6.2.2 Testing OPA
Let's try out OPA by getting some hands-on experience.
๐ ๏ธ Preparing Codeโ
Let's prepare the code in order to to setup the environment for OPA
cd ~/playground/
cp -r ~/s4cpcode/chapter6/6B/. ~/playground/
cd test
export AWS_PROFILE=admin
For this session its best to have the CLI in a bigger screen so feel free to expand it as per your convenience.
๐ Terraform JSON Outputโ
The code above has setup a simple terraform file which can provision a simple EC2 instance. We are however not interested in provisioning the EC2 but exporting the plan for the EC2 in JSON format and that's exactly what we are going to achieve through the commands below
export AWS_PROFILE=admin
terraform init && terraform plan --out tfplan.bin && terraform show \
-json tfplan.bin > input.json
cat input.json
input.jsonis the Terraform Plan in JSON format
๐๏ธ Terraform Plan Through OPAโ
Let's now view the Terraform Plan through OPA using the commands below
opa run input.json
data
data[key]
data.configuration
data.resource_changes
data.resource_changes[_].change
data.resource_changes[_].change.after[_]
exit
๐๏ธ Terraform Plan Through JQโ
jq is a command-line tool for processing and manipulating JSON data. It enables selective extraction, filtering, modification, and transformation of JSON data. jq is widely used for parsing and working with JSON in Unix-like operating systems, making it a valuable tool for data manipulation and transformation.
Since we are dealing with JSON let's view the terraform plan using jq as well.
jq '.resource_changes[].change.after' input.json
