Hi @cpaggen ,
Thanks for posting your questions here.
The common functions in terraform-guides/governance/third-generation/common-functions at master · hashicorp/terraform-guides · GitHub (that I wrote) are Sentinel Modules written in the Sentinel language. The actual modules are the files like tfplan-functions.sentinel and tfconfig-functions.sentinel, each of which contains multiple functions. Note that the directories containing those file contain extensive documentation pages for each function under the
How you reference the functions in these Sentinel modules will depend on where you use them from. You could use them from the terraform-guides repository itself, or from a fork of that repository, or copy the modules into a repository containing your own policies.
If you call the functions from a policy that is in a different repository than the one containing the module, then you must use a raw URL. For example to call any functions from the tfconfig-functions.sentinel module in the terraform-guides repository itself, you would use https://raw.githubusercontent.com/hashicorp/terraform-guides/master/governance/third-generation/common-functions/tfconfig-functions/tfconfig-functions.sentinel rather than terraform-guides/tfconfig-functions.sentinel at master · hashicorp/terraform-guides · GitHub.
But if you copied the entire tfconfig-functions.sentinel module into a repository containing your own Sentinel policies, you would use local references that could include
. for the current directory and
.. to go up one directory from where your Sentinel CLI test case file or policy set configuration file lives. There are examples of local references to the modules in many test case files and in several entinel.hcl policy set definition files in the terraform-guides repository.
After declaring a Sentinel module in a Sentinel CLI test case file or in a policy set definition file, you can then import it into your policy with a line like
import "tfplan-functions" as plan which gives the module the alias
plan which should then be used before calls to the functions. Again, see the many examples in the terraform-guides repository.
For documentation on the above, see Managing Sentinel Policies - Sentinel - Terraform Cloud and Terraform Enterprise - Terraform by HashiCorp and Remote Sources | Sentinel by HashiCorp.
For your second question, while the tfplan/v2, tfstate/v2, tfconfig/v2, and trfun imports are “standard Terraform Cloud/Enterprise Sentinel imports”, they are not listed under Sentinel Language - Standard Imports | Sentinel by HashiCorp since they are only intended for use by Terraform Cloud and Terraform Enterprise customers. The documentation for them is under Defining Policies - Sentinel - Terraform Cloud and Terraform Enterprise - Terraform by HashiCorp. Please note, however, that they are usable by policies tested or run with the Sentinel CLI provided that you include mocks with your Sentinel CLI test cases. Those mocks can be downloaded from plans run against TFC/E workspaces. See Mocking Terraform Sentinel Data - Sentinel - Terraform Cloud and Terraform Enterprise - Terraform by HashiCorp for information on downloading mocks that can be used with the Sentinel CLI when testing Sentinel policies written for TFC/E.
Global Technology Specialist