I am trying to get use tf-run in Sentinel to stop any workspace for running a plan when AWS_SECRET_ACCESS_KEY environment variable is not marked as sensitive.
terraform-guides/sensitive.sentinel at master · tpiercy6/terraform-guides · GitHub I am trying something along these lines. Anyone have any feedback?
Hi @tpiercy,
Thanks for reaching out. Unfortunately the outcome you are looking for is not achievable in the current implementation of Terraform Policies. Policy checks are triggered between the plan and apply stage. Since the plan stage has already taken place, Sentinel cannot block the run. You can block the run from progressing to the apply stage, but you cannot block the plan. This is definitely something that we would like to address in the future.
Hope this helps.
Ryan Hall
How specifically would you block it in the apply stage? Do you have any examples ?
Tyler Piercy
Senior Solutions Engineer
321-298-9834
Not in a repo, but the following example should help:
Thank you!
Tyler Piercy
Senior Solutions Engineer
321-298-9834