-
Notifications
You must be signed in to change notification settings - Fork 16
/
restrict-order-cost.sentinel
73 lines (55 loc) · 1.81 KB
/
restrict-order-cost.sentinel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# This policy uses the Sentinel tfstate import to restrict
# the cost of a pizza order sent to Dominos by Terraform Cloud
##### Imports #####
import "tfstate"
import "strings"
##### Functions #####
# Find all data sources of specific type from all modules using the tfstate import
find_data_sources_from_state = func(type) {
data_sources = {}
# Iterate over all modules in the tfstate import
for tfstate.module_paths as path {
# Iterate over the named data sources of desired type in the module
for tfstate.module(path).data[type] else {} as name, instances {
# Iterate over data source instances
for instances as index, d {
# Get the address of the instance
if length(path) == 0 {
# root module
address = type + "." + name + "[" + string(index) + "]"
} else {
# non-root module
address = "module." + strings.join(path, ".module.") + "." +
type + "." + name + "[" + string(index) + "]"
}
# Add the instance to map, setting the key to the address
data_sources[address] = d
}
}
}
return data_sources
}
calculate_cost = func() {
# Get dominos_menu_item data sources
menu_items = find_data_sources_from_state("dominos_menu_item")
# Set order_cost to 0
order_cost = 0.0
# Iterate over all menu items in the order
# Note that each menu item has a list of matches
# each of which has code, name, and price_cents
for menu_items as address, d {
for d.attr.matches as match {
# Add cost of current menu item
print( "Adding menu_item:", match)
order_cost = order_cost + float(match.price_cents) / 100
}
}
print("Total cost of order:", order_cost)
return order_cost
}
##### Rules #####
# Main rule
cost = calculate_cost()
main = rule {
cost <= 51.00
}