From 8d1d921c299b42504c366bddcb59716982548ace Mon Sep 17 00:00:00 2001 From: Viacheslav Lyzohub Date: Tue, 2 Jul 2024 10:43:59 +0300 Subject: [PATCH] SCALRCORE-31241: Folder structure --- .github/workflows/opa.yml | 1 + .../enforce_aws_iam_and_workspace.rego | 0 .../enforce_aws_iam_and_workspace_mock.json | 0 .../enforce_aws_iam_and_workspace_test.rego | 0 .../enforce_aws_resource.rego | 0 .../enforce_aws_resource_mock.json | 0 .../enforce_aws_resource_test.rego | 0 aws/{ => enforce_cidr}/enforce_cidr.rego | 0 .../enforce_cidr_mock.json} | 0 .../enforce_cidr_test.rego} | 0 aws/enforce_ebs_del_on_term.mock.json | 777 ------------------ .../enforce_ebs_del_on_term.rego | 3 +- .../enforce_ebs_del_on_term_mock.json | 776 +++++++++++++++++ .../enforce_ebs_del_on_term_test.rego} | 0 .../enforce_iam_instance_profiles.rego | 3 +- .../enforce_iam_instance_profiles_mock.json} | 0 .../enforce_iam_instance_profiles_test.rego} | 0 .../enforce_instance_subnet.rego | 1 - .../enforce_instance_subnet_mock.json} | 0 .../enforce_instance_subnet_test.rego} | 0 .../enforce_kms_key_names.rego | 0 .../enforce_kms_key_names_mock.json} | 0 .../enforce_kms_key_names_test.rego} | 0 .../enforce_lb_subnets.rego | 3 +- .../enforce_lb_subnets_mock.json} | 0 .../enforce_lb_subnets_test.rego} | 0 .../enforce_rds_subnets.rego | 1 - .../enforce_rds_subnets_mock.json} | 0 .../enforce_rds_subnets_test.rego} | 0 .../enforce_s3_buckets_encryption.rego | 0 .../enforce_s3_buckets_encryption_mock.json | 0 .../enforce_s3_buckets_encryption_test.rego | 0 .../enforce_s3_private.rego | 0 .../enforce_s3_private_mock.json} | 0 .../enforce_s3_private_test.rego} | 0 .../enforce_sec_group.rego | 3 +- .../enforce_sec_group_mock.json} | 0 .../enforce_sec_group_test.rego} | 0 .../limit_monthly_cost.rego | 0 .../limit_monthly_cost_mock.json | 0 .../limit_monthly_cost_test.rego | 0 .../{ => limit_monthly_cost}/scalr-policy.hcl | 0 .../random_decision.rego | 0 .../random_decision_test.rego | 0 .../{ => random_decision}/scalr-policy.hcl | 0 .../enforce_gcs_private.rego | 0 .../enforce_gcs_private_mock.json} | 0 .../enforce_gcs_private_test.rego} | 0 .../denied_provisioners.rego | 0 .../denied_provisioners_mock.json | 0 .../denied_provisioners_test.rego | 0 .../enforce_ami_owners.rego | 0 .../enforce_ami_owners_mock.json | 0 .../enforce_ami_owners_test.rego | 0 .../enforce_var_desc.mock.json | 0 .../enforce_var_desc.rego | 0 .../enforce_var_desc.test.rego | 0 .../{ => instance_types}/instance_types.rego | 0 .../instance_types_mock.json | 0 .../instance_types_test.rego | 0 .../{ => pull_requests}/pull_requests.rego | 0 .../pull_requests_mock.json | 0 .../pull_requests_test.rego | 0 .../resource_tags.rego | 0 .../resource_tags_mock.json | 0 .../resource_tags_test.rego | 0 .../whitelist_ami.rego | 0 .../whitelist_ami_mock.json | 0 .../whitelist_ami_test.rego | 0 .../workspace_destroy.rego | 0 .../workspace_destroy_mock.json | 0 .../workspace_destroy_test.rego | 0 .../workspace_environment_type.rego | 0 .../workspace_environment_type_mock.json | 0 .../workspace_environment_type_test.rego | 0 .../{ => workspace_name}/workspace_name.rego | 0 .../workspace_name_mock.json | 0 .../workspace_name_test.rego | 0 .../{ => workspace_tags}/workspace_tags.rego | 0 .../workspace_tags_mock.json | 0 .../workspace_tags_test.rego | 0 .../pin_module_version.rego | 0 .../pin_module_version_mock.json | 0 .../pin_module_version_test.rego | 0 .../required_modules.rego | 0 .../required_modules_mock.json | 0 .../required_modules_test.rego | 0 .../{ => cloud_location}/cloud_location.rego | 0 .../cloud_location_mock.json | 0 .../cloud_location_test.rego | 0 .../blacklist_provider.rego | 0 .../blacklist_provider_mock.json | 205 +++++ .../blacklist_provider_test.rego | 0 providers/blacklist_provider_mock.json | 205 ----- user/{ => check_user}/user.rego | 0 user/{ => check_user}/user_mock.json | 0 user/{ => check_user}/user_test.rego | 0 97 files changed, 986 insertions(+), 992 deletions(-) rename aws/{ => enforce_aws_iam_and_workspace}/enforce_aws_iam_and_workspace.rego (100%) rename aws/{ => enforce_aws_iam_and_workspace}/enforce_aws_iam_and_workspace_mock.json (100%) rename aws/{ => enforce_aws_iam_and_workspace}/enforce_aws_iam_and_workspace_test.rego (100%) rename aws/{ => enforce_aws_resource}/enforce_aws_resource.rego (100%) rename aws/{ => enforce_aws_resource}/enforce_aws_resource_mock.json (100%) rename aws/{ => enforce_aws_resource}/enforce_aws_resource_test.rego (100%) rename aws/{ => enforce_cidr}/enforce_cidr.rego (100%) rename aws/{enforce_cidr.mock.json => enforce_cidr/enforce_cidr_mock.json} (100%) rename aws/{enforce_cidr.test.rego => enforce_cidr/enforce_cidr_test.rego} (100%) delete mode 100644 aws/enforce_ebs_del_on_term.mock.json rename aws/{ => enforce_ebs_del_on_term_mock}/enforce_ebs_del_on_term.rego (96%) create mode 100644 aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term_mock.json rename aws/{enforce_ebs_del_on_term.test.rego => enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term_test.rego} (100%) rename aws/{ => enforce_iam_instance_profiles}/enforce_iam_instance_profiles.rego (95%) rename aws/{enforce_iam_instance_profiles.mock.json => enforce_iam_instance_profiles/enforce_iam_instance_profiles_mock.json} (100%) rename aws/{enforce_iam_instance_profiles.test.rego => enforce_iam_instance_profiles/enforce_iam_instance_profiles_test.rego} (100%) rename aws/{ => enforce_instance_subnet}/enforce_instance_subnet.rego (97%) rename aws/{enforce_instance_subnet.mock.json => enforce_instance_subnet/enforce_instance_subnet_mock.json} (100%) rename aws/{enforce_instance_subnet.test.rego => enforce_instance_subnet/enforce_instance_subnet_test.rego} (100%) rename aws/{ => enforce_kms_key_names}/enforce_kms_key_names.rego (100%) rename aws/{enforce_kms_key_names.mock.json => enforce_kms_key_names/enforce_kms_key_names_mock.json} (100%) rename aws/{enforce_kms_key_names.test.rego => enforce_kms_key_names/enforce_kms_key_names_test.rego} (100%) rename aws/{ => enforce_lb_subnets}/enforce_lb_subnets.rego (96%) rename aws/{enforce_lb_subnets.mock.json => enforce_lb_subnets/enforce_lb_subnets_mock.json} (100%) rename aws/{enforce_lb_subnets.test.rego => enforce_lb_subnets/enforce_lb_subnets_test.rego} (100%) rename aws/{ => enforce_rds_subnets}/enforce_rds_subnets.rego (96%) rename aws/{enforce_rds_subnets.mock.json => enforce_rds_subnets/enforce_rds_subnets_mock.json} (100%) rename aws/{enforce_rds_subnets.test.rego => enforce_rds_subnets/enforce_rds_subnets_test.rego} (100%) rename aws/{ => enforce_s3_buckets_encryption}/enforce_s3_buckets_encryption.rego (100%) rename aws/{ => enforce_s3_buckets_encryption}/enforce_s3_buckets_encryption_mock.json (100%) rename aws/{ => enforce_s3_buckets_encryption}/enforce_s3_buckets_encryption_test.rego (100%) rename aws/{ => enforce_s3_private}/enforce_s3_private.rego (100%) rename aws/{enforce_s3_private.mock.json => enforce_s3_private/enforce_s3_private_mock.json} (100%) rename aws/{enforce_s3_private.test.rego => enforce_s3_private/enforce_s3_private_test.rego} (100%) rename aws/{ => enforce_sec_group}/enforce_sec_group.rego (96%) rename aws/{enforce_sec_group.mock.json => enforce_sec_group/enforce_sec_group_mock.json} (100%) rename aws/{enforce_sec_group.test.rego => enforce_sec_group/enforce_sec_group_test.rego} (100%) rename cost/{ => limit_monthly_cost}/limit_monthly_cost.rego (100%) rename cost/{ => limit_monthly_cost}/limit_monthly_cost_mock.json (100%) rename cost/{ => limit_monthly_cost}/limit_monthly_cost_test.rego (100%) rename cost/{ => limit_monthly_cost}/scalr-policy.hcl (100%) rename external_data/{ => random_decision}/random_decision.rego (100%) rename external_data/{ => random_decision}/random_decision_test.rego (100%) rename external_data/{ => random_decision}/scalr-policy.hcl (100%) rename gcp/{ => enforce_gcs_private}/enforce_gcs_private.rego (100%) rename gcp/{enforce_gcs_private.mock.json => enforce_gcs_private/enforce_gcs_private_mock.json} (100%) rename gcp/{enforce_gcs_private.test.rego => enforce_gcs_private/enforce_gcs_private_test.rego} (100%) rename management/{ => denied_provisioners}/denied_provisioners.rego (100%) rename management/{ => denied_provisioners}/denied_provisioners_mock.json (100%) rename management/{ => denied_provisioners}/denied_provisioners_test.rego (100%) rename management/{ => enforce_ami_owners}/enforce_ami_owners.rego (100%) rename management/{ => enforce_ami_owners}/enforce_ami_owners_mock.json (100%) rename management/{ => enforce_ami_owners}/enforce_ami_owners_test.rego (100%) rename management/{ => enforce_var_desc}/enforce_var_desc.mock.json (100%) rename management/{ => enforce_var_desc}/enforce_var_desc.rego (100%) rename management/{ => enforce_var_desc}/enforce_var_desc.test.rego (100%) rename management/{ => instance_types}/instance_types.rego (100%) rename management/{ => instance_types}/instance_types_mock.json (100%) rename management/{ => instance_types}/instance_types_test.rego (100%) rename management/{ => pull_requests}/pull_requests.rego (100%) rename management/{ => pull_requests}/pull_requests_mock.json (100%) rename management/{ => pull_requests}/pull_requests_test.rego (100%) rename management/{ => resource_tags_mock}/resource_tags.rego (100%) rename management/{ => resource_tags_mock}/resource_tags_mock.json (100%) rename management/{ => resource_tags_mock}/resource_tags_test.rego (100%) rename management/{ => whitelist_ami_mock}/whitelist_ami.rego (100%) rename management/{ => whitelist_ami_mock}/whitelist_ami_mock.json (100%) rename management/{ => whitelist_ami_mock}/whitelist_ami_test.rego (100%) rename management/{ => workspace_destroy}/workspace_destroy.rego (100%) rename management/{ => workspace_destroy}/workspace_destroy_mock.json (100%) rename management/{ => workspace_destroy}/workspace_destroy_test.rego (100%) rename management/{ => workspace_environment_type}/workspace_environment_type.rego (100%) rename management/{ => workspace_environment_type}/workspace_environment_type_mock.json (100%) rename management/{ => workspace_environment_type}/workspace_environment_type_test.rego (100%) rename management/{ => workspace_name}/workspace_name.rego (100%) rename management/{ => workspace_name}/workspace_name_mock.json (100%) rename management/{ => workspace_name}/workspace_name_test.rego (100%) rename management/{ => workspace_tags}/workspace_tags.rego (100%) rename management/{ => workspace_tags}/workspace_tags_mock.json (100%) rename management/{ => workspace_tags}/workspace_tags_test.rego (100%) rename modules/{ => pin_module_version}/pin_module_version.rego (100%) rename modules/{ => pin_module_version}/pin_module_version_mock.json (100%) rename modules/{ => pin_module_version}/pin_module_version_test.rego (100%) rename modules/{ => required_modules}/required_modules.rego (100%) rename modules/{ => required_modules}/required_modules_mock.json (100%) rename modules/{ => required_modules}/required_modules_test.rego (100%) rename placement/{ => cloud_location}/cloud_location.rego (100%) rename placement/{ => cloud_location}/cloud_location_mock.json (100%) rename placement/{ => cloud_location}/cloud_location_test.rego (100%) rename providers/{ => blacklist_provider}/blacklist_provider.rego (100%) create mode 100644 providers/blacklist_provider/blacklist_provider_mock.json rename providers/{ => blacklist_provider}/blacklist_provider_test.rego (100%) delete mode 100644 providers/blacklist_provider_mock.json rename user/{ => check_user}/user.rego (100%) rename user/{ => check_user}/user_mock.json (100%) rename user/{ => check_user}/user_test.rego (100%) diff --git a/.github/workflows/opa.yml b/.github/workflows/opa.yml index 81875e2..2ebe0a4 100644 --- a/.github/workflows/opa.yml +++ b/.github/workflows/opa.yml @@ -31,6 +31,7 @@ jobs: management/workspace_destroy.rego;management/workspace_destroy_test.rego;management/workspace_destroy_mock.json management/pull_requests.rego;management/pull_requests_test.rego;management/pull_requests_mock.json management/workspace_tags.rego;management/workspace_tags_test.rego;management/workspace_tags_mock.json + management/workspace_environment_type.rego;management/workspace_environment_type_еуіе.rego;management/workspace_environment_type_mock.json modules/pin_module_version.rego;modules/pin_module_version_test.rego;modules/pin_module_version_mock.json; modules/required_modules.rego;modules/required_modules_test.rego;modules/required_modules_mock.json; placement diff --git a/aws/enforce_aws_iam_and_workspace.rego b/aws/enforce_aws_iam_and_workspace/enforce_aws_iam_and_workspace.rego similarity index 100% rename from aws/enforce_aws_iam_and_workspace.rego rename to aws/enforce_aws_iam_and_workspace/enforce_aws_iam_and_workspace.rego diff --git a/aws/enforce_aws_iam_and_workspace_mock.json b/aws/enforce_aws_iam_and_workspace/enforce_aws_iam_and_workspace_mock.json similarity index 100% rename from aws/enforce_aws_iam_and_workspace_mock.json rename to aws/enforce_aws_iam_and_workspace/enforce_aws_iam_and_workspace_mock.json diff --git a/aws/enforce_aws_iam_and_workspace_test.rego b/aws/enforce_aws_iam_and_workspace/enforce_aws_iam_and_workspace_test.rego similarity index 100% rename from aws/enforce_aws_iam_and_workspace_test.rego rename to aws/enforce_aws_iam_and_workspace/enforce_aws_iam_and_workspace_test.rego diff --git a/aws/enforce_aws_resource.rego b/aws/enforce_aws_resource/enforce_aws_resource.rego similarity index 100% rename from aws/enforce_aws_resource.rego rename to aws/enforce_aws_resource/enforce_aws_resource.rego diff --git a/aws/enforce_aws_resource_mock.json b/aws/enforce_aws_resource/enforce_aws_resource_mock.json similarity index 100% rename from aws/enforce_aws_resource_mock.json rename to aws/enforce_aws_resource/enforce_aws_resource_mock.json diff --git a/aws/enforce_aws_resource_test.rego b/aws/enforce_aws_resource/enforce_aws_resource_test.rego similarity index 100% rename from aws/enforce_aws_resource_test.rego rename to aws/enforce_aws_resource/enforce_aws_resource_test.rego diff --git a/aws/enforce_cidr.rego b/aws/enforce_cidr/enforce_cidr.rego similarity index 100% rename from aws/enforce_cidr.rego rename to aws/enforce_cidr/enforce_cidr.rego diff --git a/aws/enforce_cidr.mock.json b/aws/enforce_cidr/enforce_cidr_mock.json similarity index 100% rename from aws/enforce_cidr.mock.json rename to aws/enforce_cidr/enforce_cidr_mock.json diff --git a/aws/enforce_cidr.test.rego b/aws/enforce_cidr/enforce_cidr_test.rego similarity index 100% rename from aws/enforce_cidr.test.rego rename to aws/enforce_cidr/enforce_cidr_test.rego diff --git a/aws/enforce_ebs_del_on_term.mock.json b/aws/enforce_ebs_del_on_term.mock.json deleted file mode 100644 index 1586179..0000000 --- a/aws/enforce_ebs_del_on_term.mock.json +++ /dev/null @@ -1,777 +0,0 @@ -{ - "mock": { - "invalid": { - "tfplan": { - "format_version": "0.1", - "terraform_version": "0.12.28", - "planned_values": { - "root_module": { - "resources": [ - { - "address": "aws_instance.web", - "mode": "managed", - "type": "aws_instance", - "name": "web", - "provider_name": "registry.terraform.io/hashicorp/aws", - "schema_version": 1, - "values": { - "ami": "ami-03f6f0014076ab3c5", - "credit_specification": [], - "disable_api_termination": null, - "ebs_block_device": [ - { - "delete_on_termination": false, - "device_name": "/dev/sda2" - }, - { - "delete_on_termination": true, - "device_name": "/dev/sda3" - } - ], - "ebs_optimized": null, - "get_password_data": false, - "hibernation": null, - "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, - "instance_type": "t3.micro", - "monitoring": null, - "root_block_device": [ - { - "delete_on_termination": false - } - ], - "source_dest_check": true, - "tags": null, - "timeouts": null, - "user_data": null, - "user_data_base64": null - } - } - ] - } - }, - "resource_changes": [ - { - "address": "aws_instance.web", - "mode": "managed", - "type": "aws_instance", - "name": "web", - "provider_name": "registry.terraform.io/hashicorp/aws", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "ami": "ami-03f6f0014076ab3c5", - "credit_specification": [], - "disable_api_termination": null, - "ebs_block_device": [ - { - "delete_on_termination": false, - "device_name": "/dev/sda2" - }, - { - "delete_on_termination": true, - "device_name": "/dev/sda3" - } - ], - "ebs_optimized": null, - "get_password_data": false, - "hibernation": null, - "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, - "instance_type": "t3.micro", - "monitoring": null, - "root_block_device": [ - { - "delete_on_termination": false - } - ], - "source_dest_check": true, - "tags": null, - "timeouts": null, - "user_data": null, - "user_data_base64": null - }, - "after_unknown": { - "arn": true, - "associate_public_ip_address": true, - "availability_zone": true, - "cpu_core_count": true, - "cpu_threads_per_core": true, - "credit_specification": [], - "ebs_block_device": [ - { - "encrypted": true, - "iops": true, - "kms_key_id": true, - "snapshot_id": true, - "volume_id": true, - "volume_size": true, - "volume_type": true - }, - { - "encrypted": true, - "iops": true, - "kms_key_id": true, - "snapshot_id": true, - "volume_id": true, - "volume_size": true, - "volume_type": true - } - ], - "ephemeral_block_device": true, - "host_id": true, - "id": true, - "instance_state": true, - "ipv6_address_count": true, - "ipv6_addresses": true, - "key_name": true, - "metadata_options": true, - "network_interface": true, - "outpost_arn": true, - "password_data": true, - "placement_group": true, - "primary_network_interface_id": true, - "private_dns": true, - "private_ip": true, - "public_dns": true, - "public_ip": true, - "root_block_device": [ - { - "device_name": true, - "encrypted": true, - "iops": true, - "kms_key_id": true, - "volume_id": true, - "volume_size": true, - "volume_type": true - } - ], - "secondary_private_ips": true, - "security_groups": true, - "subnet_id": true, - "tenancy": true, - "volume_tags": true, - "vpc_security_group_ids": true - } - } - } - ], - "prior_state": { - "format_version": "0.1", - "terraform_version": "0.12.28", - "values": { - "root_module": { - "resources": [ - { - "address": "data.aws_ami.ubuntu", - "mode": "data", - "type": "aws_ami", - "name": "ubuntu", - "provider_name": "registry.terraform.io/hashicorp/aws", - "schema_version": 0, - "values": { - "architecture": "x86_64", - "arn": "arn:aws:ec2:us-east-1::image/ami-03f6f0014076ab3c5", - "block_device_mappings": [ - { - "device_name": "/dev/sda1", - "ebs": { - "delete_on_termination": "true", - "encrypted": "false", - "iops": "0", - "snapshot_id": "snap-02d61473d2745f9b7", - "volume_size": "8", - "volume_type": "gp2" - }, - "no_device": "", - "virtual_name": "" - }, - { - "device_name": "/dev/sdb", - "ebs": {}, - "no_device": "", - "virtual_name": "ephemeral0" - }, - { - "device_name": "/dev/sdc", - "ebs": {}, - "no_device": "", - "virtual_name": "ephemeral1" - } - ], - "creation_date": "2020-09-04T22:45:42.000Z", - "description": "Canonical, Ubuntu, 20.04 LTS, amd64 focal image build on 2020-09-03", - "executable_users": null, - "filter": [ - { - "name": "name", - "values": [ - "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" - ] - }, - { - "name": "virtualization-type", - "values": [ - "hvm" - ] - } - ], - "hypervisor": "xen", - "id": "ami-03f6f0014076ab3c5", - "image_id": "ami-03f6f0014076ab3c5", - "image_location": "099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", - "image_owner_alias": null, - "image_type": "machine", - "kernel_id": null, - "most_recent": true, - "name": "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", - "name_regex": null, - "owner_id": "099720109477", - "owners": [ - "099720109477" - ], - "platform": null, - "product_codes": [], - "public": true, - "ramdisk_id": null, - "root_device_name": "/dev/sda1", - "root_device_type": "ebs", - "root_snapshot_id": "snap-02d61473d2745f9b7", - "sriov_net_support": "simple", - "state": "available", - "state_reason": { - "code": "UNSET", - "message": "UNSET" - }, - "tags": {}, - "virtualization_type": "hvm" - } - } - ] - } - } - }, - "configuration": { - "provider_config": { - "aws": { - "name": "aws", - "expressions": { - "region": { - "constant_value": "us-east-1" - } - } - } - }, - "root_module": { - "resources": [ - { - "address": "aws_instance.web", - "mode": "managed", - "type": "aws_instance", - "name": "web", - "provider_config_key": "aws", - "expressions": { - "ami": { - "references": [ - "data.aws_ami.ubuntu" - ] - }, - "ebs_block_device": [ - { - "delete_on_termination": { - "constant_value": false - }, - "device_name": { - "constant_value": "/dev/sda2" - } - }, - { - "delete_on_termination": { - "constant_value": true - }, - "device_name": { - "constant_value": "/dev/sda3" - } - } - ], - "instance_type": { - "constant_value": "t3.micro" - }, - "root_block_device": [ - { - "delete_on_termination": { - "constant_value": false - } - } - ] - }, - "schema_version": 1 - }, - { - "address": "data.aws_ami.ubuntu", - "mode": "data", - "type": "aws_ami", - "name": "ubuntu", - "provider_config_key": "aws", - "expressions": { - "filter": [ - { - "name": { - "constant_value": "name" - }, - "values": { - "constant_value": [ - "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" - ] - } - }, - { - "name": { - "constant_value": "virtualization-type" - }, - "values": { - "constant_value": [ - "hvm" - ] - } - } - ], - "most_recent": { - "constant_value": true - }, - "owners": { - "constant_value": [ - "099720109477" - ] - } - }, - "schema_version": 0 - } - ] - } - } - }, - "tfrun": { - "workspace": { - "name": "opa-dev", - "description": null, - "auto_apply": false, - "working_directory": null, - "tags": {} - }, - "environment": { - "id": "env-t2daq8tprsifel8", - "name": "pg-opa-dev" - }, - "vcs": null, - "cost_estimate": { - "prior_monthly_cost": 0, - "proposed_monthly_cost": 8.39, - "delta_monthly_cost": 8.39 - }, - "credentials": { - "ec2": "cred-stsfnc76g3pknk8" - }, - "source": "cli", - "message": "Queued manually using Terraform", - "is_destroy": false, - "is_dry": true, - "created_by": { - "name": "", - "email": "xxxxx@scalr.com", - "username": "xxxxx@scalr.com" - } - } - }, - "valid": { - "tfplan": { - "format_version": "0.1", - "terraform_version": "0.12.28", - "planned_values": { - "root_module": { - "resources": [ - { - "address": "aws_instance.web", - "mode": "managed", - "type": "aws_instance", - "name": "web", - "provider_name": "registry.terraform.io/hashicorp/aws", - "schema_version": 1, - "values": { - "ami": "ami-03f6f0014076ab3c5", - "credit_specification": [], - "disable_api_termination": null, - "ebs_block_device": [ - { - "delete_on_termination": true, - "device_name": "/dev/sda2" - }, - { - "delete_on_termination": true, - "device_name": "/dev/sda3" - } - ], - "ebs_optimized": null, - "get_password_data": false, - "hibernation": null, - "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, - "instance_type": "t3.micro", - "monitoring": null, - "root_block_device": [ - { - "delete_on_termination": true - } - ], - "source_dest_check": true, - "tags": null, - "timeouts": null, - "user_data": null, - "user_data_base64": null - } - } - ] - } - }, - "resource_changes": [ - { - "address": "aws_instance.web", - "mode": "managed", - "type": "aws_instance", - "name": "web", - "provider_name": "registry.terraform.io/hashicorp/aws", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "ami": "ami-03f6f0014076ab3c5", - "credit_specification": [], - "disable_api_termination": null, - "ebs_block_device": [ - { - "delete_on_termination": true, - "device_name": "/dev/sda2" - }, - { - "delete_on_termination": true, - "device_name": "/dev/sda3" - } - ], - "ebs_optimized": null, - "get_password_data": false, - "hibernation": null, - "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, - "instance_type": "t3.micro", - "monitoring": null, - "root_block_device": [ - { - "delete_on_termination": true - } - ], - "source_dest_check": true, - "tags": null, - "timeouts": null, - "user_data": null, - "user_data_base64": null - }, - "after_unknown": { - "arn": true, - "associate_public_ip_address": true, - "availability_zone": true, - "cpu_core_count": true, - "cpu_threads_per_core": true, - "credit_specification": [], - "ebs_block_device": [ - { - "encrypted": true, - "iops": true, - "kms_key_id": true, - "snapshot_id": true, - "volume_id": true, - "volume_size": true, - "volume_type": true - }, - { - "encrypted": true, - "iops": true, - "kms_key_id": true, - "snapshot_id": true, - "volume_id": true, - "volume_size": true, - "volume_type": true - } - ], - "ephemeral_block_device": true, - "host_id": true, - "id": true, - "instance_state": true, - "ipv6_address_count": true, - "ipv6_addresses": true, - "key_name": true, - "metadata_options": true, - "network_interface": true, - "outpost_arn": true, - "password_data": true, - "placement_group": true, - "primary_network_interface_id": true, - "private_dns": true, - "private_ip": true, - "public_dns": true, - "public_ip": true, - "root_block_device": [ - { - "device_name": true, - "encrypted": true, - "iops": true, - "kms_key_id": true, - "volume_id": true, - "volume_size": true, - "volume_type": true - } - ], - "secondary_private_ips": true, - "security_groups": true, - "subnet_id": true, - "tenancy": true, - "volume_tags": true, - "vpc_security_group_ids": true - } - } - } - ], - "prior_state": { - "format_version": "0.1", - "terraform_version": "0.12.28", - "values": { - "root_module": { - "resources": [ - { - "address": "data.aws_ami.ubuntu", - "mode": "data", - "type": "aws_ami", - "name": "ubuntu", - "provider_name": "registry.terraform.io/hashicorp/aws", - "schema_version": 0, - "values": { - "architecture": "x86_64", - "arn": "arn:aws:ec2:us-east-1::image/ami-03f6f0014076ab3c5", - "block_device_mappings": [ - { - "device_name": "/dev/sda1", - "ebs": { - "delete_on_termination": "true", - "encrypted": "false", - "iops": "0", - "snapshot_id": "snap-02d61473d2745f9b7", - "volume_size": "8", - "volume_type": "gp2" - }, - "no_device": "", - "virtual_name": "" - }, - { - "device_name": "/dev/sdb", - "ebs": {}, - "no_device": "", - "virtual_name": "ephemeral0" - }, - { - "device_name": "/dev/sdc", - "ebs": {}, - "no_device": "", - "virtual_name": "ephemeral1" - } - ], - "creation_date": "2020-09-04T22:45:42.000Z", - "description": "Canonical, Ubuntu, 20.04 LTS, amd64 focal image build on 2020-09-03", - "executable_users": null, - "filter": [ - { - "name": "name", - "values": [ - "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" - ] - }, - { - "name": "virtualization-type", - "values": [ - "hvm" - ] - } - ], - "hypervisor": "xen", - "id": "ami-03f6f0014076ab3c5", - "image_id": "ami-03f6f0014076ab3c5", - "image_location": "099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", - "image_owner_alias": null, - "image_type": "machine", - "kernel_id": null, - "most_recent": true, - "name": "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", - "name_regex": null, - "owner_id": "099720109477", - "owners": [ - "099720109477" - ], - "platform": null, - "product_codes": [], - "public": true, - "ramdisk_id": null, - "root_device_name": "/dev/sda1", - "root_device_type": "ebs", - "root_snapshot_id": "snap-02d61473d2745f9b7", - "sriov_net_support": "simple", - "state": "available", - "state_reason": { - "code": "UNSET", - "message": "UNSET" - }, - "tags": {}, - "virtualization_type": "hvm" - } - } - ] - } - } - }, - "configuration": { - "provider_config": { - "aws": { - "name": "aws", - "expressions": { - "region": { - "constant_value": "us-east-1" - } - } - } - }, - "root_module": { - "resources": [ - { - "address": "aws_instance.web", - "mode": "managed", - "type": "aws_instance", - "name": "web", - "provider_config_key": "aws", - "expressions": { - "ami": { - "references": [ - "data.aws_ami.ubuntu" - ] - }, - "ebs_block_device": [ - { - "delete_on_termination": { - "constant_value": true - }, - "device_name": { - "constant_value": "/dev/sda2" - } - }, - { - "delete_on_termination": { - "constant_value": true - }, - "device_name": { - "constant_value": "/dev/sda3" - } - } - ], - "instance_type": { - "constant_value": "t3.micro" - }, - "root_block_device": [ - { - "delete_on_termination": { - "constant_value": true - } - } - ] - }, - "schema_version": 1 - }, - { - "address": "data.aws_ami.ubuntu", - "mode": "data", - "type": "aws_ami", - "name": "ubuntu", - "provider_config_key": "aws", - "expressions": { - "filter": [ - { - "name": { - "constant_value": "name" - }, - "values": { - "constant_value": [ - "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" - ] - } - }, - { - "name": { - "constant_value": "virtualization-type" - }, - "values": { - "constant_value": [ - "hvm" - ] - } - } - ], - "most_recent": { - "constant_value": true - }, - "owners": { - "constant_value": [ - "099720109477" - ] - } - }, - "schema_version": 0 - } - ] - } - } - }, - "tfrun": { - "workspace": { - "name": "opa-dev", - "description": null, - "auto_apply": false, - "working_directory": null, - "tags": {} - }, - "environment": { - "id": "env-t2daq8tprsifel8", - "name": "pg-opa-dev" - }, - "vcs": null, - "cost_estimate": { - "prior_monthly_cost": 0, - "proposed_monthly_cost": 8.39, - "delta_monthly_cost": 8.39 - }, - "credentials": { - "ec2": "cred-stsfnc76g3pknk8" - }, - "source": "cli", - "message": "Queued manually using Terraform", - "is_destroy": false, - "is_dry": true, - "created_by": { - "name": "", - "email": "xxxxx@scalr.com", - "username": "xxxxx@scalr.com" - } - } - } - } - } - diff --git a/aws/enforce_ebs_del_on_term.rego b/aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term.rego similarity index 96% rename from aws/enforce_ebs_del_on_term.rego rename to aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term.rego index b257a9f..8a57d2a 100644 --- a/aws/enforce_ebs_del_on_term.rego +++ b/aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term.rego @@ -4,7 +4,6 @@ package terraform import input.tfplan as tfplan -import input.tfrun as tfrun # Check root volume @@ -31,4 +30,4 @@ deny[reason] { "%-40s :: Device %s :: delete_on_termination must = true for 'ebs_block_device'", [r.address, ebd.device_name] ) -} \ No newline at end of file +} diff --git a/aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term_mock.json b/aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term_mock.json new file mode 100644 index 0000000..f4be068 --- /dev/null +++ b/aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term_mock.json @@ -0,0 +1,776 @@ +{ + "mock": { + "invalid": { + "tfplan": { + "format_version": "0.1", + "terraform_version": "0.12.28", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_instance.web", + "mode": "managed", + "type": "aws_instance", + "name": "web", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "ami": "ami-03f6f0014076ab3c5", + "credit_specification": [], + "disable_api_termination": null, + "ebs_block_device": [ + { + "delete_on_termination": false, + "device_name": "/dev/sda2" + }, + { + "delete_on_termination": true, + "device_name": "/dev/sda3" + } + ], + "ebs_optimized": null, + "get_password_data": false, + "hibernation": null, + "iam_instance_profile": null, + "instance_initiated_shutdown_behavior": null, + "instance_type": "t3.micro", + "monitoring": null, + "root_block_device": [ + { + "delete_on_termination": false + } + ], + "source_dest_check": true, + "tags": null, + "timeouts": null, + "user_data": null, + "user_data_base64": null + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_instance.web", + "mode": "managed", + "type": "aws_instance", + "name": "web", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "ami": "ami-03f6f0014076ab3c5", + "credit_specification": [], + "disable_api_termination": null, + "ebs_block_device": [ + { + "delete_on_termination": false, + "device_name": "/dev/sda2" + }, + { + "delete_on_termination": true, + "device_name": "/dev/sda3" + } + ], + "ebs_optimized": null, + "get_password_data": false, + "hibernation": null, + "iam_instance_profile": null, + "instance_initiated_shutdown_behavior": null, + "instance_type": "t3.micro", + "monitoring": null, + "root_block_device": [ + { + "delete_on_termination": false + } + ], + "source_dest_check": true, + "tags": null, + "timeouts": null, + "user_data": null, + "user_data_base64": null + }, + "after_unknown": { + "arn": true, + "associate_public_ip_address": true, + "availability_zone": true, + "cpu_core_count": true, + "cpu_threads_per_core": true, + "credit_specification": [], + "ebs_block_device": [ + { + "encrypted": true, + "iops": true, + "kms_key_id": true, + "snapshot_id": true, + "volume_id": true, + "volume_size": true, + "volume_type": true + }, + { + "encrypted": true, + "iops": true, + "kms_key_id": true, + "snapshot_id": true, + "volume_id": true, + "volume_size": true, + "volume_type": true + } + ], + "ephemeral_block_device": true, + "host_id": true, + "id": true, + "instance_state": true, + "ipv6_address_count": true, + "ipv6_addresses": true, + "key_name": true, + "metadata_options": true, + "network_interface": true, + "outpost_arn": true, + "password_data": true, + "placement_group": true, + "primary_network_interface_id": true, + "private_dns": true, + "private_ip": true, + "public_dns": true, + "public_ip": true, + "root_block_device": [ + { + "device_name": true, + "encrypted": true, + "iops": true, + "kms_key_id": true, + "volume_id": true, + "volume_size": true, + "volume_type": true + } + ], + "secondary_private_ips": true, + "security_groups": true, + "subnet_id": true, + "tenancy": true, + "volume_tags": true, + "vpc_security_group_ids": true + } + } + } + ], + "prior_state": { + "format_version": "0.1", + "terraform_version": "0.12.28", + "values": { + "root_module": { + "resources": [ + { + "address": "data.aws_ami.ubuntu", + "mode": "data", + "type": "aws_ami", + "name": "ubuntu", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 0, + "values": { + "architecture": "x86_64", + "arn": "arn:aws:ec2:us-east-1::image/ami-03f6f0014076ab3c5", + "block_device_mappings": [ + { + "device_name": "/dev/sda1", + "ebs": { + "delete_on_termination": "true", + "encrypted": "false", + "iops": "0", + "snapshot_id": "snap-02d61473d2745f9b7", + "volume_size": "8", + "volume_type": "gp2" + }, + "no_device": "", + "virtual_name": "" + }, + { + "device_name": "/dev/sdb", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral0" + }, + { + "device_name": "/dev/sdc", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral1" + } + ], + "creation_date": "2020-09-04T22:45:42.000Z", + "description": "Canonical, Ubuntu, 20.04 LTS, amd64 focal image build on 2020-09-03", + "executable_users": null, + "filter": [ + { + "name": "name", + "values": [ + "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" + ] + }, + { + "name": "virtualization-type", + "values": [ + "hvm" + ] + } + ], + "hypervisor": "xen", + "id": "ami-03f6f0014076ab3c5", + "image_id": "ami-03f6f0014076ab3c5", + "image_location": "099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", + "image_owner_alias": null, + "image_type": "machine", + "kernel_id": null, + "most_recent": true, + "name": "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", + "name_regex": null, + "owner_id": "099720109477", + "owners": [ + "099720109477" + ], + "platform": null, + "product_codes": [], + "public": true, + "ramdisk_id": null, + "root_device_name": "/dev/sda1", + "root_device_type": "ebs", + "root_snapshot_id": "snap-02d61473d2745f9b7", + "sriov_net_support": "simple", + "state": "available", + "state_reason": { + "code": "UNSET", + "message": "UNSET" + }, + "tags": {}, + "virtualization_type": "hvm" + } + } + ] + } + } + }, + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_instance.web", + "mode": "managed", + "type": "aws_instance", + "name": "web", + "provider_config_key": "aws", + "expressions": { + "ami": { + "references": [ + "data.aws_ami.ubuntu" + ] + }, + "ebs_block_device": [ + { + "delete_on_termination": { + "constant_value": false + }, + "device_name": { + "constant_value": "/dev/sda2" + } + }, + { + "delete_on_termination": { + "constant_value": true + }, + "device_name": { + "constant_value": "/dev/sda3" + } + } + ], + "instance_type": { + "constant_value": "t3.micro" + }, + "root_block_device": [ + { + "delete_on_termination": { + "constant_value": false + } + } + ] + }, + "schema_version": 1 + }, + { + "address": "data.aws_ami.ubuntu", + "mode": "data", + "type": "aws_ami", + "name": "ubuntu", + "provider_config_key": "aws", + "expressions": { + "filter": [ + { + "name": { + "constant_value": "name" + }, + "values": { + "constant_value": [ + "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" + ] + } + }, + { + "name": { + "constant_value": "virtualization-type" + }, + "values": { + "constant_value": [ + "hvm" + ] + } + } + ], + "most_recent": { + "constant_value": true + }, + "owners": { + "constant_value": [ + "099720109477" + ] + } + }, + "schema_version": 0 + } + ] + } + } + }, + "tfrun": { + "workspace": { + "name": "opa-dev", + "description": null, + "auto_apply": false, + "working_directory": null, + "tags": {} + }, + "environment": { + "id": "env-t2daq8tprsifel8", + "name": "pg-opa-dev" + }, + "vcs": null, + "cost_estimate": { + "prior_monthly_cost": 0, + "proposed_monthly_cost": 8.39, + "delta_monthly_cost": 8.39 + }, + "credentials": { + "ec2": "cred-stsfnc76g3pknk8" + }, + "source": "cli", + "message": "Queued manually using Terraform", + "is_destroy": false, + "is_dry": true, + "created_by": { + "name": "", + "email": "xxxxx@scalr.com", + "username": "xxxxx@scalr.com" + } + } + }, + "valid": { + "tfplan": { + "format_version": "0.1", + "terraform_version": "0.12.28", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_instance.web", + "mode": "managed", + "type": "aws_instance", + "name": "web", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "ami": "ami-03f6f0014076ab3c5", + "credit_specification": [], + "disable_api_termination": null, + "ebs_block_device": [ + { + "delete_on_termination": true, + "device_name": "/dev/sda2" + }, + { + "delete_on_termination": true, + "device_name": "/dev/sda3" + } + ], + "ebs_optimized": null, + "get_password_data": false, + "hibernation": null, + "iam_instance_profile": null, + "instance_initiated_shutdown_behavior": null, + "instance_type": "t3.micro", + "monitoring": null, + "root_block_device": [ + { + "delete_on_termination": true + } + ], + "source_dest_check": true, + "tags": null, + "timeouts": null, + "user_data": null, + "user_data_base64": null + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_instance.web", + "mode": "managed", + "type": "aws_instance", + "name": "web", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "ami": "ami-03f6f0014076ab3c5", + "credit_specification": [], + "disable_api_termination": null, + "ebs_block_device": [ + { + "delete_on_termination": true, + "device_name": "/dev/sda2" + }, + { + "delete_on_termination": true, + "device_name": "/dev/sda3" + } + ], + "ebs_optimized": null, + "get_password_data": false, + "hibernation": null, + "iam_instance_profile": null, + "instance_initiated_shutdown_behavior": null, + "instance_type": "t3.micro", + "monitoring": null, + "root_block_device": [ + { + "delete_on_termination": true + } + ], + "source_dest_check": true, + "tags": null, + "timeouts": null, + "user_data": null, + "user_data_base64": null + }, + "after_unknown": { + "arn": true, + "associate_public_ip_address": true, + "availability_zone": true, + "cpu_core_count": true, + "cpu_threads_per_core": true, + "credit_specification": [], + "ebs_block_device": [ + { + "encrypted": true, + "iops": true, + "kms_key_id": true, + "snapshot_id": true, + "volume_id": true, + "volume_size": true, + "volume_type": true + }, + { + "encrypted": true, + "iops": true, + "kms_key_id": true, + "snapshot_id": true, + "volume_id": true, + "volume_size": true, + "volume_type": true + } + ], + "ephemeral_block_device": true, + "host_id": true, + "id": true, + "instance_state": true, + "ipv6_address_count": true, + "ipv6_addresses": true, + "key_name": true, + "metadata_options": true, + "network_interface": true, + "outpost_arn": true, + "password_data": true, + "placement_group": true, + "primary_network_interface_id": true, + "private_dns": true, + "private_ip": true, + "public_dns": true, + "public_ip": true, + "root_block_device": [ + { + "device_name": true, + "encrypted": true, + "iops": true, + "kms_key_id": true, + "volume_id": true, + "volume_size": true, + "volume_type": true + } + ], + "secondary_private_ips": true, + "security_groups": true, + "subnet_id": true, + "tenancy": true, + "volume_tags": true, + "vpc_security_group_ids": true + } + } + } + ], + "prior_state": { + "format_version": "0.1", + "terraform_version": "0.12.28", + "values": { + "root_module": { + "resources": [ + { + "address": "data.aws_ami.ubuntu", + "mode": "data", + "type": "aws_ami", + "name": "ubuntu", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 0, + "values": { + "architecture": "x86_64", + "arn": "arn:aws:ec2:us-east-1::image/ami-03f6f0014076ab3c5", + "block_device_mappings": [ + { + "device_name": "/dev/sda1", + "ebs": { + "delete_on_termination": "true", + "encrypted": "false", + "iops": "0", + "snapshot_id": "snap-02d61473d2745f9b7", + "volume_size": "8", + "volume_type": "gp2" + }, + "no_device": "", + "virtual_name": "" + }, + { + "device_name": "/dev/sdb", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral0" + }, + { + "device_name": "/dev/sdc", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral1" + } + ], + "creation_date": "2020-09-04T22:45:42.000Z", + "description": "Canonical, Ubuntu, 20.04 LTS, amd64 focal image build on 2020-09-03", + "executable_users": null, + "filter": [ + { + "name": "name", + "values": [ + "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" + ] + }, + { + "name": "virtualization-type", + "values": [ + "hvm" + ] + } + ], + "hypervisor": "xen", + "id": "ami-03f6f0014076ab3c5", + "image_id": "ami-03f6f0014076ab3c5", + "image_location": "099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", + "image_owner_alias": null, + "image_type": "machine", + "kernel_id": null, + "most_recent": true, + "name": "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20200903", + "name_regex": null, + "owner_id": "099720109477", + "owners": [ + "099720109477" + ], + "platform": null, + "product_codes": [], + "public": true, + "ramdisk_id": null, + "root_device_name": "/dev/sda1", + "root_device_type": "ebs", + "root_snapshot_id": "snap-02d61473d2745f9b7", + "sriov_net_support": "simple", + "state": "available", + "state_reason": { + "code": "UNSET", + "message": "UNSET" + }, + "tags": {}, + "virtualization_type": "hvm" + } + } + ] + } + } + }, + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_instance.web", + "mode": "managed", + "type": "aws_instance", + "name": "web", + "provider_config_key": "aws", + "expressions": { + "ami": { + "references": [ + "data.aws_ami.ubuntu" + ] + }, + "ebs_block_device": [ + { + "delete_on_termination": { + "constant_value": true + }, + "device_name": { + "constant_value": "/dev/sda2" + } + }, + { + "delete_on_termination": { + "constant_value": true + }, + "device_name": { + "constant_value": "/dev/sda3" + } + } + ], + "instance_type": { + "constant_value": "t3.micro" + }, + "root_block_device": [ + { + "delete_on_termination": { + "constant_value": true + } + } + ] + }, + "schema_version": 1 + }, + { + "address": "data.aws_ami.ubuntu", + "mode": "data", + "type": "aws_ami", + "name": "ubuntu", + "provider_config_key": "aws", + "expressions": { + "filter": [ + { + "name": { + "constant_value": "name" + }, + "values": { + "constant_value": [ + "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" + ] + } + }, + { + "name": { + "constant_value": "virtualization-type" + }, + "values": { + "constant_value": [ + "hvm" + ] + } + } + ], + "most_recent": { + "constant_value": true + }, + "owners": { + "constant_value": [ + "099720109477" + ] + } + }, + "schema_version": 0 + } + ] + } + } + }, + "tfrun": { + "workspace": { + "name": "opa-dev", + "description": null, + "auto_apply": false, + "working_directory": null, + "tags": {} + }, + "environment": { + "id": "env-t2daq8tprsifel8", + "name": "pg-opa-dev" + }, + "vcs": null, + "cost_estimate": { + "prior_monthly_cost": 0, + "proposed_monthly_cost": 8.39, + "delta_monthly_cost": 8.39 + }, + "credentials": { + "ec2": "cred-stsfnc76g3pknk8" + }, + "source": "cli", + "message": "Queued manually using Terraform", + "is_destroy": false, + "is_dry": true, + "created_by": { + "name": "", + "email": "xxxxx@scalr.com", + "username": "xxxxx@scalr.com" + } + } + } + } +} diff --git a/aws/enforce_ebs_del_on_term.test.rego b/aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term_test.rego similarity index 100% rename from aws/enforce_ebs_del_on_term.test.rego rename to aws/enforce_ebs_del_on_term_mock/enforce_ebs_del_on_term_test.rego diff --git a/aws/enforce_iam_instance_profiles.rego b/aws/enforce_iam_instance_profiles/enforce_iam_instance_profiles.rego similarity index 95% rename from aws/enforce_iam_instance_profiles.rego rename to aws/enforce_iam_instance_profiles/enforce_iam_instance_profiles.rego index cb44200..5131467 100644 --- a/aws/enforce_iam_instance_profiles.rego +++ b/aws/enforce_iam_instance_profiles/enforce_iam_instance_profiles.rego @@ -4,7 +4,6 @@ package terraform import input.tfplan as tfplan -import input.tfrun as tfrun allowed_iam_profiles = [ "my_iam_profile", @@ -31,4 +30,4 @@ deny[reason] { "%-40s :: iam_instance_profile '%s' is not allowed.", [resource.address, iam] ) -} \ No newline at end of file +} diff --git a/aws/enforce_iam_instance_profiles.mock.json b/aws/enforce_iam_instance_profiles/enforce_iam_instance_profiles_mock.json similarity index 100% rename from aws/enforce_iam_instance_profiles.mock.json rename to aws/enforce_iam_instance_profiles/enforce_iam_instance_profiles_mock.json diff --git a/aws/enforce_iam_instance_profiles.test.rego