Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 

Validating Terraform plans using the Open Policy Agent

This repository contains the code for the blog post here: https://blokje5.dev/posts/validating-terraform-plans/

Requirements

The following tools are needed in order to execute the code:

Additionally, if you want to execute the unit tests for the policies, the OPA binary needs to be installed.

Generating a terraform plan

execute the following commands (note that valid AWS credentials need to be available, as we are deploying AWS resources).

terraform init
terraform plan -out=tfplan
terraform show -json ./tfplan > tfplan.json

Evaluating the plan

conftest test ./tfplan.json

Which returns the following output:

./tfplan.json
   Invalid tags (missing minimum required tags) for the following resources: ["aws_s3_bucket.helm_repo"]
   Invalid tags (not pascal case) for the following resources: ["aws_s3_bucket.terraform_state_bucket"]

Unit testing Rego policies

cd policy
opa test -v *.rego

About

Example Code along with the blog post at https://blokje5/dev

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages