37a867c485
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access) - WAF Intelligence MCP server with threat analysis and ML classification - GitOps automation with PR workflows and drift detection - Observatory monitoring stack with Prometheus/Grafana - IDE operator rules for governed development - Security playbooks and compliance frameworks - Autonomous remediation and state reconciliation
102 lines
2.8 KiB
Bash
Executable File
102 lines
2.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# ============================================================================
|
|
# INFRA INVARIANTS CHECKER
|
|
# ============================================================================
|
|
# Enforces infrastructure law for VaultMesh.
|
|
# Run from repo root: bash scripts/infra-invariants.sh
|
|
#
|
|
# Exit codes:
|
|
# 0 = All invariants pass
|
|
# 1 = One or more invariants violated
|
|
#
|
|
# Governed by: RED-BOOK.md
|
|
# ============================================================================
|
|
|
|
set -euo pipefail
|
|
|
|
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
cd "$REPO_ROOT"
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
NC='\033[0m'
|
|
|
|
echo "============================================"
|
|
echo " VaultMesh Infrastructure Invariants Check"
|
|
echo "============================================"
|
|
echo ""
|
|
|
|
FAILED=0
|
|
|
|
# ============================================================================
|
|
# 1. TERRAFORM FORMAT CHECK
|
|
# ============================================================================
|
|
|
|
echo "── 1. Terraform Formatting ──"
|
|
|
|
cd terraform
|
|
if terraform fmt -check -recursive > /dev/null 2>&1; then
|
|
echo -e "${GREEN}✓${NC} 1.1 All .tf files are properly formatted"
|
|
else
|
|
echo -e "${RED}✗${NC} 1.1 Terraform files need formatting"
|
|
echo " Run: cd terraform && terraform fmt -recursive"
|
|
FAILED=1
|
|
fi
|
|
|
|
# ============================================================================
|
|
# 2. TERRAFORM VALIDATE
|
|
# ============================================================================
|
|
|
|
echo ""
|
|
echo "── 2. Terraform Validation ──"
|
|
|
|
terraform init -backend=false > /dev/null 2>&1
|
|
if terraform validate > /dev/null 2>&1; then
|
|
echo -e "${GREEN}✓${NC} 2.1 Terraform configuration is valid"
|
|
else
|
|
echo -e "${RED}✗${NC} 2.1 Terraform validation failed"
|
|
terraform validate
|
|
FAILED=1
|
|
fi
|
|
|
|
cd "$REPO_ROOT"
|
|
|
|
# ============================================================================
|
|
# 3. REQUIRED FILES
|
|
# ============================================================================
|
|
|
|
echo ""
|
|
echo "── 3. Required Terraform Files ──"
|
|
|
|
REQUIRED_TF_FILES=(
|
|
"terraform/main.tf"
|
|
"terraform/variables.tf"
|
|
)
|
|
|
|
for tf in "${REQUIRED_TF_FILES[@]}"; do
|
|
if [[ -f "$tf" ]]; then
|
|
echo -e "${GREEN}✓${NC} 3.1 $tf exists"
|
|
else
|
|
echo -e "${RED}✗${NC} 3.1 Missing required file: $tf"
|
|
FAILED=1
|
|
fi
|
|
done
|
|
|
|
# ============================================================================
|
|
# SUMMARY
|
|
# ============================================================================
|
|
|
|
echo ""
|
|
echo "============================================"
|
|
echo " Summary"
|
|
echo "============================================"
|
|
|
|
if [[ $FAILED -gt 0 ]]; then
|
|
echo -e "${RED}Infra invariants violated. Fix before merging.${NC}"
|
|
exit 1
|
|
else
|
|
echo -e "${GREEN}All infra invariants pass. ✓${NC}"
|
|
exit 0
|
|
fi
|