Code Monkey home page Code Monkey logo

Comments (4)

mocofound avatar mocofound commented on August 15, 2024

Hello! Please see the below snippets of code you can use to help build Sentinel policies like this:

Example Sentinel function to iterate over all resources in plan

kubernetes_namespaces = func() {
	namespaces = []
	// Iterate over all the resources in the Terraform plan and
	// find kubernetes_namespace resource
	for tfplan.resources as type, resource {
		if type is "kubernetes_namespace" {
			namespaces += [resource]
		}
	}

	// Return a list of kubernetes namespaces found in the Terraform plan
	return namespaces
}

Example Sentinel logic to check for existence of mandatory tags

mandatory_tags = [
  "TTL", 
  "Owner",
]

# Instance tag rule
instance_tags = rule {
    all aws_instances as _, instances {
    	all instances as index, r {
            all mandatory_tags as t {
                r.applied.tags contains t
            }
        }
    }
}

from terraform-guides.

rajagopalanrg avatar rajagopalanrg commented on August 15, 2024

Thanks for your snippet. I also tried many ways to compare two lists, for example, I wanted to compare list of security group ids of a vm with a mandatory_security_groups list and verify if all mandatory security groups are there. I took the mandatory_tags example and modified but could not achieve. Could you help me here.

from terraform-guides.

rajagopalanrg avatar rajagopalanrg commented on August 15, 2024

I get an error with your snippet, "only a list or map can be indexed, got undefined"

from terraform-guides.

rberlind avatar rberlind commented on August 15, 2024

@rajagopalanrg : sorry for the long delay responding to this post.

The third-generation policies have sentinel modules like tfplan-functions.sentinel and tfconfig-functions.sentinel that have various functions. Each function is documented in a separate file.

The tfplan-functions module does have find_resources_by_provider and find_datasources_by_provider. There are similar functions in the tfconfig-functions module.

Also, I recently updated the third-generation policies that validate that certain labels are on resources of many types for AWS and Azure:

The policy for GCP is still restricted to a single resource type:

Roger Berlind
Global Technology Specialist
HashiCorp

from terraform-guides.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.