b/aws/enforce_iam_instance_profiles/enforce_iam_instance_profiles_test.rego similarity index 100% rename from aws/enforce_iam_instance_profiles.test.rego rename to aws/enforce_iam_instance_profiles/enforce_iam_instance_profiles_test.rego diff --git a/aws/enforce_instance_subnet.rego b/aws/enforce_instance_subnet/enforce_instance_subnet.rego similarity index 97% rename from aws/enforce_instance_subnet.rego rename to aws/enforce_instance_subnet/enforce_instance_subnet.rego index 7e11fd2..f4a02ad 100644 --- a/aws/enforce_instance_subnet.rego +++ b/aws/enforce_instance_subnet/enforce_instance_subnet.rego @@ -4,7 +4,6 @@ package terraform import input.tfplan as tfplan -import input.tfrun as tfrun # Add only private subnets to this list. # NOTE: OPA cannot validate that a subnet is private unless the terraform config is actaully creating the subnet. diff --git a/aws/enforce_instance_subnet.mock.json b/aws/enforce_instance_subnet/enforce_instance_subnet_mock.json similarity index 100% rename from aws/enforce_instance_subnet.mock.json rename to aws/enforce_instance_subnet/enforce_instance_subnet_mock.json diff --git a/aws/enforce_instance_subnet.test.rego b/aws/enforce_instance_subnet/enforce_instance_subnet_test.rego similarity index 100% rename from aws/enforce_instance_subnet.test.rego rename to aws/enforce_instance_subnet/enforce_instance_subnet_test.rego diff --git a/aws/enforce_kms_key_names.rego b/aws/enforce_kms_key_names/enforce_kms_key_names.rego similarity index 100% rename from aws/enforce_kms_key_names.rego rename to aws/enforce_kms_key_names/enforce_kms_key_names.rego diff --git a/aws/enforce_kms_key_names.mock.json b/aws/enforce_kms_key_names/enforce_kms_key_names_mock.json similarity index 100% rename from aws/enforce_kms_key_names.mock.json rename to aws/enforce_kms_key_names/enforce_kms_key_names_mock.json diff --git a/aws/enforce_kms_key_names.test.rego b/aws/enforce_kms_key_names/enforce_kms_key_names_test.rego similarity index 100% rename from aws/enforce_kms_key_names.test.rego rename to aws/enforce_kms_key_names/enforce_kms_key_names_test.rego diff --git a/aws/enforce_lb_subnets.rego b/aws/enforce_lb_subnets/enforce_lb_subnets.rego similarity index 96% rename from aws/enforce_lb_subnets.rego rename to aws/enforce_lb_subnets/enforce_lb_subnets.rego index a7e9432..a834ae0 100644 --- a/aws/enforce_lb_subnets.rego +++ b/aws/enforce_lb_subnets/enforce_lb_subnets.rego @@ -3,7 +3,6 @@ package terraform import input.tfplan as tfplan -import input.tfrun as tfrun # Add only private subnets to this list. # NOTE: OPA cannot validate that a subnet is private unless the terraform config is actaully creating the subnet. @@ -33,4 +32,4 @@ deny[reason] { "%-40s :: subnet_id '%s' is public and not allowed!", [r.address, sid] ) -} \ No newline at end of file +} diff --git a/aws/enforce_lb_subnets.mock.json b/aws/enforce_lb_subnets/enforce_lb_subnets_mock.json similarity index 100% rename from aws/enforce_lb_subnets.mock.json rename to aws/enforce_lb_subnets/enforce_lb_subnets_mock.json diff --git a/aws/enforce_lb_subnets.test.rego b/aws/enforce_lb_subnets/enforce_lb_subnets_test.rego similarity index 100% rename from aws/enforce_lb_subnets.test.rego rename to aws/enforce_lb_subnets/enforce_lb_subnets_test.rego diff --git a/aws/enforce_rds_subnets.rego b/aws/enforce_rds_subnets/enforce_rds_subnets.rego similarity index 96% rename from aws/enforce_rds_subnets.rego rename to aws/enforce_rds_subnets/enforce_rds_subnets.rego index c100428..e659da2 100644 --- a/aws/enforce_rds_subnets.rego +++ b/aws/enforce_rds_subnets/enforce_rds_subnets.rego @@ -3,7 +3,6 @@ package terraform import input.tfplan as tfplan -import input.tfrun as tfrun # Add only private subnets to this list. # NOTE: OPA cannot validate that a subnet is private unless the terraform config is actaully creating the subnet. diff --git a/aws/enforce_rds_subnets.mock.json b/aws/enforce_rds_subnets/enforce_rds_subnets_mock.json similarity index 100% rename from aws/enforce_rds_subnets.mock.json rename to aws/enforce_rds_subnets/enforce_rds_subnets_mock.json diff --git a/aws/enforce_rds_subnets.test.rego b/aws/enforce_rds_subnets/enforce_rds_subnets_test.rego similarity index 100% rename from aws/enforce_rds_subnets.test.rego rename to aws/enforce_rds_subnets/enforce_rds_subnets_test.rego diff --git a/aws/enforce_s3_buckets_encryption.rego b/aws/enforce_s3_buckets_encryption/enforce_s3_buckets_encryption.rego similarity index 100% rename from aws/enforce_s3_buckets_encryption.rego rename to aws/enforce_s3_buckets_encryption/enforce_s3_buckets_encryption.rego diff --git a/aws/enforce_s3_buckets_encryption_mock.json b/aws/enforce_s3_buckets_encryption/enforce_s3_buckets_encryption_mock.json similarity index 100% rename from aws/enforce_s3_buckets_encryption_mock.json rename to aws/enforce_s3_buckets_encryption/enforce_s3_buckets_encryption_mock.json diff --git a/aws/enforce_s3_buckets_encryption_test.rego b/aws/enforce_s3_buckets_encryption/enforce_s3_buckets_encryption_test.rego similarity index 100% rename from aws/enforce_s3_buckets_encryption_test.rego rename to aws/enforce_s3_buckets_encryption/enforce_s3_buckets_encryption_test.rego diff --git a/aws/enforce_s3_private.rego b/aws/enforce_s3_private/enforce_s3_private.rego similarity index 100% rename from aws/enforce_s3_private.rego rename to aws/enforce_s3_private/enforce_s3_private.rego diff --git a/aws/enforce_s3_private.mock.json b/aws/enforce_s3_private/enforce_s3_private_mock.json similarity index 100% rename from aws/enforce_s3_private.mock.json rename to aws/enforce_s3_private/enforce_s3_private_mock.json diff --git a/aws/enforce_s3_private.test.rego b/aws/enforce_s3_private/enforce_s3_private_test.rego similarity index 100% rename from aws/enforce_s3_private.test.rego rename to aws/enforce_s3_private/enforce_s3_private_test.rego diff --git a/aws/enforce_sec_group.rego b/aws/enforce_sec_group/enforce_sec_group.rego similarity index 96% rename from aws/enforce_sec_group.rego rename to aws/enforce_sec_group/enforce_sec_group.rego index 902cf94..330758d 100644 --- a/aws/enforce_sec_group.rego +++ b/aws/enforce_sec_group/enforce_sec_group.rego @@ -3,7 +3,6 @@ package terraform import input.tfplan as tfplan -import input.tfrun as tfrun required_sg := "sg-0434611e67ac24e27" @@ -32,4 +31,4 @@ deny[reason] { "%-40s :: security group '%s' must be included in list", [r.address,required_sg] ) -} \ No newline at end of file +} diff --git a/aws/enforce_sec_group.mock.json b/aws/enforce_sec_group/enforce_sec_group_mock.json similarity index 100% rename from aws/enforce_sec_group.mock.json rename to aws/enforce_sec_group/enforce_sec_group_mock.json diff --git a/aws/enforce_sec_group.test.rego b/aws/enforce_sec_group/enforce_sec_group_test.rego similarity index 100% rename from aws/enforce_sec_group.test.rego rename to aws/enforce_sec_group/enforce_sec_group_test.rego diff --git a/cost/limit_monthly_cost.rego b/cost/limit_monthly_cost/limit_monthly_cost.rego similarity index 100% rename from cost/limit_monthly_cost.rego rename to cost/limit_monthly_cost/limit_monthly_cost.rego diff --git a/cost/limit_monthly_cost_mock.json b/cost/limit_monthly_cost/limit_monthly_cost_mock.json similarity index 100% rename from cost/limit_monthly_cost_mock.json rename to cost/limit_monthly_cost/limit_monthly_cost_mock.json diff --git a/cost/limit_monthly_cost_test.rego b/cost/limit_monthly_cost/limit_monthly_cost_test.rego similarity index 100% rename from cost/limit_monthly_cost_test.rego rename to cost/limit_monthly_cost/limit_monthly_cost_test.rego diff --git a/cost/scalr-policy.hcl b/cost/limit_monthly_cost/scalr-policy.hcl similarity index 100% rename from cost/scalr-policy.hcl rename to cost/limit_monthly_cost/scalr-policy.hcl diff --git a/external_data/random_decision.rego b/external_data/random_decision/random_decision.rego similarity index 100% rename from external_data/random_decision.rego rename to external_data/random_decision/random_decision.rego diff --git a/external_data/random_decision_test.rego b/external_data/random_decision/random_decision_test.rego similarity index 100% rename from external_data/random_decision_test.rego rename to external_data/random_decision/random_decision_test.rego diff --git a/external_data/scalr-policy.hcl b/external_data/random_decision/scalr-policy.hcl similarity index 100% rename from external_data/scalr-policy.hcl rename to external_data/random_decision/scalr-policy.hcl diff --git a/gcp/enforce_gcs_private.rego b/gcp/enforce_gcs_private/enforce_gcs_private.rego similarity index 100% rename from gcp/enforce_gcs_private.rego rename to gcp/enforce_gcs_private/enforce_gcs_private.rego diff --git a/gcp/enforce_gcs_private.mock.json b/gcp/enforce_gcs_private/enforce_gcs_private_mock.json similarity index 100% rename from gcp/enforce_gcs_private.mock.json rename to gcp/enforce_gcs_private/enforce_gcs_private_mock.json diff --git a/gcp/enforce_gcs_private.test.rego b/gcp/enforce_gcs_private/enforce_gcs_private_test.rego similarity index 100% rename from gcp/enforce_gcs_private.test.rego rename to gcp/enforce_gcs_private/enforce_gcs_private_test.rego diff --git a/management/denied_provisioners.rego