GithubHelp home page GithubHelp logo

harsha7276 / terraform-validator Goto Github PK

View Code? Open in Web Editor NEW

This project forked from googlecloudplatform/terraform-validator

0.0 0.0 0.0 13.82 MB

Terraform Validator can run pre-deployment checks on Terraform plans for policy compliance.

Home Page: https://github.com/forseti-security/policy-library

License: Apache License 2.0

Makefile 1.05% Go 95.32% HCL 3.26% Dockerfile 0.37%

terraform-validator's Introduction

Terraform Validator

This tool is used to validate terraform plans before they are applied. Validations are based on policies from the Config Validator Policy Library.

Note: Using Terraform Validator does not require an active installation of Forseti. Terraform Validator is a self-contained binary.

Note: this tool supports Terraform v0.12+.

Getting Started

To get started with Terraform Validator, please follow the user guide.

Example Usage

See the Auth section first.

Terraform 0.12+ Usage

# The example/ directory contains a basic Terraform config for testing the validator.
cd example/

# Set default credentials.
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/your/credentials.json

# Set a project and org to test with
export TF_VAR_project_id=my-project-id
export TF_VAR_org_id=93392932

# Set the local forseti-config-policies repository path.
export POLICY_PATH=/path/to/your/forseti-config-policies/repo

# Generate a terraform plan.
terraform plan --out=terraform.tfplan

# Plan JSON representation.
terraform show -json ./terraform.tfplan > ./terraform.tfplan.json

# Validate the google resources the plan would create.
terraform-validator validate --policy-path=${POLICY_PATH} ./terraform.tfplan.json

# Apply the validated plan.
terraform apply ./terraform.tfplan

Resources

The follow Terraform resources are supported for running validation checks:

google_bigquery_dataset
google_compute_disk
google_compute_firewall
google_compute_instance
google_container_cluster
google_container_node_pool
google_folder_iam_binding
google_folder_iam_member
google_folder_iam_policy
google_organization_iam_binding
google_organization_iam_member
google_organization_iam_policy
google_project
google_project_iam_binding
google_project_iam_member
google_project_iam_policy
google_project_organization_policy
google_project_service
google_spanner_instance
google_sql_database_instance
google_storage_bucket
google_storage_bucket_iam_binding
google_storage_bucket_iam_member
google_storage_bucket_iam_policy

Testing

Unit

make test

Integration

First, build the Docker container:

make build-docker

See the Auth section for obtaining a credentials file, then start the Docker container:

export PROJECT_ID=my-project-id
export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/credentials.json
make run-docker

Finally, run the integration tests inside the container:

make test-integration

Auth

The terraform and the terraform-validator commands need to be able to authenticate to Google Cloud APIs. This can be done by generating a credentials.json file:

https://cloud.google.com/docs/authentication/production

Once you have a credentials file on your local machine, set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the credentials file.

Disclaimer

This is not an officially supported Google product.

terraform-validator's People

Contributors

bharathkkb avatar cledoux avatar daniel-cit avatar kopachevsky avatar melinath avatar mmontan avatar morgante avatar nstogner avatar onetwopunch avatar rdayama-eng avatar t12g avatar xingao267 avatar yukinying avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.