Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

The little warrior that shouts when your infrastructure goes off track. But instead of just yelling "Access Denied!", she explains what went wrong - and even helps fix it.

Notifications You must be signed in to change notification settings

Senora-dev/LaGuardia

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

8 Commits

Repository files navigation

LaGuardia - Lightweight Policy‐as‐Code

Guardrails for Terraform/OpenTofu plan JSON with simple YAML rules and Auto‐Fix.

LaguradiaLogo

Install

pip install ./laguardia

Dev (editable) install for local changes:

python3 -m venv .venv && source .venv/bin/activate
python -m pip install -U pip
pip install -e .

Usage

terraform init
terraform plan -out plan.out
terraform show -json plan.out > plan.json
laguardia scan --plan plan.json --rules examples/rules.yaml --out report.html --autofix fixes.json
# Exit code 1 if any 'error' findings

Alternative (one-liner) to produce plan.json:

terraform plan -out=plan.out && terraform show -json plan.out > plan.json && rm -f plan.out

Output semantics:

  • Findings print as [ERROR|WARNING] <rule> <type>.<name>: <message>
  • Final line prints Run status: OK or Run status: FAIL
  • Control failing behavior via --fail-on [error|warning|none] (default: error)

Rules (YAML)

See examples/rules.yaml. Supported kinds:

  • require_tags: ensure tags/labels exist.
  • field_equals: nested field equals a value.
  • forbid_cidr: remove forbidden CIDR from list.

Docker

docker build -t laguardia .
docker run --rm -v $(pwd):/data laguardia scan --plan /data/plan.json --rules /data/examples/rules.yaml --out /data/report.html --autofix /data/fixes.json

Tests

pip install .
pip install pytest
pytest -q

🤝 Contributing

Maintained by Senora.dev - community contributions are welcome!

About

The little warrior that shouts when your infrastructure goes off track. But instead of just yelling "Access Denied!", she explains what went wrong - and even helps fix it.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

AltStyle によって変換されたページ (->オリジナル) /