diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md index 8b9539670..bc105515b 100644 --- a/0-bootstrap/README.md +++ b/0-bootstrap/README.md @@ -169,7 +169,7 @@ Using GitHub Actions requires manual creation of the GitHub repositories used in gcloud beta terraform vet bootstrap.json --policy-library="../policy-library" --project ${VET_PROJECT_ID} ``` - *`A-VALID-PROJECT-ID`* must be an existing project you have access to. This is necessary because Terraform-validator needs to link resources to a valid Google Cloud Platform project. + *`A-VALID-PROJECT-ID`* must be an existing project you have access to. This is necessary because `gcloud beta terraform vet` needs to link resources to a valid Google Cloud Platform project. 1. Run `terraform apply`. diff --git a/README.md b/README.md index c1daffa48..53841fcd7 100644 --- a/README.md +++ b/README.md @@ -300,7 +300,7 @@ Development happens on feature and bug fix branches (which can be named `feature After validated in `development`, changes can be promoted to `non-production` by opening a PR or MR targeting the `non-production` branch and merging them. Similarly, changes can be promoted from `non-production` to `production`. -### Terraform-validator +### Policy validation This repo uses the [terraform-tools](https://cloud.google.com/docs/terraform/policy-validation/validate-policies) component of the `gcloud` CLI to validate the Terraform plans against a [library of Google Cloud policies](https://github.com/GoogleCloudPlatform/policy-library). diff --git a/build/cloudbuild-tf-apply.yaml b/build/cloudbuild-tf-apply.yaml index 6b071e32d..015348d76 100644 --- a/build/cloudbuild-tf-apply.yaml +++ b/build/cloudbuild-tf-apply.yaml @@ -14,7 +14,7 @@ timeout: 3600s substitutions: - _POLICY_REPO: '/workspace/policy-library' # add path to policies as per https://github.com/GoogleCloudPlatform/terraform-validator/blob/main/docs/policy_library.md + _POLICY_REPO: '/workspace/policy-library' # add path to policies as per https://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/user_guide.md#how-to-set-up-constraints-with-policy-library _DOCKER_TAG_VERSION_TERRAFORM: 'latest' steps: - id: 'setup' diff --git a/build/cloudbuild-tf-plan.yaml b/build/cloudbuild-tf-plan.yaml index 6d5e4c4ca..f6f8ac3eb 100644 --- a/build/cloudbuild-tf-plan.yaml +++ b/build/cloudbuild-tf-plan.yaml @@ -14,7 +14,7 @@ timeout: 1200s substitutions: - _POLICY_REPO: '/workspace/policy-library' # add path to policies as per https://github.com/GoogleCloudPlatform/terraform-validator/blob/main/docs/policy_library.md + _POLICY_REPO: '/workspace/policy-library' # add path to policies as per https://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/user_guide.md#how-to-set-up-constraints-with-policy-library _DOCKER_TAG_VERSION_TERRAFORM: 'latest' steps: - id: 'setup' diff --git a/build/tf-wrapper.sh b/build/tf-wrapper.sh index 905714b66..1b39b6e8d 100755 --- a/build/tf-wrapper.sh +++ b/build/tf-wrapper.sh @@ -243,7 +243,7 @@ tf_validate() { echo "*****************************************************" if [ -z "$policy_file_path" ]; then echo "no policy repo found! Check the argument provided for policy_source to this script." - echo "https://github.com/GoogleCloudPlatform/terraform-validator/blob/main/docs/policy_library.md" + echo "https://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/user_guide.md#how-to-set-up-constraints-with-policy-library" else if [ -d "$path" ]; then cd "$path" || exit diff --git a/policy-library/policies/templates/gcp_enforce_labels_v1.yaml b/policy-library/policies/templates/gcp_enforce_labels_v1.yaml index 274dfc647..b6cdf2760 100644 --- a/policy-library/policies/templates/gcp_enforce_labels_v1.yaml +++ b/policy-library/policies/templates/gcp_enforce_labels_v1.yaml @@ -163,7 +163,7 @@ spec: } # get_labels for Spanner Instances. API format. - # This method matches data generated by Terraform Validator and other + # This method matches data generated by other # tools that use the API format to represent resources. get_labels(asset, non_standard_types) = resource_labels { asset.asset_type == "spanner.googleapis.com/Instance" diff --git a/policy-library/policies/templates/gcp_gke_enable_workload_identity_v1.yaml b/policy-library/policies/templates/gcp_gke_enable_workload_identity_v1.yaml index 2842396bd..93455bc68 100644 --- a/policy-library/policies/templates/gcp_gke_enable_workload_identity_v1.yaml +++ b/policy-library/policies/templates/gcp_gke_enable_workload_identity_v1.yaml @@ -79,7 +79,7 @@ spec: # The Beta version of the API uses the identityNamespace field instead # It won't appear in Cloud Asset Inventory data, but it will appear - # in conversions from Terraform Validator (using the Beta provider). + # in conversions using the Beta provider. workload_identity_field_exists(workload_identity_config) { lib.has_field(workload_identity_config, "identityNamespace") }