Added samples for compliance testing with terraform-compliance

samples/compliance-testing/src/features/tagging.feature

@@ -0,0 +1,19 @@
+Feature: Test tagging compliance
+
+Scenario: Ensure all resources have tags
+    Given I have resource that supports tags defined
+    Then it must contain tags
+    And its value must not be null
+
+Scenario Outline: Ensure that specific tags are defined
+    Given I have resource that supports tags defined
+    When it has tags
+    Then it must contain <tags>
+    And its value must match the "<value>" regex
+
+    Examples:
+      | tags        | value              |
+      | Creator     | .+                 |
+      | Application | .+                 |
+      | Role        | .+                 |
+      | Environment | ^(prod\|uat\|dev)$ |

samples/compliance-testing/src/main.tf

@@ -0,0 +1,11 @@
+resource "random_uuid" "uuid" {}
+
+resource "azurerm_resource_group" "rg" {
+  name     = "rg-hello-tf-${random_uuid.uuid.result}"
+  location = var.location
+
+  tags = {
+    Environment = "dev"
+    Application = "Azure Compliance"
+  } 
+}

samples/compliance-testing/src/output.tf

@@ -0,0 +1,3 @@
+output "resource_group_name" {
+    value = "${azurerm_resource_group.rg.name}"
+}

samples/compliance-testing/src/provider.tf

@@ -0,0 +1,3 @@
+provider "azurerm" {
+  features {}
+}

samples/compliance-testing/src/tf_compliance.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+#title           :tf_compliance.sh
+#description     :Runs terraform-compliance a lightweight, security and compliance focused test framework against terraform to enable negative
+#                 testing capability for your infrastructure-as-code.
+#author		       :andreas.heuamier@microsoft.com
+#date            :20200602
+#version         :0.1
+#usage		       :./tf_compliance.sh {WORK_DIR}
+#bash_version    :5.0.16(1)-release
+#
+set -euo pipfail
+
+run_terraform_plan(){
+  local test_dir=$1
+  terraform validate && terraform plan -out "${$test_dir}/tf.out"
+}
+
+run_tf_compliance() {
+  local test_dir=$1
+  local features_dir=$1
+  [ -f "${test_dir}/tf.out" ] || run_terraform_plan "${test_dir}"
+  docker run --rm -v "${test_dir}":/target -it eerkunt/terraform-compliance -f "${features_dir}" -p tf.out
+}
+
+#######################################
+# find_folders_by() file pattern
+# Globals:
+#   WORK_DIR -path
+# Arguments:
+#   pattern - regex
+# Outputs:
+#   Writes folders list to stdout
+#######################################
+find_folders_by() {
+  local pattern=${1:-"main.tf"}
+  find "${WORK_DIR}" -type f -name "${pattern}" -printf '%h\n' | sort -u
+}
+
+#######################################
+# Runs the trerraform compliance tool on all subdirectories
+#######################################
+run_main() {
+  for feature in $(find_folders_by "*.feature"); do
+    for folder in $(find_folders_by "main.tf"); do
+      run_tf_compliance "${folder}" "${feature}" &
+    done
+    wait
+  done
+}
+
+#######################################
+#  Be able to run this one either as standalone or import as lib
+#######################################
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  run_main
+fi

samples/compliance-testing/src/variables.tf

@@ -0,0 +1,5 @@
+variable location {
+  type        = string
+  default     = "westeurope"
+  description = "The Azure location where the resources will be created"
+}