Skip to content

Instantly share code, notes, and snippets.

@nicholasjackson
Last active January 8, 2018 18:20
Show Gist options
  • Save nicholasjackson/9d31b6661d8d9104a741c351cd7b26f6 to your computer and use it in GitHub Desktop.
Save nicholasjackson/9d31b6661d8d9104a741c351cd7b26f6 to your computer and use it in GitHub Desktop.
Example Sentinel Policy for restring AWS region to environment
{
"mock": {
"tfplan": {
"config": {
"providers": [
{
"type": "aws",
"config": {"region": "something else"}
}
]
}
},
"env": {"ENV": "staging"}
},
"test": {
"main": false
}
}
{
"mock": {
"tfplan": {
"config": {
"providers": [
{
"type": "aws",
"config": {"region": "us-west-1"}
}
]
}
},
"env": {"ENV": "staging"}
},
"test": {
"main": true
}
}
{
"mock": {
"tfplan": {
"config": {
"providers": [
{
"type": "gcp",
"config": {"region": "something else"}
}
]
}
},
"env": {"ENV": "staging"}
},
"test": {
"main": true
}
}
import "env"
import "tfplan"
valid_regions = {"staging": "us-west-1", "production": "us-east-1"}
if_aws_ensure_valid_region = func(p) {
if p.type is not "aws" {
return true
}
return p.config.region is valid_regions[env.ENV]
}
main = rule {
all tfplan.config.providers as p {
if_aws_ensure_valid_region(p)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment