Skip to content
Example Code along with the blog post at https://blokje5/dev
HCL
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
policy
.gitignore
README.md
main.tf

README.md

Validating Terraform plans using the Open Policy Agent

This repository contains the code for the blog post here: https://blokje5.dev/posts/validating-terraform-plans/

Requirements

The following tools are needed in order to execute the code:

Additionally, if you want to execute the unit tests for the policies, the OPA binary needs to be installed.

Generating a terraform plan

execute the following commands (note that valid AWS credentials need to be available, as we are deploying AWS resources).

terraform init
terraform plan -out=tfplan
terraform show -json ./tfplan > tfplan.json

Evaluating the plan

conftest test ./tfplan.json

Which returns the following output:

./tfplan.json
   Invalid tags (missing minimum required tags) for the following resources: ["aws_s3_bucket.helm_repo"]
   Invalid tags (not pascal case) for the following resources: ["aws_s3_bucket.terraform_state_bucket"]

Unit testing Rego policies

cd policy
opa test -v *.rego
You can’t perform that action at this time.