mrajani
diff --git a/‎governance/second-generation/aws/enforce-mandatory-tags.sentinel
Lines changed: 3 additions & 2 deletions b/‎governance/second-generation/aws/enforce-mandatory-tags.sentinel
Lines changed: 3 additions & 2 deletions
diff --git a/‎governance/second-generation/aws/mocks/ec2-instance-mock-tfplan.sentinel
Lines changed: 4 additions & 1 deletion b/‎governance/second-generation/aws/mocks/ec2-instance-mock-tfplan.sentinel
Lines changed: 4 additions & 1 deletion
diff --git a/‎governance/second-generation/aws/mocks/launch-configuration-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion b/‎governance/second-generation/aws/mocks/launch-configuration-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion
diff --git a/‎governance/second-generation/aws/mocks/rds-db-instance-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion b/‎governance/second-generation/aws/mocks/rds-db-instance-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion
diff --git a/‎governance/second-generation/aws/mocks/s3-bucket-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion b/‎governance/second-generation/aws/mocks/s3-bucket-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion
diff --git a/‎governance/second-generation/aws/mocks/sgr-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion b/‎governance/second-generation/aws/mocks/sgr-mock-tfplan.sentinel
Lines changed: 2 additions & 1 deletion
diff --git a/‎governance/second-generation/aws/require-private-acl-and-kms-for-s3-buckets.sentinel
Lines changed: 3 additions & 2 deletions b/‎governance/second-generation/aws/require-private-acl-and-kms-for-s3-buckets.sentinel
Lines changed: 3 additions & 2 deletions
diff --git a/‎governance/second-generation/aws/restrict-availability-zones.sentinel
Lines changed: 3 additions & 2 deletions b/‎governance/second-generation/aws/restrict-availability-zones.sentinel
Lines changed: 3 additions & 2 deletions
diff --git a/‎governance/second-generation/aws/restrict-db-instance-engines.sentinel
Lines changed: 3 additions & 2 deletions b/‎governance/second-generation/aws/restrict-db-instance-engines.sentinel
Lines changed: 3 additions & 2 deletions
diff --git a/‎governance/second-generation/aws/restrict-ec2-instance-type.sentinel
Lines changed: 3 additions & 2 deletions b/‎governance/second-generation/aws/restrict-ec2-instance-type.sentinel
Lines changed: 3 additions & 2 deletions
diff --git a/‎governance/second-generation/aws/restrict-ingress-sg-rule-cidr-blocks.sentinel
Lines changed: 3 additions & 2 deletions b/‎governance/second-generation/aws/restrict-ingress-sg-rule-cidr-blocks.sentinel
Lines changed: 3 additions & 2 deletions
diff --git a/‎governance/second-generation/aws/restrict-launch-configuration-instance-type.sentinel
Lines changed: 3 additions & 2 deletions b/‎governance/second-generation/aws/restrict-launch-configuration-instance-type.sentinel
Lines changed: 3 additions & 2 deletions
diff --git a/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-fail-0.11.sentinel
Lines changed: 4 additions & 0 deletions b/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-fail-0.11.sentinel
Lines changed: 4 additions & 0 deletions
diff --git a/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-fail-0.12.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-fail-0.12.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-pass-0.11.sentinel
Lines changed: 4 additions & 0 deletions b/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-pass-0.11.sentinel
Lines changed: 4 additions & 0 deletions
diff --git a/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-pass-0.12.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/enforce-mandatory-tags/mock-tfplan-pass-0.12.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-acl-0.11.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-acl-0.11.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-acl-and-kms-0.11.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-acl-and-kms-0.11.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-acl-and-kms-0.12.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-acl-and-kms-0.12.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-kms-0.11.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-fail-kms-0.11.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-pass-0.11.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-pass-0.11.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-pass-0.12.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/require-private-acl-and-kms-for-s3-buckets/mock-tfplan-pass-0.12.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-fail-0.11.sentinel
Lines changed: 4 additions & 0 deletions b/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-fail-0.11.sentinel
Lines changed: 4 additions & 0 deletions
diff --git a/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-fail-0.12.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-fail-0.12.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-pass-0.11.sentinel
Lines changed: 4 additions & 0 deletions b/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-pass-0.11.sentinel
Lines changed: 4 additions & 0 deletions
diff --git a/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-pass-0.12.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/restrict-availability-zones/mock-tfplan-pass-0.12.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/restrict-db-instance-engines/mock-tfplan-fail-0.11.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/restrict-db-instance-engines/mock-tfplan-fail-0.11.sentinel
Lines changed: 1 addition & 0 deletions
diff --git a/‎governance/second-generation/aws/test/restrict-db-instance-engines/mock-tfplan-fail-0.12.sentinel
Lines changed: 1 addition & 0 deletions b/‎governance/second-generation/aws/test/restrict-db-instance-engines/mock-tfplan-fail-0.12.sentinel
Lines changed: 1 addition & 0 deletions
@@ -55,8 +55,9 @@ validate_attribute_contains_list = func(type, attribute, required_values) {
   for resource_instances as address, r {
 
