I have written the following code and it gives me an error saying to call non-function
import “tfplan/v2” as tfplan
Filter rds databases, instances and clusters
rds_instances = filter tfplan.resource_changes as _, rc {
(rc.type is "aws_db_instance" or rc.type is "aws_rds_cluster" or rc.type is "aws_rds_cluster_instance") and (rc.change.actions contains "create" or rc.change.actions is ["update"])
}
isValid = func(){
validated = true
for rds_instances as r, rc {
auto_minor_access = rc.change.after.auto_minor_version_upgrade else "default-error"
if(auto_minor_access != "default-error"){
if(auto_minor_access is not true) {
print("[OUTPUT] Resource " + tfplan.to_string(r) + " has attribute: 'auto minor version upgrade' with invalid value: "+ "'" + tfplan.to_string(auto_minor_access) + "', should be 'true'")
validated = false
}
}
}
return validated
}
main = rule {
isValid()
}
Hi @swetharamk ,
It’s unclear whether or not you actually included the following required line in your policy or whether it was part of the error message:
import "tfplan/v2" as tfplan
Please be sure to include it near the top of your policy before other code.
Also, I believe there should be a space betweenfunc()
and {
so that that line reads:
isValid = func() {
However, I think the real problem is that there is no function to_string()
in the tfplan/v2
import. If you have used the third-generation example policies and their common functions from terraform-guides/governance/third-generation at master · hashicorp/terraform-guides · GitHub, then you might be trying to use the to_string() function from my tfplan-functions Sentinel module, but that function does not exist in the tfplan/v2 import itself.
However, you don’t really need it. You are using the address of the resource changes as your first iterator variable in your for
loop, so r
will just be a string giving the full address of the resource with the resource change. And auto_minor_access
will also be a string.
I hope that helps.
Roger Berlind
Global Technology Specialist
HashiCorp