terraform-config-inspect
A helper library for shallow inspection of Terraform configurations (by hashicorp)
sample-tf-opa-policies | terraform-config-inspect | |
---|---|---|
3 | 4 | |
157 | 359 | |
0.6% | 0.6% | |
0.0 | 3.7 | |
5 months ago | 12 days ago | |
Open Policy Agent | Go | |
MIT License | Mozilla Public License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sample-tf-opa-policies
Posts with mentions or reviews of sample-tf-opa-policies.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-08.
-
Enforce "module-only" policy?
Take a look at this OPA policy. The logic is if resource X is deployed, then module Y must be used to do so, otherwise it will block the creation.
-
How are you using OPA with Terraform?
Also, we have a community repo with a lot of examples: https://github.com/Scalr/sample-tf-opa-policies
-
Cloud Native Applications - Part 2: Security
Terraform OPA policies examples
terraform-config-inspect
Posts with mentions or reviews of terraform-config-inspect.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-08-15.
- HashiCorp: Terraform-config-inspect: A library for inspection of TF configs
-
Enforce "module-only" policy?
CDKTF currently generates .tf.json files which could be amenable to quite simplistic analysis of just whether there's a top-level resource property in the JSON at all. However, I don't think it's part of CDKTF's contract that it will always generate a single .tf.json file forever, so you might prefer to instead use terraform-config-inspect to analyze the generated configuration.
-
HCL Struct Syntax
For situations where you just need the metadata about objects in a module I would suggest using terraform-config-inspect, which is a library maintained by the Terraform team that can read metadata about modules written for Terraform versions going back to Terraform v0.10, encapsulating the specific HCL details.
-
Querying the configuration and some details, or creating a what-if state?
There is this tool terraform-config-inspect – it generally does what I'm thinking of but seems to have one major flaw for my use case: the attributes are ommitted, there is just the high level structure.
What are some alternatives?
When comparing sample-tf-opa-policies and terraform-config-inspect you can also consider the following projects:
sig-security - 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
cuelm - Experiments with CUE on the quest to reimagine devops-ops.
terraform-sentinel-policies - Example Sentinel Policies for use with Terraform Cloud and Terraform Enterprise
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.