Using Sentinel as a linter?

Howdy. I had a peer ask if there was a way to use tflint to check if all resources in a Terraform configuration have tags applied (in general), and also check if specific tags are applied. Right now, tflint doesn’t appear to support this with Azure, but I thought perhaps that Sentinel might be able to do this.

Could Sentinel be used to inspect the Terraform HCL and apply policies, in the mode of a linter? Meaning: could it be integrated into an IDE/Editor (I use vim, but any modern code editor would do)? This would help cut down on developer iteration time (rather than wait for TFE or even the IaaS Provider’s own policy enforcement mechanism), it would seem, sometimes dramatically. Another obvious benefit is that this could be used in a CI testing pipeline as well as on local developer machines. However, I don’t see example code that would demonstrate inspecting local HCL with Sentinel.

Am I making sense here? Has anyone done this? Is there something obvious I’m missing that makes this very hard/impossible?


Hi @boldandbusted,

Apologies for the delay in response!

Currently, we cannot do what you are asking via the Sentinel CLI as we do not have an import for HCL. One can extend the capabilities of the Sentinel CLI by writing their own custom plugins. If this is an avenue that you would like to explore in more detail, please review the following:

This is a very interesting use case that you have and not one we have considered until now :thinking:.

Anyway, thanks for reaching out and please let us know if you choose to write your own plugin as we are always interested in these types of personal projects.

Ryan Hall