Skip to content

tibber/opa-policies

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
policy
policy
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

opa-policies

OPA policies used at Tibber

Getting started

Installing

make download
# copy the binary to /usr/local/bin or any other location for binaries in the system
sudo mv conftest /usr/local/bin/conftest

Usage

The common usage of those policies are as a library in Atlantis Conftest

Writing new rules

  • Create <rule_name>.rego and <rule_name>_test.rego under policy/terraform/aws/<aws-service>/. If the <aws-service> does not exist yet, then it must be created
  • Rule names must be prefixed with deny or allow. Rules usually deny changes to resources.

Once the rule is created, add it to the rules array at policy/terraform/terraform.rego.

Testing the rules

Write tests for the rule in the <rule_name>_test.rego file. Use existing rule tests as the starting point.

Tests

Run make unit-tests for testing all the rules.

Formatting

Rego files must follow OPA's formating standard. Run make fmt to ensure that rego files are formatted.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages