Generate JSON Schemas for Terraform plan and state files

[antonbabenko]

My use case

It would be helpful to have JSON Schemas that can be provided to OPA before running my Rego policies to filter out cases if/when input data is malformed.

More information

https://www.openpolicyagent.org/docs/latest/policy-language/#schema
https://blog.openpolicyagent.org/type-checking-your-rego-policies-with-json-schema-in-opa-5f7ac4c8a958
https://blog.openpolicyagent.org/enhanced-type-checking-for-opa-with-json-schema-annotations-826acb0f575

[radeksimko]

Hey Anton,
Personally, I'm not opposed to the idea of publishing a JSON schema but I'd leave two potentially relevant notes:

1. It is already possible to do some validation in any Go program using this library + stdlib - encoding/json with the appropriate setting, such as Decoder.DisallowUnknownFields. I'm not implying it necessarily solves that exact use case with OPA but it's worth mentioning IMHO.
2. Related to ^ the source of truth for plan and state files is Terraform [core]. This library only "reflects" that output and is kept up to date to ease parsing of those outputs in Go. JSON schema looks to me more like a language-agnostic problem. With that in mind, it may be useful to raise this within the Terraform [core] issue tracker.
   • It is entirely possible that this repository may after all be the right place to host the schemas (in the absence of a better place), but it would be much easier to maintain if this is just a copy of some CLI output and the source of truth remain in Core, similar to what we did with function signatures recently. In the absence of that I'm not entirely positive that the internal teams have capacity to "hand-maintain" a standalone file with JSON schemas at this point.