├── .github └── main.workflow ├── .gitignore ├── LICENSE ├── README.md ├── aws-block-allow-all-cidr.sentinel ├── aws-restrict-instance-type-default.sentinel ├── aws-restrict-instance-type-dev.sentinel ├── aws-restrict-instance-type-prod.sentinel ├── azurerm-block-allow-all-cidr.sentinel ├── azurerm-restrict-vm-size.sentinel ├── gcp-block-allow-all-cidr.sentinel ├── gcp-restrict-machine-type.sentinel ├── main.tf ├── passthrough.sentinel ├── require-modules-from-pmr.sentinel ├── test ├── aws-block-allow-all-cidr │ ├── empty.json │ ├── fail.json │ └── pass.json ├── aws-restrict-instance-type-default │ ├── dev-not-prod.json │ ├── fail.json │ ├── pass.json │ └── prod-not-dev.json ├── aws-restrict-instance-type-dev │ ├── fail.json │ ├── pass.json │ └── prod-not-dev.json ├── aws-restrict-instance-type-prod │ ├── dev-not-prod.json │ ├── fail.json │ └── pass.json ├── azurerm-block-allow-all-cidr │ ├── fail.json │ └── pass.json ├── azurerm-restrict-vm-size │ ├── fail.json │ └── pass.json ├── gcp-block-allow-all-cidr │ ├── fail.json │ └── pass.json ├── gcp-restrict-machine-type │ ├── fail.json │ └── pass.json ├── passthrough │ └── pass.json ├── require-modules-from-pmr │ ├── fail.json │ ├── pass.json │ ├── tfconfig-fail.sentinel │ └── tfconfig-pass.sentinel └── tfe_policies_only │ ├── fail.json │ └── pass.json └── tfe_policies_only.sentinel /.github/main.workflow: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/.github/main.workflow -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/README.md -------------------------------------------------------------------------------- /aws-block-allow-all-cidr.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/aws-block-allow-all-cidr.sentinel -------------------------------------------------------------------------------- /aws-restrict-instance-type-default.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/aws-restrict-instance-type-default.sentinel -------------------------------------------------------------------------------- /aws-restrict-instance-type-dev.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/aws-restrict-instance-type-dev.sentinel -------------------------------------------------------------------------------- /aws-restrict-instance-type-prod.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/aws-restrict-instance-type-prod.sentinel -------------------------------------------------------------------------------- /azurerm-block-allow-all-cidr.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/azurerm-block-allow-all-cidr.sentinel -------------------------------------------------------------------------------- /azurerm-restrict-vm-size.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/azurerm-restrict-vm-size.sentinel -------------------------------------------------------------------------------- /gcp-block-allow-all-cidr.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/gcp-block-allow-all-cidr.sentinel -------------------------------------------------------------------------------- /gcp-restrict-machine-type.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/gcp-restrict-machine-type.sentinel -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/main.tf -------------------------------------------------------------------------------- /passthrough.sentinel: -------------------------------------------------------------------------------- 1 | main = rule { 2 | true 3 | } -------------------------------------------------------------------------------- /require-modules-from-pmr.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/require-modules-from-pmr.sentinel -------------------------------------------------------------------------------- /test/aws-block-allow-all-cidr/empty.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-block-allow-all-cidr/empty.json -------------------------------------------------------------------------------- /test/aws-block-allow-all-cidr/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-block-allow-all-cidr/fail.json -------------------------------------------------------------------------------- /test/aws-block-allow-all-cidr/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-block-allow-all-cidr/pass.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-default/dev-not-prod.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-default/dev-not-prod.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-default/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-default/fail.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-default/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-default/pass.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-default/prod-not-dev.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-default/prod-not-dev.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-dev/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-dev/fail.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-dev/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-dev/pass.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-dev/prod-not-dev.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-dev/prod-not-dev.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-prod/dev-not-prod.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-prod/dev-not-prod.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-prod/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-prod/fail.json -------------------------------------------------------------------------------- /test/aws-restrict-instance-type-prod/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/aws-restrict-instance-type-prod/pass.json -------------------------------------------------------------------------------- /test/azurerm-block-allow-all-cidr/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/azurerm-block-allow-all-cidr/fail.json -------------------------------------------------------------------------------- /test/azurerm-block-allow-all-cidr/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/azurerm-block-allow-all-cidr/pass.json -------------------------------------------------------------------------------- /test/azurerm-restrict-vm-size/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/azurerm-restrict-vm-size/fail.json -------------------------------------------------------------------------------- /test/azurerm-restrict-vm-size/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/azurerm-restrict-vm-size/pass.json -------------------------------------------------------------------------------- /test/gcp-block-allow-all-cidr/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/gcp-block-allow-all-cidr/fail.json -------------------------------------------------------------------------------- /test/gcp-block-allow-all-cidr/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/gcp-block-allow-all-cidr/pass.json -------------------------------------------------------------------------------- /test/gcp-restrict-machine-type/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/gcp-restrict-machine-type/fail.json -------------------------------------------------------------------------------- /test/gcp-restrict-machine-type/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/gcp-restrict-machine-type/pass.json -------------------------------------------------------------------------------- /test/passthrough/pass.json: -------------------------------------------------------------------------------- 1 | { 2 | "global": { 3 | } 4 | } -------------------------------------------------------------------------------- /test/require-modules-from-pmr/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/require-modules-from-pmr/fail.json -------------------------------------------------------------------------------- /test/require-modules-from-pmr/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/require-modules-from-pmr/pass.json -------------------------------------------------------------------------------- /test/require-modules-from-pmr/tfconfig-fail.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/require-modules-from-pmr/tfconfig-fail.sentinel -------------------------------------------------------------------------------- /test/require-modules-from-pmr/tfconfig-pass.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/require-modules-from-pmr/tfconfig-pass.sentinel -------------------------------------------------------------------------------- /test/tfe_policies_only/fail.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/tfe_policies_only/fail.json -------------------------------------------------------------------------------- /test/tfe_policies_only/pass.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/test/tfe_policies_only/pass.json -------------------------------------------------------------------------------- /tfe_policies_only.sentinel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hashicorp/tfe-policies-example/HEAD/tfe_policies_only.sentinel --------------------------------------------------------------------------------