[AWS policies] enforce mandatory tags policy does not handle tags_all attribute

Hi, 

In the enforce-mandatory-tags policy, the function used to check if mandatory tags are present uses this function : 
( cf https://github.com/hashicorp/terraform-sentinel-policies/blob/20ab1807b436b6fd939eec1ed94d38e4acbecb4f/aws/enforce-mandatory-tags.sentinel#LL31C1-L31C81 )

        plan.filter_attribute_not_contains_list(allAWSResourcesWithStandardTags,
                        "tags", mandatory_tags, true)


...but we should check if a mandatory tag is NEITHER in "tags" OR "tags_all". I'm not sure which way is the best to achieve this : should we : 
- add an other function "filter_attribute_not_contains_list_2attrs"  that will look up attributes in tags or tags_all

or compare the result of : 

    filter_attribute_not_contains_list(allAWSResourcesWithStandardTags, "tags", mandatory_tags, true)
and

    filter_attribute_not_contains_list(allAWSResourcesWithStandardTags, "tags_all", mandatory_tags, true)

to be sure that the mandatory tags are missing in both attributes ?


or maybe an other solution ?

regards,

Lazare Olivry


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[AWS policies] enforce mandatory tags policy does not handle tags_all attribute #28

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[AWS policies] enforce mandatory tags policy does not handle tags_all attribute #28

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions