We are using Sentinel to apply policy as code for Hashicorp Terraform Enterprise (TFE). We’ve written a generic validation framework to assess module calls against a standard set of rules defined in an external JSON file. It works well.
However, when a rule fails, our users get the output from our code showing which rules have passed and which have failed (and why) but also a stack trace showing exactly where our Sentinel code failed. Due to the nature of our code, the stack trace for a single rule failure is over 500 lines long making our output much harder to see and bombarding our users with information that they don’t need or want (or understand).
How do we hide this stack trace from users? Obviously we need it when developing, but running from other systems, it’s not relevant!