Test Custom Opal Policies

To test custom Opal policies, you must add test input to a main.tf file in a specific directory. For more help, view the Opal tutorial.

Add Test Input

To add test input, go to <path to your policies dir>/sample_custom_policy/terraform/tests and create a directory for passing tests:

mkdir pass
cd pass
vi main.tf

In your main.tf file, specify the following:

resource "<resource_type>" "test" {
  bucket = "<bucket_name>"
  logging {
    target_bucket = "<passing_target_bucket_name>"
  }
}

Failing Test Input

You can also add a failing test input. Go to <path to your policies dir>/sample_custom_policy/terraform/tests and create a directory for failing tests:

cd ../
mkdir fail
cd fail
vi main.tf

note

You do not need to have both a passing and a failing test input.

Copy the following into your main.tf file:

resource "<resource_type>" "test" {
  bucket = "<bucket_name>"
  logging {
    target_bucket = "<failing_target_bucket_name>"
  }
}

Test the Custom Policy

To test the custom policy, run the following in the Lacework CLI: lacework iac policy test -d <path to sample_custom_policy>

Add Test Input​

Failing Test Input​

Test the Custom Policy​

Add Test Input

Failing Test Input

Test the Custom Policy