{"id":13505784,"url":"https://github.com/elmundio87/terraform_validate","last_synced_at":"2025-03-30T00:31:38.084Z","repository":{"id":57474330,"uuid":"56401653","full_name":"elmundio87/terraform_validate","owner":"elmundio87","description":"Assists in the enforcement of user-defined standards in Terraform","archived":true,"fork":false,"pushed_at":"2020-01-06T17:14:56.000Z","size":136,"stargazers_count":257,"open_issues_count":14,"forks_count":40,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-03-23T01:16:15.983Z","etag":null,"topics":["hcl","python","terraform"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elmundio87.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-04-16T19:22:08.000Z","updated_at":"2025-02-28T18:07:55.000Z","dependencies_parsed_at":"2022-09-12T21:02:11.582Z","dependency_job_id":null,"html_url":"https://github.com/elmundio87/terraform_validate","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elmundio87%2Fterraform_validate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elmundio87%2Fterraform_validate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elmundio87%2Fterraform_validate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elmundio87%2Fterraform_validate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elmundio87","download_url":"https://codeload.github.com/elmundio87/terraform_validate/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246262490,"owners_count":20749170,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hcl","python","terraform"],"created_at":"2024-08-01T00:01:13.651Z","updated_at":"2025-03-30T00:31:33.064Z","avatar_url":"https://github.com/elmundio87.png","language":"Python","funding_links":[],"categories":["Testing","Python","Climbing"],"sub_categories":["Miscellaneous","Community providers","Chess :chess_pawn:"],"readme":"# Terraform Validate\n\nLinux: [![Linux Build Status](https://travis-ci.org/elmundio87/terraform_validate.svg?branch=master)](https://travis-ci.org/elmundio87/terraform_validate)\n\nWindows: [![Windows Build status](https://ci.appveyor.com/api/projects/status/36dwtekc8tvrny24/branch/master?svg=true)](https://ci.appveyor.com/project/elmundio87/terraform-validate/branch/master)\n\nA python package that allows users to define Policy as Code for Terraform configurations. \n\nBy parsing a directory of .tf files using `pyhcl`, each defined resource can be tested using this module. \n\n## Example Usages\n\n### Check that all AWS EBS volumes are encrypted\n\n\n```\nimport terraform_validate\n\nclass TestEncryptionAtRest(unittest.TestCase):\n\n    def setUp(self):\n        # Tell the module where to find your terraform configuration folder\n        self.path = os.path.join(os.path.dirname(os.path.realpath(__file__)),\"../terraform\")\n        self.v = terraform_validate.Validator(self.path)\n\n    def test_aws_ebs_volume(self):\n        # Assert that all resources of type 'aws_ebs_volume' are encrypted\n        self.v.error_if_property_missing() # Fail any tests if the property does not exist on a resource\n        self.v.resources('aws_ebs_volume').property('encrypted').should_equal(True)\n\n    def test_instance_ebs_block_device(self):\n        # Assert that all resources of type 'ebs_block_device' that are inside a 'aws_instance' are encrypted\n        self.v.error_if_property_missing()\n        self.v.resources('aws_instance').property('ebs_block_device').property('encrypted').should_equal(True)\n\nif __name__ == '__main__':\n    suite = unittest.TestLoader().loadTestsFromTestCase(TestEncryptionAtRest)\n    unittest.TextTestRunner(verbosity=0).run(suite)\n\n```\n\n```\nresource \"aws_instance\" \"foo\" {\n  # This would fail the test\n  ebs_block_device{\n    encrypted = false\n  }\n}\n\nresource \"aws_ebs_volume\" \"bar\" {\n  # This would fail the test\n  encrypted = false\n}\n```\n\n### Check that AWS resources are tagged correctly\n\n```\nimport terraform_validate\n\nclass TestEncryptionAtRest(unittest.TestCase):\n\n    def setUp(self):\n        # Tell the module where to find your terraform configuration folder\n        self.path = os.path.join(os.path.dirname(os.path.realpath(__file__)),\"../terraform\")\n        self.v = terraform_validate.Validator(self.path)\n\n    def test_aws_ebs_volume(self):\n        # Assert that all resources of type 'aws_instance' and 'aws_ebs_volume' have the correct tags\n        tagged_resources = [\"aws_instance\",\"aws_ebs_volume\"]\n        required_tags = [\"name\",\"version\",\"owner\"]\n        self.v.resources(tagged_resources).property('tags').should_have_properties(required_tags)\n\nif __name__ == '__main__':\n    suite = unittest.TestLoader().loadTestsFromTestCase(TestEncryptionAtRest)\n    unittest.TextTestRunner(verbosity=0).run(suite)\n```\n\n## Behaviour functions\n\nThese affect the results of the Validation functions in a way that may be required for your tests.\n\n### Validator.error_if_property_missing()\n\nBy default, no errors will be raised if a property value is missing on a resource. This changes the behavior of .property() calls to raise an error if a property is not found on a resource.\n\n### Validator.enable_variable_expansion()\n\nBy default, variables in property values will not be calculated against their default values. This changes the behaviour of all Validation functions, to work out the value of a string when the variables have default values.\n\neg. `string = \"${var.foo}\"` will be read as `string = \"1\"` by the validator if the default value of `foo` is 1.\n\n## Search functions\n\nThese are used to gather property values together so that they can be validated.\n\n### Validator.resources([resource_types])\nSearches for all resources of the required types and outputs a `TerraformResourceList`.\n\nCan be chained with a `.property()` function.\n\nIf passed a string as an argument, search through all resource types and list the ones that match the string as a regex.\nIf passed a list as an argument, only use the types that are inside the list.\n\nOutputs: `TerraformResourceList`\n\n### TerraformResourceList.property(property_name)\n\nCollects all top-level properties in a `TerraformResourceList`  and exposes methods that can be used to validate the property values.\n\nCan be chained with another `.property()` call to fetch nested properties.\n\neg. ``.resource('aws_instance').property('name')``\n\n### TerraformResourceList.find_property(regex)\n\nSimilar to `TerraformResourceList.property()`, except that it will attempt to use a regex string to search for the property.\n\neg. ``.resource('aws_instance').find_property('tag[a-z]')``\n\n\n### TerraformPropertyList.property(property_name)\n\nCollects all nested properties in `TerraformPropertyList` and exposes methods that can be used to validate the property values.\n\neg. ``.resource('aws_instance').property('tags').property('name')``\n\n\n### TerraformPropertyList.find_property(regex)\n\nSimilar to `TerraformPropertyList.property()`, except that it will attempt to use a regex string to search for the property.\n\neg. ``.resource('aws_instance').find_property('tag[a-z]')``\n\n## Validation functions\n\nIf there are any errors, these functions will print the error and raise an AssertionError. The purpose of these functions is to validate the property values of different resources.\n\n### TerraformResourceList.should_have_properties([required_properties])\n\nWill raise an AssertionError if any of the properties in `required_properties` are missing from a `TerraformResourceList`.\n\n### TerraformPropertyList.should_have_properties([required_properties])\n\nWill raise an AssertionError if any of the properties in `required_properties` are missing from a `TerraformPropertyList`.\n\n### TerraformResourceList.should_not_have_properties([excluded_properties])\n\nWill raise an AssertionError if any of the properties in `required_properties` are missing from a `TerraformResourceList`.\n\n### TerraformPropertyList.should_not_have_properties([excluded_properties])\n\nWill raise an AssertionError if any of the properties in `required_properties` are missing from a `TerraformPropertyList`.\n\n### TerraformResourceList.name_should_match_regex(regex)\n\nWill raise an AssertionError if the Terraform resource name does not match the value of `regex`\n\n### TerraformPropertyList.should_equal(expected_value)\n\nWill raise an AssertionError if the value of the property does not equal `expected_value`\n\n### TerraformPropertyList.should_not_equal(unexpected_value)\n\nWill raise an AssertionError if the value of the property equals `unexpected_value`\n\n### TerraformPropertyList.should_match_regex(regex)\n\nWill raise an AssertionError if the value of the property does not match the value of `regex`\n\n### TerraformPropertyList.list_should_contain([value])\n\nWill raise an AssertionError if the list value does not contain any of the `[value]`\n\n### TerraformPropertyList.list_should_not_contain([value])\n\nWill raise an AssertionError if the list value does contain any of the `[value]`\n\n\n\n## Run with Docker\n\nBuild the terraform_validate daemon using:\n\n```\ndocker build -t terraform_validate .\n```\n\nThen, on a different location, place your tests on your tests.py.\n\nTo run:\n```\ndocker run -v `pwd`:/terraform_validate terraform_validate\n```\n\nExample output (All tests passing):\n\n```\n$ docker run -v `pwd`:/terraform_validate terraform_validate\n----------------------------------------------------------------------\nRan 3 tests in 1.607s\n\nOK\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felmundio87%2Fterraform_validate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felmundio87%2Fterraform_validate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felmundio87%2Fterraform_validate/lists"}