Git clone hashicorp/terraform-foundational-policies-library repository.
$ sentinel --version
Sentinel v0.16.1
Run the following command inside the repository.
sentinel test $(find . -name "*.sentinel" ! -path "*/testdata/*")
Output contains below warning.
legacy warning:
test case uses legacy config, please migrate it to an HCL configuration.
How can we fix this warning?
Hi @leonard,
We have recently introduced the support of HCL for the Sentinel Configuration File which is why you are receiving this message. We introduce HCL support so that Sentinel was closely aligned with how policies are managed in Terraform Cloud.
This error should not result in a failed policy test, but if you would like to remove this notification it will require that you refactor all existing configuration files as HCL.
Hope this helps.
Thanks for the information.
However, I could not find further information from the given link.
See below example.
.
├── policy.sentinel
├── sentinel.hcl
└── test
└── policy
├── fail.json
└── success.json
# policy.sentinel
// The day of the week.
param day
// The hour of the day.
param hour
is_weekday = rule { day not in ["saturday", "sunday"] }
is_open_hours = rule { hour > 8 and hour < 17 }
main = rule {
is_weekday and is_open_hours
}
# sentinel.hcl
policy "policy" {
source = "./policy.sentinel"
enforcement_level = "advisory"
}
// test/policy/fail.json
{
"param": {
"day": "monday",
"hour": 7
},
"test": {
"is_open_hours": false,
"is_weekday": true,
"main": false
}
}
// test/policy/success.json
{
"param": {
"day": "monday",
"hour": 14
},
"test": {
"is_open_hours": true,
"is_weekday": true,
"main": true
}
}
$ sentinel test --verbose $(find . -name "*.sentinel")
Installing test modules for test/policy/fail.json
Installing test modules for test/policy/success.json
PASS - ./policy.sentinel
PASS - test/policy/fail.json
trace:
FALSE - policy.sentinel:9:1 - Rule "main"
TRUE - policy.sentinel:10:5 - is_weekday
TRUE - policy.sentinel:7:21 - day not in ["saturday", "sunday"]
FALSE - policy.sentinel:10:20 - is_open_hours
FALSE - policy.sentinel:8:24 - hour > 8 and hour < 17
FALSE - policy.sentinel:8:24 - hour > 8
FALSE - policy.sentinel:8:1 - Rule "is_open_hours"
FALSE - policy.sentinel:8:24 - hour > 8
TRUE - policy.sentinel:7:1 - Rule "is_weekday"
legacy warning:
test case uses legacy config, please migrate it to an HCL configuration.
PASS - test/policy/success.json
trace:
TRUE - policy.sentinel:9:1 - Rule "main"
TRUE - policy.sentinel:10:5 - is_weekday
TRUE - policy.sentinel:7:21 - day not in ["saturday", "sunday"]
TRUE - policy.sentinel:10:20 - is_open_hours
TRUE - policy.sentinel:8:24 - hour > 8 and hour < 17
TRUE - policy.sentinel:8:24 - hour > 8
TRUE - policy.sentinel:8:37 - hour < 17
TRUE - policy.sentinel:8:1 - Rule "is_open_hours"
TRUE - policy.sentinel:8:24 - hour > 8
TRUE - policy.sentinel:8:37 - hour < 17
TRUE - policy.sentinel:7:1 - Rule "is_weekday"
legacy warning:
test case uses legacy config, please migrate it to an HCL configuration.
I am still seeing this warning message.
How could we improve this given example to remove this warning?
@lenoard based on the example provided you would structure your test data as follows:
.
├── policy.sentinel
├── sentinel.hcl
└── test
└── policy
├── fail.hcl
└── pass.hcl
// test/policy/fail.json
param "day" {
value = "monday"
}
param "hour" {
value = 7
}
test {
rules = {
is_open_hours = false
is_weekday = true
main = false
}
}
// test/policy/pass.json
param "day" {
value = "monday"
}
param "hour" {
value = 14
}
test {
rules = {
is_open_hours = true
is_weekday = true
main = true
}
}
Essentially you need to replace all JSON configuration with HCL. I’ll work on getting the documentation updated to provide an end to end example.
Thanks for the further information. It works now.
How can we convert the following JSON to HCL?
"mock": {
"tfplan/v2": "../../testdata/mock-tfplan-success.sentinel"
},
mock "tfplan/v2" {
module {
source = "../../testdata/mock-tfplan-success.sentinel"
}
}
Found it. However, it is not easy to find information regarding HCL conversion from/to JSON.