Skip to content
This repository was archived by the owner on Jul 4, 2023. It is now read-only.

Commit 0cf5c2f

Browse files
author
Riaan Nolan
committed
adding Sentinel policies and terraform code used to create the policies, aws-block-allow-all-cidr and aws-alb-redirect
1 parent 20e32ca commit 0cf5c2f

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

53 files changed

+4461
-9
lines changed

hashicorp/README.md

Lines changed: 545 additions & 9 deletions
Large diffs are not rendered by default.

hashicorp/sentinel.sh

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,24 @@ echo -e '\e[38;5;198m'"++++ cat /tmp/policy.sentinel"
2121
cat /tmp/policy.sentinel
2222
echo -e '\e[38;5;198m'"++++ sentinel apply /tmp/policy.sentinel"
2323
sentinel apply /tmp/policy.sentinel
24+
echo -e '\e[38;5;198m'"++++ Let's test some more advanced Sentinel Policies"
25+
# https://github.com/hashicorp/tfe-policies-example
26+
# https://docs.hashicorp.com/sentinel/language/
27+
echo -e '\e[38;5;198m'"++++ https://github.com/hashicorp/tfe-policies-example"
28+
echo -e '\e[38;5;198m'"++++ https://docs.hashicorp.com/sentinel/language/"
29+
cd /vagrant/hashicorp/sentinel/
30+
echo -e '\e[38;5;198m'"++++ sentinel test aws-block-allow-all-cidr.sentinel"
31+
sentinel test aws-block-allow-all-cidr.sentinel || true
32+
echo -e '\e[38;5;198m'"++++ sentinel apply -config ./test/aws-block-allow-all-cidr/pass.json aws-block-allow-all-cidr.sentinel"
33+
sentinel apply -config ./test/aws-block-allow-all-cidr/pass.json aws-block-allow-all-cidr.sentinel
34+
echo -e '\e[38;5;198m'"++++ sentinel apply -config ./test/aws-block-allow-all-cidr/fail.json aws-block-allow-all-cidr.sentinel"
35+
sentinel apply -config ./test/aws-block-allow-all-cidr/fail.json aws-block-allow-all-cidr.sentinel || true
36+
echo -e '\e[38;5;198m'"++++ sentinel test aws-alb-redirect.sentinel"
37+
sentinel test aws-alb-redirect.sentinel || true
38+
echo -e '\e[38;5;198m'"++++ sentinel apply -config ./test/aws-alb-redirect/fail.json aws-alb-redirect.sentinel"
39+
sentinel apply -config ./test/aws-alb-redirect/fail.json aws-alb-redirect.sentinel || true
40+
echo -e '\e[38;5;198m'"++++ sentinel apply -config ./test/aws-alb-redirect/pass.json aws-alb-redirect.sentinel"
41+
sentinel apply -config ./test/aws-alb-redirect/pass.json aws-alb-redirect.sentinel
2442
}
2543

2644
sentinel-install

hashicorp/sentinel/.github/main.workflow

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
workflow "Sentinel" {
2+
resolves = ["sentinel-test", "terraform-fmt"]
3+
on = "pull_request"
4+
}
5+
6+
action "sentinel-test" {
7+
uses = "hashicorp/sentinel-github-actions/test@master"
8+
secrets = ["GITHUB_TOKEN"]
9+
env = {
10+
STL_ACTION_WORKING_DIR = "."
11+
}
12+
}
13+
14+
15+
action "terraform-fmt" {
16+
uses = "hashicorp/terraform-github-actions/[email protected]"
17+
secrets = ["GITHUB_TOKEN"]
18+
env = {
19+
TF_ACTION_WORKING_DIR = "."
20+
}
21+
}

hashicorp/sentinel/.gitignore

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
# Local .terraform directories
2+
**/.terraform/*
3+
4+
# .tfstate files
5+
*.tfstate
6+
*.tfstate.*
7+
8+
# .tfvars files
9+
*.tfvars

0 commit comments

Comments
 (0)