Merge pull request hashicorp#238 from ausmartway/yulei-dev

Add require-version-constrains-to-all-providers sentinel policy

Author: rberlind

governance/third-generation/cloud-agnostic/require-all-modules-have-version-constraint.sentinel

@@ -0,0 +1,29 @@
+# This policy uses the tfconfig/v2 import to require modules to have
+# version constraint, this is a good practise.
+
+
+import "tfconfig-functions" as config
+
+# Get all modules
+
+allModuleCalls = config.find_all_module_calls()
+
+#Get all module calls tht have version_constraint as undefined or empty.
+#think it as : (mc.version_constrain else "") is ""
+violatingModuleCalls = filter allModuleCalls as address, mc {
+    mc.version_constraint else "" is ""
+}
+
+# Print any violations
+
+for violatingModuleCalls as address, mc {
+    print("Module", address, "does not have version_constraint set")
+}
+
+# Main rule
+main = rule {
+    length(violatingModuleCalls) is 0
+}
+
+
+                            

governance/third-generation/cloud-agnostic/require-all-providers-have-version-constraint.sentinel

@@ -0,0 +1,28 @@
+# This policy uses the tfconfig/v2 import to require providers to have
+# version constraint, this is a good practise.
+
+# Import common-functions/tfconfig-functions/tfconfig-functions.sentinel
+# with alias "config"
+import "tfconfig-functions" as config
+
+# Get all providers
+allProviders = config.find_all_providers()
+
+#Get all providers tht has version_constraint as undefined or empty.
+#think it as : (mc.version_constrain else "") is ""
+violatingProviders = filter allProviders as address, mc {
+    mc.version_constraint else "" is ""
+}
+
+# Print any violations
+for violatingProviders as address, mc {
+    print("Provider", address, "does not have version_constraint set")
+}
+
+# Main rule
+main = rule {
+  length(violatingProviders) is 0
+}
+
+
+                            

governance/third-generation/cloud-agnostic/test/require-all-modules-have-version-constraint/fail.json

@@ -0,0 +1,13 @@
+{
+  "modules": {
+    "tfconfig-functions": {
+      "path": "../../../common-functions/tfconfig-functions/tfconfig-functions.sentinel"
+    }
+  },
+  "mock": {
+    "tfconfig/v2": "mock-tfconfig-fail.sentinel"
+  },
+  "test": {
+    "main": false
+  }
+}