Common functions model

As highlighted in https://github.com/hashicorp/sentinel-sdk/issues/14 it’s currently not possible to import common functions across sentinel files which may lead to a lot of code duplication. Is there a current model or best practice? I can see either;

  1. Copy/paste code across sentinel policy files. (and/or manage this with scripts)
  2. Use one (or fewer) sentinel policy files with more conditionals to join rules together.
  3. Write the function as a plugin.

In the case of (3), is it possible to use sentinel plugins on Terraform Cloud?

An example of this is the find_resources_from_plan in https://github.com/hashicorp/terraform-guides/tree/master/governance/second-generation/aws or could such a function become part of the language through an import?

Hi @rsclarke,

Currently, the best thing to do is to copy/paste the code across all policies that use the function as is done in the hashicorp/terraform-guides repository that you mentioned.

However, in the near future, we will be making it possible for Sentinel functions to be used in policies without copying the function code into those policies.

Regarding your last question, it is NOT currently possible to add custom Sentinel imports (plugins) to Terraform Cloud or Terraform Enterprise.

Roger Berlind
Technical Specialist
HashiCorp

Thank you @rberlind, it’s good to know that this is upcoming.

Additionally, your work on the terraform-guides repo and the 8 steps to writing and testing sentinel policies for terraform guide/video has been a great help to getting started. :smile:

Thanks for your kind words, @rsclarke. I’m glad to have helped.

Roger Berlind