Merge pull request hashicorp#174 from hashicorp/add-policy-with-http-call

add check-external-http-api.sentinel

Author: rberlind

governance/second-generation/cloud-agnostic/check-external-http-api.sentinel

@@ -0,0 +1,47 @@
+# This policy uses the Sentinel HTTP import to call an external API,
+# https://yesno.wtf/api that randomly returns "yes" or "no"
+# This simulates what a policy might do to check an external system
+# that has a JSON-based API in order to confirm that the run is
+# allowed to do an apply.
+
+# For example, some customers require tickets to be opened and approved
+# before an apply can be done.  The HTTP import could be used to check
+# those types of systems.
+
+# It also uses the Sentinel case statement
+
+# Note that the single associated test.json test case will pass sometimes and
+# fail the other times depending on the value returned by the API.  To see the
+# answer that was returned, run `sentinel test -run=check -verbose`
+
+
+##### Imports #####
+import "http"
+import "json"
+
+##### Functions #####
+
+# Validate that the proposed monthly cost is less than the limit
+check_external_approval_system = func() {
+  req = http.request("https://yesno.wtf/api")
+  res = json.unmarshal(http.get(req).body)
+  answer = res.answer
+  print("answer:", answer)
+
+  case answer {
+    # https://yesno.wtf/api returns "maybe" every 10,000th time
+    when "yes", "maybe":
+      return true
+    when "no":
+      return false
+    else:
+      return false
+  }
+
+}
+
+##### Rules #####
+approved = check_external_approval_system()
+main = rule {
+  approved
+}

governance/second-generation/cloud-agnostic/test/check-external-http-api/test.json

@@ -0,0 +1,5 @@
+{
+  "test": {
+    "main": true
+  }
+}