b/management/denied_provisioners/denied_provisioners.rego similarity index 100% rename from management/denied_provisioners.rego rename to management/denied_provisioners/denied_provisioners.rego diff --git a/management/denied_provisioners_mock.json b/management/denied_provisioners/denied_provisioners_mock.json similarity index 100% rename from management/denied_provisioners_mock.json rename to management/denied_provisioners/denied_provisioners_mock.json diff --git a/management/denied_provisioners_test.rego b/management/denied_provisioners/denied_provisioners_test.rego similarity index 100% rename from management/denied_provisioners_test.rego rename to management/denied_provisioners/denied_provisioners_test.rego diff --git a/management/enforce_ami_owners.rego b/management/enforce_ami_owners/enforce_ami_owners.rego similarity index 100% rename from management/enforce_ami_owners.rego rename to management/enforce_ami_owners/enforce_ami_owners.rego diff --git a/management/enforce_ami_owners_mock.json b/management/enforce_ami_owners/enforce_ami_owners_mock.json similarity index 100% rename from management/enforce_ami_owners_mock.json rename to management/enforce_ami_owners/enforce_ami_owners_mock.json diff --git a/management/enforce_ami_owners_test.rego b/management/enforce_ami_owners/enforce_ami_owners_test.rego similarity index 100% rename from management/enforce_ami_owners_test.rego rename to management/enforce_ami_owners/enforce_ami_owners_test.rego diff --git a/management/enforce_var_desc.mock.json b/management/enforce_var_desc/enforce_var_desc.mock.json similarity index 100% rename from management/enforce_var_desc.mock.json rename to management/enforce_var_desc/enforce_var_desc.mock.json diff --git a/management/enforce_var_desc.rego b/management/enforce_var_desc/enforce_var_desc.rego similarity index 100% rename from management/enforce_var_desc.rego rename to management/enforce_var_desc/enforce_var_desc.rego diff --git a/management/enforce_var_desc.test.rego b/management/enforce_var_desc/enforce_var_desc.test.rego similarity index 100% rename from management/enforce_var_desc.test.rego rename to management/enforce_var_desc/enforce_var_desc.test.rego diff --git a/management/instance_types.rego b/management/instance_types/instance_types.rego similarity index 100% rename from management/instance_types.rego rename to management/instance_types/instance_types.rego diff --git a/management/instance_types_mock.json b/management/instance_types/instance_types_mock.json similarity index 100% rename from management/instance_types_mock.json rename to management/instance_types/instance_types_mock.json diff --git a/management/instance_types_test.rego b/management/instance_types/instance_types_test.rego similarity index 100% rename from management/instance_types_test.rego rename to management/instance_types/instance_types_test.rego diff --git a/management/pull_requests.rego b/management/pull_requests/pull_requests.rego similarity index 100% rename from management/pull_requests.rego rename to management/pull_requests/pull_requests.rego diff --git a/management/pull_requests_mock.json b/management/pull_requests/pull_requests_mock.json similarity index 100% rename from management/pull_requests_mock.json rename to management/pull_requests/pull_requests_mock.json diff --git a/management/pull_requests_test.rego b/management/pull_requests/pull_requests_test.rego similarity index 100% rename from management/pull_requests_test.rego rename to management/pull_requests/pull_requests_test.rego diff --git a/management/resource_tags.rego b/management/resource_tags_mock/resource_tags.rego similarity index 100% rename from management/resource_tags.rego rename to management/resource_tags_mock/resource_tags.rego diff --git a/management/resource_tags_mock.json b/management/resource_tags_mock/resource_tags_mock.json similarity index 100% rename from management/resource_tags_mock.json rename to management/resource_tags_mock/resource_tags_mock.json diff --git a/management/resource_tags_test.rego b/management/resource_tags_mock/resource_tags_test.rego similarity index 100% rename from management/resource_tags_test.rego rename to management/resource_tags_mock/resource_tags_test.rego diff --git a/management/whitelist_ami.rego b/management/whitelist_ami_mock/whitelist_ami.rego similarity index 100% rename from management/whitelist_ami.rego rename to management/whitelist_ami_mock/whitelist_ami.rego diff --git a/management/whitelist_ami_mock.json b/management/whitelist_ami_mock/whitelist_ami_mock.json similarity index 100% rename from management/whitelist_ami_mock.json rename to management/whitelist_ami_mock/whitelist_ami_mock.json diff --git a/management/whitelist_ami_test.rego b/management/whitelist_ami_mock/whitelist_ami_test.rego similarity index 100% rename from management/whitelist_ami_test.rego rename to management/whitelist_ami_mock/whitelist_ami_test.rego diff --git a/management/workspace_destroy.rego b/management/workspace_destroy/workspace_destroy.rego similarity index 100% rename from management/workspace_destroy.rego rename to management/workspace_destroy/workspace_destroy.rego diff --git a/management/workspace_destroy_mock.json b/management/workspace_destroy/workspace_destroy_mock.json similarity index 100% rename from management/workspace_destroy_mock.json rename to management/workspace_destroy/workspace_destroy_mock.json diff --git a/management/workspace_destroy_test.rego b/management/workspace_destroy/workspace_destroy_test.rego similarity index 100% rename from management/workspace_destroy_test.rego rename to management/workspace_destroy/workspace_destroy_test.rego diff --git a/management/workspace_environment_type.rego b/management/workspace_environment_type/workspace_environment_type.rego similarity index 100% rename from management/workspace_environment_type.rego rename to management/workspace_environment_type/workspace_environment_type.rego diff --git a/management/workspace_environment_type_mock.json b/management/workspace_environment_type/workspace_environment_type_mock.json similarity index 100% rename from management/workspace_environment_type_mock.json rename to management/workspace_environment_type/workspace_environment_type_mock.json diff --git a/management/workspace_environment_type_test.rego b/management/workspace_environment_type/workspace_environment_type_test.rego similarity index 100% rename from management/workspace_environment_type_test.rego rename to management/workspace_environment_type/workspace_environment_type_test.rego diff --git a/management/workspace_name.rego b/management/workspace_name/workspace_name.rego similarity index 100% rename from management/workspace_name.rego rename to management/workspace_name/workspace_name.rego diff --git a/management/workspace_name_mock.json b/management/workspace_name/workspace_name_mock.json similarity index 100% rename from management/workspace_name_mock.json rename to management/workspace_name/workspace_name_mock.json diff --git a/management/workspace_name_test.rego b/management/workspace_name/workspace_name_test.rego similarity index 100% rename from management/workspace_name_test.rego rename to management/workspace_name/workspace_name_test.rego diff --git a/management/workspace_tags.rego b/management/workspace_tags/workspace_tags.rego similarity index 100% rename from management/workspace_tags.rego rename to management/workspace_tags/workspace_tags.rego diff --git a/management/workspace_tags_mock.json b/management/workspace_tags/workspace_tags_mock.json similarity index 100% rename from management/workspace_tags_mock.json rename to management/workspace_tags/workspace_tags_mock.json diff --git a/management/workspace_tags_test.rego b/management/workspace_tags/workspace_tags_test.rego similarity index 100% rename from management/workspace_tags_test.rego rename to management/workspace_tags/workspace_tags_test.rego diff --git a/modules/pin_module_version.rego b/modules/pin_module_version/pin_module_version.rego similarity index 100% rename from modules/pin_module_version.rego rename to modules/pin_module_version/pin_module_version.rego diff --git a/modules/pin_module_version_mock.json b/modules/pin_module_version/pin_module_version_mock.json similarity index 100% rename from modules/pin_module_version_mock.json rename to modules/pin_module_version/pin_module_version_mock.json diff --git a/modules/pin_module_version_test.rego b/modules/pin_module_version/pin_module_version_test.rego similarity index 100% rename from modules/pin_module_version_test.rego rename to modules/pin_module_version/pin_module_version_test.rego diff --git a/modules/required_modules.rego b/modules/required_modules/required_modules.rego similarity index 100% rename from modules/required_modules.rego rename to modules/required_modules/required_modules.rego diff --git a/modules/required_modules_mock.json b/modules/required_modules/required_modules_mock.json similarity index 100% rename from modules/required_modules_mock.json rename to modules/required_modules/required_modules_mock.json diff --git a/modules/required_modules_test.rego b/modules/required_modules/required_modules_test.rego similarity index 100% rename from modules/required_modules_test.rego