     # Skip resource instances that are being destroyed
-    # to avoid unnecessary policy violations
-    if length(r.diff) == 0 {
+    # to avoid unnecessary policy violations.
+    # Used to be: if length(r.diff) == 0
+    if r.destroy {
       print("Skipping resource", address, "that is being destroyed.")
       continue
     }
 
@@ -55,6 +55,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -318,6 +319,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -582,6 +584,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -834,4 +837,4 @@ module = func(path) {
 
 data = _modules.root.data
 path = _modules.root.path
-resources = _modules.root.resources
+resources = _modules.root.resources
@@ -20,6 +20,7 @@ _modules = {
 							"name":                        "web_config",
 							"root_block_device":           "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"associate_public_ip_address": {
 								"computed": false,
@@ -97,4 +98,4 @@ module = func(path) {
 
 data = _modules.root.data
 path = _modules.root.path
-resources = _modules.root.resources
+resources = _modules.root.resources
@@ -50,6 +50,7 @@ _modules = {
 							"username":                   "foo",
 							"vpc_security_group_ids":     "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"address": {
 								"computed": true,
@@ -277,4 +278,4 @@ module = func(path) {
 
 data = _modules.root.data
 path = _modules.root.path
-resources = _modules.root.resources
+resources = _modules.root.resources
@@ -61,6 +61,7 @@ _modules = {
 							"website_domain":   "74D93920-ED26-11E3-AC10-0800200C9A66",
 							"website_endpoint": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"acceleration_status": {
 								"computed": true,
@@ -267,4 +268,4 @@ module = func(path) {
 
 data = _modules.root.data
 path = _modules.root.path
-resources = _modules.root.resources
+resources = _modules.root.resources
@@ -21,6 +21,7 @@ _modules = {
 							"to_port":                  "65535",
 							"type":                     "ingress",
 						},
+						"destroy": false,
 						"diff": {
 							"cidr_blocks.#": {
 								"computed": false,
@@ -98,4 +99,4 @@ module = func(path) {
 
 data = _modules.root.data
 path = _modules.root.path
-resources = _modules.root.resources
+resources = _modules.root.resources
@@ -57,8 +57,9 @@ validate_private_acl_and_kms_encryption = func() {
   for resource_instances as address, r {
 
     # Skip resources that are being destroyed
-    # to avoid unnecessary policy violations
-    if length(r.diff) == 0 {
+    # to avoid unnecessary policy violations.
+    # Used to be: if length(r.diff) == 0
+    if r.destroy {
       print("Skipping resource", address, "that is being destroyed.")
       continue
     }
 
@@ -53,8 +53,9 @@ validate_attribute_in_list = func(type, attribute, allowed_values) {
   for resource_instances as address, r {
 
     # Skip resource instances that are being destroyed
-    # to avoid unnecessary policy violations
-    if length(r.diff) == 0 {
+    # to avoid unnecessary policy violations.
+    # Used to be: if length(r.diff) == 0
+    if r.destroy {
       print("Skipping resource", address, "that is being destroyed.")
       continue
     }
 
@@ -52,8 +52,9 @@ validate_attribute_in_list = func(type, attribute, allowed_values) {
   for resource_instances as address, r {
 
     # Skip resource instances that are being destroyed
-    # to avoid unnecessary policy violations
-    if length(r.diff) == 0 {
+    # to avoid unnecessary policy violations.
+    # Used to be: if length(r.diff) == 0
+    if r.destroy {
       print("Skipping resource", address, "that is being destroyed.")
       continue
     }
 
