https://github.com/jameswoolfenden/conftest-module-example
First steps with Conftest and REGO
https://github.com/jameswoolfenden/conftest-module-example
conftest rego terraform terraform-module
Last synced: about 2 months ago
JSON representation
First steps with Conftest and REGO
- Host: GitHub
- URL: https://github.com/jameswoolfenden/conftest-module-example
- Owner: JamesWoolfenden
- License: apache-2.0
- Created: 2020-10-16T09:06:18.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-10-16T14:28:21.000Z (over 4 years ago)
- Last Synced: 2025-01-25T19:28:20.263Z (4 months ago)
- Topics: conftest, rego, terraform, terraform-module
- Language: HCL
- Homepage:
- Size: 9.77 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Conftest with Terraform
This repo contains early examples (im learning the REGO).
This example demonstrates access to a module.
Why?
Most of the validation required will eventual target modules,
rather than the resources themselves,
that's in any real implementation.
One of great features of OPA/Conftest is that it works on the planned
and evaluated values.
To Use this example you will need Conftest installed in your path:
```conftest
make conftest
...
terraform show -json tfplan.binary > tfplan.json
conftest test ./tfplan.json -p ./policies
←[31mFAIL←[0m - ./tfplan.json - JamesWoolfenden/ip/http
←[31m3 tests, 2 passed, 0 warnings, 1 failure, 0 exceptions←[0m
make: *** [Makefile:47: conftest] Error 1
```
This example raises a failure when you can retrieve the source of the
module being used but it could be any value or test.
See the REGO test file in the policies folder for the REGO rule.
This ability alone is enough to start adopting conftest use for our tf work.