SCALRCORE-31241: Fix CI

.github/workflows/opa.yml

@@ -4,36 +4,25 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@v2.0.0
-    - name: OPA Test
-      uses: petroprotsakh/opa-test-action@v2.1
+    - name: Check out repository code
+      uses: actions/checkout@v3
+
+    - name: Setup OPA
+      uses: open-policy-agent/setup-opa@v2
       with:
-        options: -v
-        tests: |
-          cost
-          external_data
-          aws/enforce_aws_resource.rego;aws/enforce_aws_resource_test.rego;aws/enforce_aws_resource_mock.json
-          aws/enforce_aws_iam_and_workspace.rego;aws/enforce_aws_iam_and_workspace_test.rego;aws/enforce_aws_iam_and_workspace_mock.json
-          aws/enforce_s3_buckets_encryption.rego;aws/enforce_s3_buckets_encryption_test.rego;aws/enforce_s3_buckets_encryption_mock.json
-          aws/enforce_kms_key_names.rego;aws/enforce_kms_key_names.test.rego;aws/enforce_kms_key_names.mock.json
-          aws/enforce_iam_instance_profiles.rego;aws/enforce_iam_instance_profiles.test.rego;aws/enforce_iam_instance_profiles.mock.json
-          aws/enforce_ebs_del_on_term.rego;aws/enforce_ebs_del_on_term.test.rego;aws/enforce_ebs_del_on_term.mock.json
-          aws/enforce_instance_subnet.rego;aws/enforce_instance_subnet.test.rego;aws/enforce_instance_subnet.mock.json
-          aws/enforce_lb_subnets.rego;aws/enforce_lb_subnets.test.rego;aws/enforce_lb_subnets.mock.json
-          aws/enforce_rds_subnets.rego;aws/enforce_rds_subnets.test.rego;aws/enforce_rds_subnets.mock.json
-          management/denied_provisioners.rego;management/denied_provisioners_test.rego;management/denied_provisioners_mock.json
-          management/enforce_ami_owners.rego;management/enforce_ami_owners_test.rego;management/enforce_ami_owners_mock.json
-          management/instance_types.rego;management/instance_types_test.rego;management/instance_types_mock.json
-          management/resource_tags.rego;management/resource_tags_test.rego;management/resource_tags_mock.json
-          management/whitelist_ami.rego;management/whitelist_ami_test.rego;management/whitelist_ami_mock.json
-          management/workspace_name.rego;management/workspace_name_test.rego;management/workspace_name_mock.json
-          management/workspace_destroy.rego;management/workspace_destroy_test.rego;management/workspace_destroy_mock.json
-          management/pull_requests.rego;management/pull_requests_test.rego;management/pull_requests_mock.json
-          management/workspace_tags.rego;management/workspace_tags_test.rego;management/workspace_tags_mock.json
-          management/workspace_environment_type.rego;management/workspace_environment_type_еуіе.rego;management/workspace_environment_type_mock.json
-          modules/pin_module_version.rego;modules/pin_module_version_test.rego;modules/pin_module_version_mock.json;
-          modules/required_modules.rego;modules/required_modules_test.rego;modules/required_modules_mock.json;
-          placement
-          providers
-          user
+        version: latest
+
+    - name: Run OPA Tests
+      run: |
+        dirs=$(find . -type f -name '*.rego' -exec dirname {} \; | sort -u)
+        echo "Directories to be tested:"
+        for dir in $dirs; do 
+            echo "$dir"
+        done
+        for dir in $dirs; do 
+            echo "Running tests in $dir"
+            if ! opa test $dir/ -v --format pretty; then
+                echo "Tests failed in $dir"
+                exit 1
+            fi
+        done

aws/enforce_aws_iam_and_workspace/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_aws_iam_and_workspace" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_cidr/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_cidr" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_ebs_del_on_term/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_ebs_del_on_term" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_iam_instance_profiles/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_iam_instance_profiles" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_instance_subnet/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_instance_subnet" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_kms_key_names/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_kms_key_names" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_lb_subnets/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_lb_subnets" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_rds_subnets/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_rds_subnets" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_s3_buckets_encryption/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_s3_buckets_encryption" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_s3_private/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_s3_private" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

aws/enforce_sec_group/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_sec_group" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

gcp/enforce_gcs_private/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_gcs_private" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/denied_provisioners/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "denied_provisioners" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/enforce_ami_owners/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_ami_owners" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/enforce_var_desc/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "enforce_var_desc" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/instance_types/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "instance_types" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/pull_requests/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "pull_requests" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/resource_tags_mock/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "resource_tags_mock" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/whitelist_ami_mock/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "whitelist_ami_mock" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/workspace_destroy/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "workspace_destroy" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/workspace_environment_type/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "workspace_environment_type" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

management/workspace_name/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "workspace_name" {
+  enabled           = true
+  enforcement_level = "soft-mandatory"
+}

management/workspace_tags/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "workspace_tags" {
+  enabled           = true
+  enforcement_level = "soft-mandatory"
+}

modules/required_modules/scalr-policy.hcl

@@ -0,0 +1,6 @@
+version = "v1"
+
+policy "required_modules" {
+  enabled           = true
+  enforcement_level = "hard-mandatory"
+}

user/scalr-policy.hcl → user/check_user/scalr-policy.hcl

@@ -1,6 +1,6 @@
 version = "v1"
 
-policy "user" {
+policy "check_user" {
   enabled           = true
   enforcement_level = "hard-mandatory"
 }