Howdy. I had a peer ask if there was a way to use tflint to check if all resources in a Terraform configuration have tags applied (in general), and also check if specific tags are applied. Right now, tflint doesn’t appear to support this with Azure, but I thought perhaps that Sentinel might be able to do this.
Could Sentinel be used to inspect the Terraform HCL and apply policies, in the mode of a linter? Meaning: could it be integrated into an IDE/Editor (I use vim, but any modern code editor would do)? This would help cut down on developer iteration time (rather than wait for TFE or even the IaaS Provider’s own policy enforcement mechanism), it would seem, sometimes dramatically. Another obvious benefit is that this could be used in a CI testing pipeline as well as on local developer machines. However, I don’t see example code that would demonstrate inspecting local HCL with Sentinel.
Am I making sense here? Has anyone done this? Is there something obvious I’m missing that makes this very hard/impossible?