Skip to content

Commit 940083c

Browse files
rberlindrberlind
committed
update mandatory tags for AWS
1 parent 3607021 commit 940083c

File tree

5 files changed

+83
-26
lines changed

5 files changed

+83
-26
lines changed

governance/third-generation/aws/enforce-mandatory-tags.sentinel

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,10 @@ import "tfplan-functions" as plan
1010
import "aws-functions" as aws
1111

1212
# List of mandatory tags
13-
mandatory_tags = ["Name", "ttl", "Owner"]
13+
# Note that the tags here are for internal HashiCorp usage
14+
# You should assign your own tags in a "mandatory_tags" parameter in your policy set
15+
# Or change the tags here in the policy.
16+
param mandatory_tags default ["Name", "ttl", "owner", "se-region", "purpose", "terraform"]
1417

1518
# Get all AWS Resources with standard tags
1619
allAWSResourcesWithStandardTags = aws.find_resources_with_standard_tags()

governance/third-generation/aws/test/enforce-mandatory-tags/mock-tfconfig-fail-missing-tags.sentinel

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ resources = {
5353
},
5454
"tags": {
5555
"constant_value": {
56-
"Owner": "[email protected]",
56+
"owner": "[email protected]",
5757
"Name": "Roger Test Bucket",
5858
},
5959
},

governance/third-generation/aws/test/enforce-mandatory-tags/mock-tfconfig-pass.sentinel

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,9 +53,12 @@ resources = {
5353
},
5454
"tags": {
5555
"constant_value": {
56-
"Owner": "[email protected]",
56+
"owner": "[email protected]",
5757
"Name": "Roger Test Bucket",
5858
"ttl": "24",
59+
"se-region": "globals",
60+
"purpose": "demo",
61+
"terraform": "true",
5962
},
6063
},
6164
"website": {

governance/third-generation/aws/test/enforce-mandatory-tags/mock-tfplan-fail-missing-tags.sentinel

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -62,8 +62,9 @@ resource_changes = {
6262
},
6363
],
6464
"tags": {
65-
"Owner": "[email protected]",
65+
"owner": "[email protected]",
6666
"Name": "Roger Test Bucket",
67+
"ttl": "24",
6768
},
6869
"website": [
6970
{
@@ -209,7 +210,8 @@ resource_changes = {
209210
"source_dest_check": true,
210211
"tags": {
211212
"Name": "roger-demo",
212-
"Owner": "rberlind",
213+
"owner": "rberlind",
214+
"ttl": "24",
213215
},
214216
"timeouts": null,
215217
"user_data": null,
@@ -277,7 +279,8 @@ resource_changes = {
277279
"source_dest_check": true,
278280
"tags": {
279281
"Name": "roger-demo-nested",
280-
"Owner": "rberlind",
282+
"owner": "rberlind",
283+
"ttl": "24",
281284
},
282285
"timeouts": null,
283286
"user_data": null,
@@ -562,7 +565,8 @@ raw = {
562565
"source_dest_check": true,
563566
"tags": {
564567
"Name": "roger-demo-nested",
565-
"Owner": "rberlind",
568+
"owner": "rberlind",
569+
"ttl": "24",
566570
},
567571
"timeouts": null,
568572
"user_data": null,
@@ -597,7 +601,8 @@ raw = {
597601
"source_dest_check": true,
598602
"tags": {
599603
"Name": "roger-demo",
600-
"Owner": "rberlind",
604+
"owner": "rberlind",
605+
"ttl": "24",
601606
},
602607
"timeouts": null,
603608
"user_data": null,
@@ -628,7 +633,8 @@ raw = {
628633
"source_dest_check": true,
629634
"tags": {
630635
"Name": "roger-demo",
631-
"Owner": "rberlind",
636+
"owner": "rberlind",
637+
"ttl": "24",
632638
},
633639
"timeouts": null,
634640
"user_data": null,
@@ -677,7 +683,8 @@ raw = {
677683
"source_dest_check": true,
678684
"tags": {
679685
"Name": "roger-demo",
680-
"Owner": "rberlind",
686+
"owner": "rberlind",
687+
"ttl": "24",
681688
},
682689
"timeouts": null,
683690
"user_data": null,
@@ -743,7 +750,8 @@ raw = {
743750
"source_dest_check": true,
744751
"tags": {
745752
"Name": "roger-demo",
746-
"Owner": "rberlind",
753+
"owner": "rberlind",
754+
"ttl": "24",
747755
},
748756
"timeouts": null,
749757
"user_data": null,
@@ -809,7 +817,8 @@ raw = {
809817
"source_dest_check": true,
810818
"tags": {
811819
"Name": "roger-demo-nested",
812-
"Owner": "rberlind",
820+
"owner": "rberlind",
821+
"ttl": "24",
813822
},
814823
"timeouts": null,
815824
"user_data": null,

governance/third-generation/aws/test/enforce-mandatory-tags/mock-tfplan-pass.sentinel

