Skip to content

sophos/factory-opa-terraform-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
main.tf
main.tf
 
 
terraform.rego
terraform.rego
 
 

Repository files navigation

Description

This repo contains files in support of an integration between Sophos Factory and Terraform Cloud. The goal is to insert an intermediary step in the Terraform Cloud workflow by way of a Sophos Factory pipeline that can execute any number of tasks, such as an opa eval scan, Terrascan, or Checkov scan using Terraform Cloud's Event Hook feature to trigger a Sophos Factory pipeline via WebHook.

The basic flow looks like this:

Terraform Plan ➡ Event Hook ➡ Sophos Factory WebHook ➡ Sophos Factory Pipeline ➡ Back to Event Hook ➡ Deploy

The inspiration for this example comes from the Open Policy Agent | Terraform use case. The files listed in the instructions above have been added to this repo.

Requirements

  • A Terraform Cloud account
  • A Sophos Factory account
  • An AWS user with
    • An Access Key
    • Permission to do a plan based on the Terraform configuration in this repo

Instructions

  • In AWS
    • If you don't already have one, create an IAM user with programmatic access and have the access key id and secret access key available for later
    • Assign the user the appropriate permissions to deploy the Terraform configuration in this repo
      • (you do not need to deploy any resources to AWS in order to prove the workflow was successful)
  • In Sophos Factory
    • Create a new Job using the following settings:
      • Trigger: Incoming WebHook
      • Variables Transform: {"data": body | dump}
      • Pipeline: choose one of the following example pipelines
        • Terraform Cloud Event Hook | OPA Eval
        • Terraform Cloud Event Hook | Terrascan
        • Terraform Cloud Event Hook | Checkov
      • Revision: latest
    • Copy the WebHook URL for use later
  • In Terraform Cloud
    • Create a new Event Hook (YourOrg ➡ Settings ➡ Task event hooks ➡ Create event hook)
      • Name: Choose a descriptive name
      • Hook endpoint URL: Paste in the WebHook URL from the Sophos Factory job
    • Create a new workspace in Terraform Cloud using the following settings:
      • Version Control Workflow
        • Provider: GitHub
        • ID: refactr/opa-terraform-demo
      • Add the new Event Hook (YourWorkspace ➡ Settings ➡ Tasks)
        • Enforcement Level: choose either value
    • Add the following Environment Variables (YourWorkspace ➡ Variables ➡ Environment Variables)
      • AWS_ACCESS_KEY_ID: Paste in your AWS user's access key id
      • AWS_SECRET_ACCESS_KEY: Paste in your AWS user's secret access key
      • AWS_DEFAULT_REGION: choose an AWS region
    • Start a new plan to confirm everything works (YourWorkspace ➡ Actions ➡ Start a new plan)
      • Enter a reason for the new plan
      • Click Start plan
        • If you see a green check mark and Tasks Passed then you have successfully completed this integration!
        • Feel free to cancel the plan

Resources

About

Open Policy Agent Terraform Example for Sophos Factory

Topics

terraform open-policy-agent sophos-factory

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

2 forks
Report repository

Contributors 3

  •  
  •  
  •  

Languages