First of all thanks for all the job done here. Greatly appreciated.
Testing how to create hcl2 policies.
resource "aws_instance" "example" {
ami = "ami-12345678"
instance_type = "t2.micro"
root_block_device {
volume_size = 8
// The "encrypted" attribute should be set to "true" for this policy to pass
encrypted = true
}
}
package main
deny[reason] {
some resource
input.resource_changes[resource]
resource.type == "aws_instance"
not resource.change.after.tags
reason := sprintf("AWS instance '%s' does not have any tags", [resource.change.after.address])
}
deny[reason] {
some resource
input.resource_changes[resource]
resource.type == "aws_instance"
mandatory_tags := {"Name", "Environment"}
not all_tags_present(resource.change.after.tags, mandatory_tags)
reason := sprintf("AWS instance '%s' is missing mandatory tags", [resource.change.after.address])
}
# Helper function to check if all mandatory tags are present
all_tags_present(tags, mandatory_tags) {
all_mandatory_tags := {tag | tag := mandatory_tags[_]}
provided_tags := {tag | tags[tag]}
all_mandatory_tags == provided_tags
}
after running: conftest test tfplan.json --policy tags_scp.rego I got all passed correctly which is not true...
Hi there,
First of all thanks for all the job done here. Greatly appreciated.
Testing how to create hcl2 policies.
after running:
conftest test tfplan.json --policy tags_scp.rego
I got all passed correctly which is not true...Hope you can help me,
Regards, Julio