Terrateam behavior can be configured via a
config.yml. This file is located in
a directory named
.terrateam at the root of your Terraform repository:
See Configuration documentation for details.
When a Plan operation runs, the exit status of
the generated Terraform plan file can be used to determine the
success or failure of the entire operation. This grants users the
ability to enforce custom policies against any Terraform-related
change in a pull request.
In the screenshots below, the
terraform plan step succeeds but
conftest step fails causing the entire Terrateam Plan operation
If a pull request contains a change for the file
in the root of your repository, then
conftest will look for rego policy files
Conftest policies are written using the Rego query language.
main.rego policy denying any resources created using the
conftest will look for policies in the
where Terrateam is operating against.
Example with custom options
conftest configuration options can be passed using
For example, to specify a different policy directory, the
environment variable can be set using a custom Terrateam workflow.
The above configuration would instruct
conftest to look for rego policy files in the
aws/policies/iam directory when creating a Terraform pull request against the
If a user were to initiate a pull request against the
file then the Terrateam Plan operation would execute
conftest using the
file in the
aws/policies/iam directory. The entire Plan operation would fail because
main.rego policy file does not allow the creation of a