@@ -52,8 +52,9 @@ validate_attribute_in_list = func(type, attribute, allowed_values) {
   for resource_instances as address, r {
 
     # Skip resource instances that are being destroyed
-    # to avoid unnecessary policy violations
-    if length(r.diff) == 0 {
+    # to avoid unnecessary policy violations.
+    # Used to be: if length(r.diff) == 0
+    if r.destroy {
       print("Skipping resource", address, "that is being destroyed.")
       continue
     }
 
@@ -53,8 +53,9 @@ validate_sgr_cidr_blocks = func() {
   for resource_instances as address, r {
 
     # Skip resources that are being destroyed
-    # to avoid unnecessary policy violations
-    if length(r.diff) == 0 {
+    # to avoid unnecessary policy violations.
+    # Used to be: if length(r.diff) == 0
+    if r.destroy {
       print("Skipping resource", address, "that is being destroyed.")
       continue
     }
 
@@ -59,8 +59,9 @@ validate_instance_types = func(allowed_types) {
   for resource_instances as address, r {
 
     # Skip resource instances that are being destroyed
-    # to avoid unnecessary policy violations
-    if length(r.diff) == 0 {
+    # to avoid unnecessary policy violations.
+    # Used to be: if length(r.diff) == 0
+    if r.destroy {
       print("Skipping resource", address, "that is being destroyed.")
       continue
     }
 
@@ -53,6 +53,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -297,6 +298,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -544,6 +546,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -794,6 +797,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -31,6 +31,7 @@ _modules = {
 							"user_data":        null,
 							"user_data_base64": null,
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -54,6 +54,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -304,6 +305,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -556,6 +558,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -806,6 +809,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -32,6 +32,7 @@ _modules = {
 							"user_data":        null,
 							"user_data_base64": null,
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -61,6 +61,7 @@ _modules = {
 							"website_domain":   "74D93920-ED26-11E3-AC10-0800200C9A66",
 							"website_endpoint": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"acceleration_status": {
 								"computed": true,
 
@@ -60,6 +60,7 @@ _modules = {
 							"website_domain":   "74D93920-ED26-11E3-AC10-0800200C9A66",
 							"website_endpoint": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"acceleration_status": {
 								"computed": true,
 
@@ -62,6 +62,7 @@ _modules = {
 							"website_domain":   "74D93920-ED26-11E3-AC10-0800200C9A66",
 							"website_endpoint": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"acceleration_status": {
 								"computed": true,
 
@@ -47,6 +47,7 @@ _modules = {
 							"website_domain":   "74D93920-ED26-11E3-AC10-0800200C9A66",
 							"website_endpoint": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"acceleration_status": {
 								"computed": true,
 
@@ -61,6 +61,7 @@ _modules = {
 							"website_domain":   "74D93920-ED26-11E3-AC10-0800200C9A66",
 							"website_endpoint": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"acceleration_status": {
 								"computed": true,
 
@@ -62,6 +62,7 @@ _modules = {
 							"website_domain":   "74D93920-ED26-11E3-AC10-0800200C9A66",
 							"website_endpoint": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"acceleration_status": {
 								"computed": true,
 
@@ -53,6 +53,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -297,6 +298,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -543,6 +545,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -787,6 +790,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -32,6 +32,7 @@ _modules = {
 							"user_data":        null,
 							"user_data_base64": null,
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -53,6 +53,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -297,6 +298,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -543,6 +545,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
@@ -787,6 +790,7 @@ _modules = {
 							"volume_tags":            {},
 							"vpc_security_group_ids": "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -32,6 +32,7 @@ _modules = {
 							"user_data":        null,
 							"user_data_base64": null,
 						},
+						"destroy": false,
 						"diff": {
 							"ami": {
 								"computed": false,
 
@@ -50,6 +50,7 @@ _modules = {
 							"username":                   "foo",
 							"vpc_security_group_ids":     "74D93920-ED26-11E3-AC10-0800200C9A66",
 						},
+						"destroy": false,
 						"diff": {
 							"address": {
 								"computed": true,
 
@@ -42,6 +42,7 @@ _modules = {
 							"timeouts":                            null,
 							"username":                            "foo",
 						},
+						"destroy": false,
 						"diff": {
 							"address": {
 								"computed": true,