Hi, I’m somewhat new to Sentinel and have been tasked with developing a new policy using the
tfconfig module against Terraform 0.13.7 in Terraform Enterprise.
When I cd to a terraform config directory and run
sentinel apply [../../path/to/my-policy].sentinel I get the following error:
my-policy.sentinel:6:1: Import "tfconfig" is not available. My
sentinel.hcl file in the same dir as the policy only contains a single “policy” block and nothing else.
My understanding is that the “correct/suggested” way to test policies is to create test cases and run
sentinel test, but I would really like to run something like
sentinel apply ... on a local Terraform config directory just to see what the output would be for a particular policy against a particular config during active development. Of course, I intend to solidify all minimal cases into true tests and check them with
sentinel test before committing and uploading to TFE, but right now I’m looking for a lower-friction way to explore/demo candidate policies before fully committing to specific tests.
Not only would this interaction model help me explore the tool with less friction, it would also enable me to demonstrate the effects and capabilities of a new potential policy to less technical stakeholders who respond better to dynamic real-world examples than unreadable or aggressively simplified test cases that are best suited to CI automation.
I would be grateful for answers to any of these questions:
- Is using the sentinel cli to check examples of local terraform configs a reasonable thing to want to do?
a. Am I just doing it wrong? / How can I use one of the built-in imports such as
tfplan/v2with the cli?
b. -OR- What should I be doing instead?
- Are there any other resources that would help me develop sentinel policies?
Resources I’ve found: