-
Notifications
You must be signed in to change notification settings - Fork 0
/
tfe_policies_only.sentinel
68 lines (63 loc) · 2.37 KB
/
tfe_policies_only.sentinel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import "tfplan"
# Get an array of all resources of the given type (or an empty array).
get_resources = func(type) {
if length(tfplan.module_paths else []) > 0 { # always true in the real tfplan import
return get_resources_all_modules(type)
} else { # fallback for tests
return get_resources_root_only(type)
}
}
get_resources_root_only = func(type) {
resources = []
named_and_counted_resources = tfplan.resources[type] else {}
# Get resource bodies out of nested resource maps, from:
# {"name": {"0": {"applied": {...}, "diff": {...} }, "1": {...}}, "name": {...}}
# to:
# [{"applied": {...}, "diff": {...}}, {"applied": {...}, "diff": {...}}, ...]
for named_and_counted_resources as _, instances {
for instances as _, body {
append(resources, body)
}
}
return resources
}
get_resources_all_modules = func(type) {
resources = []
for tfplan.module_paths as path {
named_and_counted_resources = tfplan.module(path).resources[type] else {}
# Get resource bodies out of nested resource maps, from:
# {"name": {"0": {"applied": {...}, "diff": {...} }, "1": {...}}, "name": {...}}
# to:
# [{"applied": {...}, "diff": {...}}, {"applied": {...}, "diff": {...}}, ...]
for named_and_counted_resources as _, instances {
for instances as _, body {
append(resources, body)
}
}
}
return resources
}
no_tfe_oauth_client = rule { length(get_resources("tfe_oauth_client")) == 0 }
no_tfe_organization = rule { length(get_resources("tfe_organization")) == 0 }
no_tfe_organization_token = rule { length(get_resources("tfe_organization_token")) == 0 }
no_tfe_ssh_key = rule { length(get_resources("tfe_ssh_key")) == 0 }
no_tfe_team = rule { length(get_resources("tfe_team")) == 0 }
no_tfe_team_access = rule { length(get_resources("tfe_team_access")) == 0 }
no_tfe_team_member = rule { length(get_resources("tfe_team_member")) == 0 }
no_tfe_team_members = rule { length(get_resources("tfe_team_members")) == 0 }
no_tfe_team_token = rule { length(get_resources("tfe_team_token")) == 0 }
no_tfe_variable = rule { length(get_resources("tfe_variable")) == 0 }
no_tfe_workspace = rule { length(get_resources("tfe_workspace")) == 0 }
main = rule {
no_tfe_oauth_client and
no_tfe_organization and
no_tfe_organization_token and
no_tfe_ssh_key and
#no_tfe_team and
#no_tfe_team_access and
no_tfe_team_member and
no_tfe_team_members and
no_tfe_team_token
#no_tfe_variable and
#no_tfe_workspace
}