    essential_services:
    - "HelloWorld"
    - "AnotherOne"
  policies:
     - name: "Ensure we do not remove essential services"
       target: task
       condition:
         any:
         - input["amazon.aws.lambda"].name in essential_services and input["amazon.aws.lambda"].state == "absent" # if using FQCN
         - input["lambda"].name in essential_services and input["lambda"].state == "absent" # if not using FQCN
       actions:
         - deny:
             msg: Stopping the removal of essential Lambda services {{ essential_services }}
       tags:
         - compliance