tofu-controller
tofu-controller copied to clipboard
Published
20 hours ago •
flux-iac
flux-iac
Add Terraform policy examples for Weave GitOps Policy
trafficstars
We have an example from the early design of a policy. Let's iterate on it.
apiVersion: pac.weave.works/v2beta1
kind: Policy
metadata:
name: weave.policies.test-terraform
spec:
id: weave.policies.test-terraform
name: Test Terraform Policy
enabled: true
description: "test policy for terraform"
how_to_solve: "test policy for terraform"
category: weave.categories.access-control
severity: high
targets: {kinds: [Terraform]}
provider: terraform
code: |
package magalix.advisor.test_terraform
violation[result] {
value := input.review.object.status.tfplan.planned_values.outputs.hello_world.value
not startswith(value, "hello")
result = {
"issue_detected": true,
"msg": sprintf("value must start with [hello] but found: %s", [value]),
}
}
========
User Story:
As a Kubernetes administrator, I'd like to have Terraform policy examples for Weave GitOps Policy, so that I can easily understand and implement desired policies for my infrastructure.
Acceptance Criteria:
- [ ] Update the existing Weave Policy example to follow best practices and include clear instructions.
- [ ] Documentation on how to use and customize the provided policy example.
- [ ] Sample Terraform configuration to demonstrate using the example policy.
@fire-ant You flagged this to me as P1-level priority. What kind of example do you expect to see, and why is it a P1 need?
