-
Notifications
You must be signed in to change notification settings - Fork 6
/
example_text_doc.txt
46 lines (32 loc) · 1.61 KB
/
example_text_doc.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
AWS_ACCESS_KEY_ID=<REPLACE_WITH_AWS_ACCESS_KEY_ID>
AWS_SECRET_ACCESS_KEY=<REPLACE_WITH_AWS_SECRET_KEY>
TF_USER_TOKEN=<REPLACE_WITH_TERRAFORM_USER_TOKEN>
WORKSPACE_ID=<TERRAFORM_CLOUD_WORKSPACE_ID>
WORKSPACE_NAME=<REPLACE_WITH_WORKSPACE_NAME>
PRISMA_ACCESS_KEY=<REPLACE_WITH_PRISMA_ACCESS_KEY>
PRISMA_SECRET_KEY=<REPLACE_WITH_PRISMA_SECRET_KEY>
# sentinel.hcl file should look like this:
policy "prismacloud" {
source = "./prismacloud.sentinel"
enforcement_level = "hard-mandatory"
}
# prismacloud.sentinel file should look similar to below code block. REPLACE <CODE_SECURITY_APPSTACK> with api2, api3....etc. Replace <TERRAFORM_CLOUD_WORKSPACE_ID> with the actual workspace ID.
import "http"
import "json"
param PRISMA_ACCESS_KEY
param PRISMA_SECRET_KEY
loginReq = http.request("https://<CODE_SECURITY_APP_STACK>.prismacloud.io/login").with_body(json.marshal({"username": PRISMA_ACCESS_KEY, "password": PRISMA_SECRET_KEY})).with_header("Content-Type", "application/json")
loginResp = json.unmarshal(http.post(loginReq).body)
req = http.request("https://<CODE_SECURITY_APP_STACK>.prismacloud.io/bridgecrew/api/v1/tfCloud/sentinel/<TERRAFORM_CLOUD_WORKSPACE_ID>").with_header("Authorization", loginResp.token)
resp = json.unmarshal(http.get(req).body)
if (length(resp.violations) > 0) {
print("Violations:\n")
for resp.violations as violation {
print(violation.title)
print("Resource: " + violation.resource_id)
print("Violation ID: " + violation.violation_id)
print("\n")
}
}
print("More details: " + resp.details_url)
main = rule { length(resp.violations) < 1 }