Lyzohub patch 12

always_fail/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "test_fail" {
+  enabled           = true
+  enforcement_level = "soft-mandatory"
+}

always_fail/test_fail.rego

@@ -0,0 +1,8 @@
+package terraform
+
+
+deny[reason] {
+    true
+
+    reason := sprintf("Variables: %v",[tfplan.variables])
+}

always_pass/scalr-policy.hcl

@@ -0,0 +1,8 @@
+version = "v1"
+
+
+
+policy "test_pass" {
+  enabled           = true
+  enforcement_level = "soft-mandatory"
+}

always_pass/test_pass.rego

@@ -0,0 +1,9 @@
+package terraform
+
+
+deny[reason] {
+    false
+
+
+    reason := sprintf("pass")
+}

external_data/random_decision1.rego

@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=2&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 1
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}

external_data/random_decision2.rego

@@ -0,0 +1,28 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}

external_data/random_decision3.rego

@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}

external_data/random_decision4.rego

@@ -0,0 +1,27 @@
+# This dummy policy makes a decision based on a number received from random.org service
+# just to demonstrate possible usage of HTTP requests
+# to fetch external data during policy evaluation.
+# See <https://www.openpolicyagent.org/docs/latest/policy-reference/#http>
+
+package terraform
+
+
+random_number = num {
+    request := {
+        "url": "https://www.random.org/integers/?num=1&min=0&max=9&base=10&col=1&format=plain",
+        "method": "GET"
+    }
+    response := http.send(request)
+    response.status_code == 200
+    num := to_number(trim(response.raw_body, "\n"))
+}
+
+deny[reason] {
+    number := random_number
+    number < 5
+
+    reason := sprintf(
+        "Unlucky you: got %d, but 5 or more is required",
+        [number]
+    )
+}