terrapolicy

package module

v0.1.0 Latest Latest Go to latest Published: Aug 21, 2023 License: MPL-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/clearbank/terrapolicy

Links

Open Source Insights

README ¶

Terrapolicy

Terrapolicy is a CLI tool / go module that allows the enforcement of policies and remediations at terraform files level. The tool is based and heavily inspired on terratag

Rationale

When enforcing policies and remediations in the cloud, you can find yourself having resources drifting from your terraform state and files. Terrapolicy aims as solving this problem adjusting file format and properties in terraform, before the state is computed and applied. This can be particularily useful if your terraform files and resources are all following the same release workflow, and terrapolicy can be applied centrally to all files before being processed for a terraform plan command. It follows the same concept as Policy-as-code introduced by checkov.io

Requirements

Go >= 1.20

Getting started

go install ./cli/terrapolicy/

Policies

See docs for examples

version_policy

parameter	type	descr
provider	string	the name of the provider to match. Based on `terraform version` output
value	string,string[]	the value to check against
strategy	string	minimum_version,exclude
strategy.minimum_version		provider must be >= of provider value
strategy.exclude		fails policy is provider matches exacly the provided value

attributes_policy

parameter	type	descr
resource	string	the name of the resource
value	any	the value to set for remediation types
attribute	string	the attribute to check against on the resource
strategy	string	fail_if_missing,fail_if_set,set_if_missing,force_set
strategy.fail_if_missing		fails policy if attribute is missing on resource
strategy.fail_if_set		fails policy if attribute is set on resource
strategy.set_if_missing		sets attribute on resource if missing
strategy.force_set		always sets attribute on resource

Test

go test -v

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var POLICY_MAPPING_PROVIDERS = map[string]policies.ProviderPolicyExecutor{
	"version_policy": &provider_policies.VersionPolicy{},
}

View Source

var POLICY_MAPPING_RESOURCES = map[string]policies.ResourcePolicyExecutor{
	"attributes_policy": &resource_policies.AttributesPolicy{},
}

Functions ¶

func TerraPolicy ¶

func TerraPolicy(args Args) error

Types ¶

type Args ¶

type Args struct {
	Policy policies.Policy
	Flags  policies.PolicyExecutionFlags
	Dir    string
}

type PoliciesHandlerFunc ¶

type PoliciesHandlerFunc func(args *Args) error

Source Files ¶

View all Source files

terrapolicy.go

Directories ¶

Path	Synopsis
cli
policy_validator
terrapolicy
internals
cli
file
policies
policies/providers
policies/resources
providers
terraform
tfschema
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL