github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-opa-example/README.md

github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-opa-example/README.md (about)

     1  # Terraform OPA Example
     2  
     3  This folder contains an [OPA](https://www.openpolicyagent.org/) policy that validates that all module blocks use a
     4  source that comes from the `gruntwork-io` GitHub org (the [enforce_source.rego](./policy/enforce_source.rego) file).
     5  To test this policy, we provided two Terraform modules, [pass](./pass) and [fail](./fail), which will demonstrate how
     6  OPA looks when run against a module that passes the checks, and one that fails the checks.
     7  
     8  Check out [test/terraform_opa_example_test.go](/test/terraform_opa_example_test.go) to see how you can write automated
     9  tests for this module.
    10  
    11  
    12  ## Running this module manually
    13  
    14  1. Install [OPA](https://www.openpolicyagent.org/) and make sure it's on your `PATH`.
    15  1. Install [hcl2json](https://github.com/tmccombs/hcl2json) and make sure it's on your `PATH`. We need this to convert
    16     the terraform source code to json as OPA currently doesn't support parsing HCL.
    17  1. Convert each terraform source code in the `pass` or `fail` folder to json by feeding it to `hcl2json`:
    18  
    19         hcl2json pass/main.tf > pass/main.json
    20  
    21  1. Run each converted terraform json file against the OPA policy:
    22  
    23         opa eval --fail \
    24           -i pass/main.json \
    25           -d policy/enforce_source.rego \
    26           'data.enforce_source.allow'
    27  
    28  
    29  ## Running automated tests against this module
    30  
    31  1. Install [OPA](https://www.openpolicyagent.org/) and make sure it's on your `PATH`.
    32  1. Install [Golang](https://golang.org/).
    33  1. `cd test`
    34  1. `go test -v -run TestOPAEvalTerraformModule`