I don't understand how I can analyse a plan with Hashicorp sentinel policies.
My test case
this is my main.tf file
provider "azurerm" {
subscription_id = "XXX"
features {
}
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
}
}
}
resource "azurerm_resource_group" "rg1" {
name = "RG1"
location = "westeurope"
}
Then I produce my plan:
terraform plan -out="plan.tfplan"
terraform show -json plan.tfplan >plan.json
Now using this modest policy:
import "tfplan/v2" as tfplan
main = rule {
true
}
What I get
When running from command line:
sentinel apply policy.sentinel
I get
policy.sentinel - Runtime error while running the policy:
policy.sentinel:1:1: Import "tfplan/v2" is not available
A runtime error is a non-recoverable error due to some unexpected or invalid condition. When a runtime error is experienced, the result of the policy is "false".
Versions
Terraform v1.11.0
Sentinel v0.30.0
What I am looking for
I am interested from 2 things:
Thank you
Well I found the solution.
I need to add un config file with something like:
sentinel {
features = {
apply-all = true
terraform = true
}
}
import "plugin" "tfplan/v2" {
config = {
"plan_path": "./tfplan.json"
}
}
Documentation is there:
https://developer.hashicorp.com/sentinel/docs/configuration
Could be a little bit clearer.