Hiding the stack trace for a failed rule


We are using Sentinel to apply policy as code for Hashicorp Terraform Enterprise (TFE). We’ve written a generic validation framework to assess module calls against a standard set of rules defined in an external JSON file. It works well.
However, when a rule fails, our users get the output from our code showing which rules have passed and which have failed (and why) but also a stack trace showing exactly where our Sentinel code failed. Due to the nature of our code, the stack trace for a single rule failure is over 500 lines long making our output much harder to see and bombarding our users with information that they don’t need or want (or understand).

How do we hide this stack trace from users? Obviously we need it when developing, but running from other systems, it’s not relevant!

Hi @joshua.skirde,

Unfortunately, unfortunately we do not provide a means of disabling the stack trace output. That being said we have made a number of enhancements to the log output in the Sentinel integration which was included in Sentinel 0.17.0. Looking at the screenshot provided, it appears that you may be running an older version of Terraform Enterprise.

Terraform Enterprise v202103-1 included Sentinel 0.17.4, so it might be worth checking the version you have installed and consider upgrading.

@joshua.skirde : another option beyond what @hcrhall suggested is to limit each policy to a single main rule and then call functions outside the rule. That is what the policies in terraform-guides/governance/third-generation at master · hashicorp/terraform-guides · GitHub do.

Roger Berlind

Thanks @rberlind ! Consolidated the rules into a boolean and just called that from main. It has really cleaned up my output!