rename to modules/required_modules/required_modules_test.rego diff --git a/placement/cloud_location.rego b/placement/cloud_location/cloud_location.rego similarity index 100% rename from placement/cloud_location.rego rename to placement/cloud_location/cloud_location.rego diff --git a/placement/cloud_location_mock.json b/placement/cloud_location/cloud_location_mock.json similarity index 100% rename from placement/cloud_location_mock.json rename to placement/cloud_location/cloud_location_mock.json diff --git a/placement/cloud_location_test.rego b/placement/cloud_location/cloud_location_test.rego similarity index 100% rename from placement/cloud_location_test.rego rename to placement/cloud_location/cloud_location_test.rego diff --git a/providers/blacklist_provider.rego b/providers/blacklist_provider/blacklist_provider.rego similarity index 100% rename from providers/blacklist_provider.rego rename to providers/blacklist_provider/blacklist_provider.rego diff --git a/providers/blacklist_provider/blacklist_provider_mock.json b/providers/blacklist_provider/blacklist_provider_mock.json new file mode 100644 index 0000000..9cf1be2 --- /dev/null +++ b/providers/blacklist_provider/blacklist_provider_mock.json @@ -0,0 +1,205 @@ +{ + "mock": { + "valid_input": { + "tfplan": { + "resource_changes": [ + { + "address": "aws_instance.scalr", + "mode": "managed", + "type": "aws_instance", + "name": "scalr", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "ami": "ami-2757f631", + "credit_specification": [], + "disable_api_termination": null, + "ebs_optimized": null, + "get_password_data": false, + "hibernation": null, + "iam_instance_profile": null, + "instance_initiated_shutdown_behavior": null, + "instance_type": "t2.nano", + "key_name": "mykey", + "monitoring": null, + "source_dest_check": true, + "subnet_id": "subnet-0ebb1058ad727asdf", + "tags": null, + "timeouts": null, + "user_data": null, + "user_data_base64": null, + "vpc_security_group_ids": [ + "sg-0880cfdc546b123ba" + ] + }, + "after_unknown": { + "arn": true, + "associate_public_ip_address": true, + "availability_zone": true, + "cpu_core_count": true, + "cpu_threads_per_core": true, + "credit_specification": [], + "ebs_block_device": true, + "ephemeral_block_device": true, + "host_id": true, + "id": true, + "instance_state": true, + "ipv6_address_count": true, + "ipv6_addresses": true, + "metadata_options": true, + "network_interface": true, + "network_interface_id": true, + "outpost_arn": true, + "password_data": true, + "placement_group": true, + "primary_network_interface_id": true, + "private_dns": true, + "private_ip": true, + "public_dns": true, + "public_ip": true, + "root_block_device": true, + "security_groups": true, + "tenancy": true, + "volume_tags": true, + "vpc_security_group_ids": [ + false + ] + } + } + } + ], + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_instance.scalr", + "mode": "managed", + "type": "aws_instance", + "name": "scalr", + "provider_config_key": "aws", + "expressions": { + "ami": { + "constant_value": "ami-2757f631" + }, + "instance_type": { + "constant_value": "t2.nano" + }, + "key_name": { + "constant_value": "mykey" + }, + "subnet_id": { + "constant_value": "subnet-0ebb1058ad727asdf" + }, + "vpc_security_group_ids": { + "constant_value": [ + "sg-0880cfdc546b123ba" + ] + } + }, + "schema_version": 1 + } + ] + } + } + } + }, + "invalid_input": { + "tfplan": { + "resource_changes": [ + { + "address": "azurerm_resource_group.resource_group", + "mode": "managed", + "type": "azurerm_resource_group", + "name": "resource_group", + "provider_name": "registry.terraform.io/hashicorp/azurerm", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "location": "eastus", + "name": "testdevops", + "tags": null, + "timeouts": null + }, + "after_unknown": { + "id": true + } + } + } + ], + "output_changes": { + "azure_rg_id": { + "actions": [ + "create" + ], + "before": null, + "after_unknown": true + } + }, + "configuration": { + "provider_config": { + "azurerm": { + "name": "azurerm", + "expressions": { + "features": [ + {} + ] + } + } + }, + "root_module": { + "outputs": { + "azure_rg_id": { + "expression": { + "references": [ + "azurerm_resource_group.resource_group" + ] + }, + "description": "Azure Resource Group ID" + } + }, + "resources": [ + { + "address": "azurerm_resource_group.resource_group", + "mode": "managed", + "type": "azurerm_resource_group", + "name": "resource_group", + "provider_config_key": "azurerm", + "expressions": { + "location": { + "references": [ + "var.region" + ] + }, + "name": { + "references": [ + "var.name" + ] + } + }, + "schema_version": 0 + } + ] + } + } + } + } + } +} + diff --git a/providers/blacklist_provider_test.rego b/providers/blacklist_provider/blacklist_provider_test.rego similarity index 100% rename from providers/blacklist_provider_test.rego rename to providers/blacklist_provider/blacklist_provider_test.rego diff --git a/providers/blacklist_provider_mock.json b/providers/blacklist_provider_mock.json deleted file mode 100644 index 1acc25d..0000000 --- a/providers/blacklist_provider_mock.json +++ /dev/null @@ -1,205 +0,0 @@ -{ - "mock": { - "valid_input": { - "tfplan": { - "resource_changes": [ - { - "address": "aws_instance.scalr", - "mode": "managed", - "type": "aws_instance", - "name": "scalr", - "provider_name": "registry.terraform.io/hashicorp/aws", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "ami": "ami-2757f631", - "credit_specification": [], - "disable_api_termination": null, - "ebs_optimized": null, - "get_password_data": false, - "hibernation": null, - "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, - "instance_type": "t2.nano", - "key_name": "mykey", - "monitoring": null, - "source_dest_check": true, - "subnet_id": "subnet-0ebb1058ad727asdf", - "tags": null, - "timeouts": null, - "user_data": null, - "user_data_base64": null, - "vpc_security_group_ids": [ - "sg-0880cfdc546b123ba" - ] - }, - "after_unknown": { - "arn": true, - "associate_public_ip_address": true, - "availability_zone": true, - "cpu_core_count": true, - "cpu_threads_per_core": true, - "credit_specification": [], - "ebs_block_device": true, - "ephemeral_block_device": true, - "host_id": true, - "id": true, - "instance_state": true, - "ipv6_address_count": true, - "ipv6_addresses": true, - "metadata_options": true, - "network_interface": true, - "network_interface_id": true, - "outpost_arn": true, - "password_data": true, - "placement_group": true, - "primary_network_interface_id": true, - "private_dns": true, - "private_ip": true, - "public_dns": true, - "public_ip": true, - "root_block_device": true, - "security_groups": true, - "tenancy": true, - "volume_tags": true, - "vpc_security_group_ids": [ - false - ] - } - } - } - ], - "configuration": { - "provider_config": { - "aws": { - "name": "aws", - "expressions": { - "region": { - "constant_value": "us-east-1" - } - } - } - }, - "root_module": { - "resources": [ - { - "address": "aws_instance.scalr", - "mode": "managed", - "type": "aws_instance", - "name": "scalr", - "provider_config_key": "aws", - "expressions": { - "ami": { - "constant_value": "ami-2757f631" - }, - "instance_type": { - "constant_value": "t2.nano" - }, - "key_name": { - "constant_value": "mykey" - }, - "subnet_id": { - "constant_value": "subnet-0ebb1058ad727asdf" - }, - "vpc_security_group_ids": { - "constant_value": [ - "sg-0880cfdc546b123ba" - ] - } - }, - "schema_version": 1 - } - ] - } - } - } - }, - "invalid_input": { - "tfplan": { - "resource_changes": [ - { - "address": "azurerm_resource_group.resource_group", - "mode": "managed", - "type": "azurerm_resource_group", - "name": "resource_group", - "provider_name": "registry.terraform.io/hashicorp/azurerm", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "location": "eastus", - "name": "testdevops", - "tags": null, - "timeouts": null - }, - "after_unknown": { - "id": true - } - } - } - ], - "output_changes": { - "azure_rg_id": { - "actions": [ - "create" - ], - "before": null, - "after_unknown": true - } - }, - "configuration": { - "provider_config": { - "azurerm": { - "name": "azurerm", - "expressions": { - "features": [ - {} - ] - } - } - }, - "root_module": { - "outputs": { - "azure_rg_id": { - "expression": { - "references": [ - "azurerm_resource_group.resource_group" - ] - }, - "description": "Azure Resource Group ID" - } - }, - "resources": [ - { - "address": "azurerm_resource_group.resource_group", - "mode": "managed", - "type": "azurerm_resource_group", - "name": "resource_group", - "provider_config_key": "azurerm", - "expressions": { - "location": { - "references": [ - "var.region" - ] - }, - "name": { - "references": [ - "var.name" - ] - } - }, - "schema_version": 0 - } - ] - } - } - } - } - } - } -} diff --git a/user/user.rego b/user/check_user/user.rego similarity index 100% rename from user/user.rego rename to user/check_user/user.rego diff --git a/user/user_mock.json b/user/check_user/user_mock.json similarity index 100% rename from user/user_mock.json rename to user/check_user/user_mock.json diff --git a/user/user_test.rego b/user/check_user/user_test.rego similarity index 100% rename from user/user_test.rego rename to user/check_user/user_test.rego