-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathno-pineapple.sentinel
74 lines (56 loc) · 1.84 KB
/
no-pineapple.sentinel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# This policy uses the Sentinel tfstate import to block
# pizzas with name "Hawaiian" in order sent to Dominos by Terraform Cloud
##### Imports #####
import "tfstate"
import "strings"
##### Functions #####
# Find all data sources of specific type from all modules using the tfstate import
find_data_sources_from_state = func(type) {
data_sources = {}
# Iterate over all modules in the tfstate import
for tfstate.module_paths as path {
# Iterate over the named data sources of desired type in the module
for tfstate.module(path).data[type] else {} as name, instances {
# Iterate over data source instances
for instances as index, d {
# Get the address of the instance
if length(path) == 0 {
# root module
address = type + "." + name + "[" + string(index) + "]"
} else {
# non-root module
address = "module." + strings.join(path, ".module.") + "." +
type + "." + name + "[" + string(index) + "]"
}
# Add the instance to map, setting the key to the address
data_sources[address] = d
}
}
}
return data_sources
}
no_pineapple = func() {
no_pineapple = true
# Get dominos_menu_item data sources
menu_items = find_data_sources_from_state("dominos_menu_item")
# Iterate over all menu items in the order
# Note that each menu item has a list of matches
# each of which has code, name, and price_cents
for menu_items as address, d {
for d.attr.matches as match {
# Check if name includes "Hawaiian"
if match.name matches "(.*)Hawaiian" {
print( "We don't want pineapple on our pizza!")
print("You ordered:", match.name)
no_pineapple = false
}
}
}
return no_pineapple
}
##### Rules #####
# Main rule
no_pineapple = no_pineapple()
main = rule {
no_pineapple
}