My requirement is that the sentinel policy should allow only the following types of persistent volumes in AKS - azure_disk",“azure_file”,“csi”,“flex_volume”.
The policy that I wrote:
import "tfplan-functions" as plan
aksstorage = plan.find_resources("kubernetes_persistent_volume")
allowed_storage = ["azure_disk","azure_file","csi","flex_volume"]
violating_storage = plan.filter_attribute_not_in_list(aksstorage,
"spec.0.persistent_volume_source", allowed_storage, true)
# Main rule
violations = length(violating_storage["messages"])
main = rule {
violations is 0
}
I am getting the below error.
kubernetes_persistent_volume.example has spec.0.persistent_volume_source with value [{azure_disk: , glusterfs: , cinder: , iscsi: , flocker: , local: , nfs: , photon_persistent_disk: , csi: , fc: , ceph_fs: , flex_volume: , vsphere_volume: [{fs_type: null, volume_path: /absolute/path}], host_path: , gce_persistent_disk: , azure_file: , rbd: , quobyte: , aws_elastic_block_store: }] that is not in the allowed list: [azure_disk, azure_file, csi, flex_volume]
I am new to Terraform and unable to find a way to get this requirement fulfilled