Lines changed: 56 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -47,9 +47,12 @@ planned_values = {
4747
},
4848
],
4949
"tags": {
50-
"Owner": "[email protected]",
50+
"owner": "[email protected]",
5151
"Name": "Roger Test Bucket",
5252
"ttl": "24",
53+
"se-region": "globals",
54+
"purpose": "demo",
55+
"terraform": "true",
5356
},
5457
"website": [
5558
{
@@ -133,8 +136,11 @@ planned_values = {
133136
"source_dest_check": true,
134137
"tags": {
135138
"Name": "roger-demo",
136-
"Owner": "rberlind",
139+
"owner": "rberlind",
137140
"ttl": "24",
141+
"se-region": "globals",
142+
"purpose": "demo",
143+
"terraform": "true",
138144
},
139145
"timeouts": null,
140146
"user_data": null,
@@ -168,8 +174,11 @@ planned_values = {
168174
"source_dest_check": true,
169175
"tags": {
170176
"Name": "roger-demo",
171-
"Owner": "rberlind",
177+
"owner": "rberlind",
172178
"ttl": "24",
179+
"se-region": "globals",
180+
"purpose": "demo",
181+
"terraform": "true",
173182
},
174183
"timeouts": null,
175184
"user_data": null,
@@ -203,8 +212,11 @@ planned_values = {
203212
"source_dest_check": true,
204213
"tags": {
205214
"Name": "roger-demo-nested",
206-
"Owner": "rberlind",
215+
"owner": "rberlind",
207216
"ttl": "24",
217+
"se-region": "globals",
218+
"purpose": "demo",
219+
"terraform": "true",
208220
},
209221
"timeouts": null,
210222
"user_data": null,
@@ -276,9 +288,12 @@ resource_changes = {
276288
},
277289
],
278290
"tags": {
279-
"Owner": "[email protected]",
291+
"owner": "[email protected]",
280292
"Name": "Roger Test Bucket",
281293
"ttl": "24",
294+
"se-region": "globals",
295+
"purpose": "demo",
296+
"terraform": "true",
282297
},
283298
"website": [
284299
{
@@ -357,8 +372,11 @@ resource_changes = {
357372
"source_dest_check": true,
358373
"tags": {
359374
"Name": "roger-demo",
360-
"Owner": "rberlind",
375+
"owner": "rberlind",
361376
"ttl": "24",
377+
"se-region": "globals",
378+
"purpose": "demo",
379+
"terraform": "true",
362380
},
363381
"timeouts": null,
364382
"user_data": null,
@@ -426,8 +444,11 @@ resource_changes = {
426444
"source_dest_check": true,
427445
"tags": {
428446
"Name": "roger-demo",
429-
"Owner": "rberlind",
447+
"owner": "rberlind",
430448
"ttl": "24",
449+
"se-region": "globals",
450+
"purpose": "demo",
451+
"terraform": "true",
431452
},
432453
"timeouts": null,
433454
"user_data": null,
@@ -495,8 +516,11 @@ resource_changes = {
495516
"source_dest_check": true,
496517
"tags": {
497518
"Name": "roger-demo-nested",
498-
"Owner": "rberlind",
519+
"owner": "rberlind",
499520
"ttl": "24",
521+
"se-region": "globals",
522+
"purpose": "demo",
523+
"terraform": "true",
500524
},
501525
"timeouts": null,
502526
"user_data": null,
@@ -781,8 +805,11 @@ raw = {
781805
"source_dest_check": true,
782806
"tags": {
783807
"Name": "roger-demo-nested",
784-
"Owner": "rberlind",
808+
"owner": "rberlind",
785809
"ttl": "24",
810+
"se-region": "globals",
811+
"purpose": "demo",
812+
"terraform": "true",
786813
},
787814
"timeouts": null,
788815
"user_data": null,
@@ -817,8 +844,11 @@ raw = {
817844
"source_dest_check": true,
818845
"tags": {
819846
"Name": "roger-demo",
820-
"Owner": "rberlind",
847+
"owner": "rberlind",
821848
"ttl": "24",
849+
"se-region": "globals",
850+
"purpose": "demo",
851+
"terraform": "true",
822852
},
823853
"timeouts": null,
824854
"user_data": null,
@@ -849,8 +879,11 @@ raw = {
849879
"source_dest_check": true,
850880
"tags": {
851881
"Name": "roger-demo",
852-
"Owner": "rberlind",
882+
"owner": "rberlind",
853883
"ttl": "24",
884+
"se-region": "globals",
885+
"purpose": "demo",
886+
"terraform": "true",
854887
},
855888
"timeouts": null,
856889
"user_data": null,
@@ -899,8 +932,11 @@ raw = {
899932
"source_dest_check": true,
900933
"tags": {
901934
"Name": "roger-demo",
902-
"Owner": "rberlind",
935+
"owner": "rberlind",
903936
"ttl": "24",
937+
"se-region": "globals",
938+
"purpose": "demo",
939+
"terraform": "true",
904940
},
905941
"timeouts": null,
906942
"user_data": null,
@@ -966,8 +1002,11 @@ raw = {
9661002
"source_dest_check": true,
9671003
"tags": {
9681004
"Name": "roger-demo",
969-
"Owner": "rberlind",
1005+
"owner": "rberlind",
9701006
"ttl": "24",
1007+
"se-region": "globals",
1008+
"purpose": "demo",
1009+
"terraform": "true",
9711010
},
9721011
"timeouts": null,
9731012
"user_data": null,
@@ -1033,8 +1072,11 @@ raw = {
10331072
"source_dest_check": true,
10341073
"tags": {
10351074
"Name": "roger-demo-nested",
1036-
"Owner": "rberlind",
1075+
"owner": "rberlind",
10371076
"ttl": "24",
1077+
"se-region": "globals",
1078+
"purpose": "demo",
1079+
"terraform": "true",
10381080
},
10391081
"timeouts": null,
10401082
"user_data": null,

0 commit comments

Comments
 (0)