This repository was archived by the owner on Oct 21, 2025. It is now read-only.
File tree Expand file tree Collapse file tree 16 files changed +58
-16
lines changed
infra/checkov/require-known-department-label
require-known-department-label Expand file tree Collapse file tree 16 files changed +58
-16
lines changed Original file line number Diff line number Diff line change 1+ resource "aws_s3_bucket" "b" {
2+ bucket = " my-tf-test-bucket"
3+ tags =
4+ mycompany.com.department = " sales"
5+ }
6+ }
7+
8+ resource "aws_ami" "example" {
9+ name = " terraform-example"
10+ virtualization_type = " hvm"
11+ root_device_name = " /dev/xvda"
12+ tags =
13+ mycompany.com.department = " sales"
14+ }
15+ ebs_block_device {
16+ device_name = " /dev/xvda"
17+ snapshot_id = " snap-xxxxxxxx"
18+ volume_size = 8
19+ }
20+ }
Original file line number Diff line number Diff line change @@ -25,4 +25,9 @@ definition:
2525 resource_types : " all"
2626 attribute : ' tags.mycompany.com.department'
2727 operator : " equals"
28- value : servicedesk
28+ value : servicedesk
29+ - cond_type : " attribute"
30+ resource_types : " all"
31+ attribute : ' tags.mycompany.com.department'
32+ operator : " equals"
33+ value : sales
Original file line number Diff line number Diff line change 11apiVersion : kustomize.config.k8s.io/v1beta1
22kind : Kustomization
33
4- nameSuffix : " -2.1.0 "
4+ nameSuffix : " -2.1.1 "
55
66commonLabels :
7- mycompany.com/policy-version : " 2.1.0 "
7+ mycompany.com/policy-version : " 2.1.1 "
88
99resources :
1010 - require-department-label/policy.yaml
Original file line number Diff line number Diff line change @@ -3,7 +3,7 @@ kind: Pod
33metadata :
44 name : require-department-label-fail0
55 labels :
6- mycompany.com/policy-version : " 2.1.0 "
6+ mycompany.com/policy-version : " 2.1.1 "
77spec :
88 containers :
99 - name : nginx
Original file line number Diff line number Diff line change @@ -4,7 +4,7 @@ metadata:
44 name : require-department-label-pass0
55 labels :
66 mycompany.com/department : finance
7- mycompany.com/policy-version : " 2.1.0 "
7+ mycompany.com/policy-version : " 2.1.1 "
88spec :
99 containers :
1010 - name : nginx
Original file line number Diff line number Diff line change 3939 - " *"
4040 selector :
4141 matchLabels :
42- mycompany.com/policy-version : " 2.1.0 "
42+ mycompany.com/policy-version : " 2.1.1 "
4343 validate :
4444 message : " The label `mycompany.com/department` is required."
4545 pattern :
Original file line number Diff line number Diff line change @@ -4,7 +4,7 @@ metadata:
44 name : require-department-label-skip0
55 labels :
66 mycompany.com/require-department-label : exempt
7- mycompany.com/policy-version : " 2.1.0 "
7+ mycompany.com/policy-version : " 2.1.1 "
88spec :
99 containers :
1010 - name : nginx
Original file line number Diff line number Diff line change @@ -4,7 +4,7 @@ metadata:
44 name : require-department-label-skip1
55 namespace : kube-system
66 labels :
7- mycompany.com/policy-version : " 2.1.0 "
7+ mycompany.com/policy-version : " 2.1.1 "
88spec :
99 containers :
1010 - name : nginx
Original file line number Diff line number Diff line change @@ -4,7 +4,7 @@ metadata:
44 name : require-known-department-label-fail0
55 labels :
66 mycompany.com/department : nothr
7- mycompany.com/policy-version : " 2.1.0 "
7+ mycompany.com/policy-version : " 2.1.1 "
88spec :
99 containers :
1010 - name : nginx
Original file line number Diff line number Diff line change @@ -4,7 +4,7 @@ metadata:
44 name : require-known-department-label-pass0
55 labels :
66 mycompany.com/department : hr
7- mycompany.com/policy-version : " 2.1.0 "
7+ mycompany.com/policy-version : " 2.1.1 "
88spec :
99 containers :
1010 - name : nginx
You can’t perform that action at this time.
0 commit comments