As highlighted in https://github.com/hashicorp/sentinel-sdk/issues/14 it’s currently not possible to import common functions across sentinel files which may lead to a lot of code duplication. Is there a current model or best practice? I can see either;
- Copy/paste code across sentinel policy files. (and/or manage this with scripts)
- Use one (or fewer) sentinel policy files with more conditionals to join rules together.
- Write the function as a plugin.
In the case of (3), is it possible to use sentinel plugins on Terraform Cloud?
An example of this is the
find_resources_from_plan in https://github.com/hashicorp/terraform-guides/tree/master/governance/second-generation/aws or could such a function become part of the language through an import?