diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..03d9549
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..d1e22ec
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..027a02f
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/sample-tf-opa-policies.iml b/.idea/sample-tf-opa-policies.iml
new file mode 100644
index 0000000..d0876a7
--- /dev/null
+++ b/.idea/sample-tf-opa-policies.iml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..94a25f7
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..daa18b1
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,178 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {
+ "keyToString": {
+ "RunOnceActivity.OpenProjectViewOnStart": "true",
+ "RunOnceActivity.ShowReadmeOnStart": "true",
+ "TF_FMT": "false",
+ "WebServerToolWindowFactoryState": "true",
+ "last_opened_file_path": "/Users/lyzohub/Work/sample-tf-opa-policies/external_data",
+ "node.js.detected.package.eslint": "true",
+ "node.js.selected.package.eslint": "(autodetect)",
+ "nodejs_package_manager_path": "npm"
+ }
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1662036309600
+
+
+ 1662036309600
+
+
+
+
+
+
+
+
+
+
+
+ 1665149600331
+
+
+
+ 1665149600331
+
+
+ 1665149678659
+
+
+
+ 1665149678659
+
+
+ 1666262708869
+
+
+
+ 1666262708869
+
+
+ 1666263614938
+
+
+
+ 1666263614938
+
+
+ 1668098299943
+
+
+
+ 1668098299943
+
+
+ 1668505280448
+
+
+
+ 1668505280448
+
+
+ 1668505408969
+
+
+
+ 1668505408969
+
+
+ 1668505651666
+
+
+
+ 1668505651666
+
+
+ 1668505728759
+
+
+
+ 1668505728759
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/always_fail/scalr-policy.hcl b/always_fail/scalr-policy.hcl
new file mode 100644
index 0000000..6ca0fae
--- /dev/null
+++ b/always_fail/scalr-policy.hcl
@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "test_fail" {
+ enabled = true
+ enforcement_level = "soft-mandatory"
+}
diff --git a/always_fail/test_fail.rego b/always_fail/test_fail.rego
new file mode 100644
index 0000000..1a2eabf
--- /dev/null
+++ b/always_fail/test_fail.rego
@@ -0,0 +1,8 @@
+package terraform
+
+
+deny[reason] {
+ true
+
+ reason := sprintf("Variables: %v",[tfplan.variables])
+}
diff --git a/always_pass/scalr-policy.hcl b/always_pass/scalr-policy.hcl
new file mode 100644
index 0000000..630449f
--- /dev/null
+++ b/always_pass/scalr-policy.hcl
@@ -0,0 +1,8 @@
+version = "v1"
+
+
+
+policy "test_pass" {
+ enabled = true
+ enforcement_level = "soft-mandatory"
+}
diff --git a/always_pass/test_pass.rego b/always_pass/test_pass.rego
new file mode 100644
index 0000000..3cc914c
--- /dev/null
+++ b/always_pass/test_pass.rego
@@ -0,0 +1,9 @@
+package terraform
+
+
+deny[reason] {
+ false
+
+
+ reason := sprintf("pass")
+}
diff --git a/external_data/random_decision1.rego b/external_data/random_decision1.rego
new file mode 100644
index 0000000..c8e0ddb
--- /dev/null
+++ b/external_data/random_decision1.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See
+
+package terraform
+
+
+random_number = num {
+ request := {
+ "url": "https://www.random.org/integers/?num=1&min=2&max=9&base=10&col=1&format=plain",
+ "method": "GET"
+ }
+ response := http.send(request)
+ response.status_code == 200
+ num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+ number := random_number
+ number < 1
+
+ reason := sprintf(
+ "Unlucky you: got %d, but 5 or more is required",
+ [number]
+ )
+}
diff --git a/external_data/random_decision2.rego b/external_data/random_decision2.rego
new file mode 100644
index 0000000..b970077
--- /dev/null
+++ b/external_data/random_decision2.rego
@@ -0,0 +1,28 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See
+
+package terraform
+
+
+
+random_number = num {
+ request := {
+ "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+ "method": "GET"
+ }
+ response := http.send(request)
+ response.status_code == 200
+ num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+ number := random_number
+ number < 5
+
+ reason := sprintf(
+ "Unlucky you: got %d, but 5 or more is required",
+ [number]
+ )
+}
diff --git a/external_data/random_decision3.rego b/external_data/random_decision3.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision3.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See
+
+package terraform
+
+
+random_number = num {
+ request := {
+ "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+ "method": "GET"
+ }
+ response := http.send(request)
+ response.status_code == 200
+ num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+ number := random_number
+ number < 5
+
+ reason := sprintf(
+ "Unlucky you: got %d, but 5 or more is required",
+ [number]
+ )
+}
diff --git a/external_data/random_decision4.rego b/external_data/random_decision4.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision4.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See
+
+package terraform
+
+
+random_number = num {
+ request := {
+ "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+ "method": "GET"
+ }
+ response := http.send(request)
+ response.status_code == 200
+ num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+ number := random_number
+ number < 5
+
+ reason := sprintf(
+ "Unlucky you: got %d, but 5 or more is required",
+ [number]
+ )
+}
diff --git a/external_data/random_decision5.rego b/external_data/random_decision5.rego
new file mode 100644
index 0000000..968f304
--- /dev/null
+++ b/external_data/random_decision5.rego
@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See
+
+package terraform
+
+
+random_number = num {
+ request := {
+ "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+ "method": "GET"
+ }
+ response := http.send(request)
+ response.status_code == 200
+ num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+ number := random_number
+ number < 5
+
+ reason := sprintf(
+ "Unlucky you: got %d, but 5 or more is required",
+ [number]
+ )
+}
diff --git a/external_data/scalr-policy.hcl b/external_data/scalr-policy.hcl
index 0560865..c00d4cf 100644
--- a/external_data/scalr-policy.hcl
+++ b/external_data/scalr-policy.hcl
@@ -4,3 +4,28 @@ policy "random_decision" {
enabled = true
enforcement_level = "advisory"
}
+
+policy "random_decision1" {
+ enabled = true
+ enforcement_level = "advisory"
+}
+
+policy "random_decision2" {
+ enabled = true
+ enforcement_level = "advisory"
+}
+
+policy "random_decision3" {
+ enabled = true
+ enforcement_level = "advisory"
+}
+
+policy "random_decision4" {
+ enabled = true
+ enforcement_level = "advisory"
+}
+
+policy "random_decision5" {
+ enabled = true
+ enforcement_level = "advisory"
+}