You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
An example of using Sentinel policies in VCS in Terraform Enterprise
Notifications You must be signed in to change notification settings
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Go to fileIt is intended to be combined with the following:
See also: This repo shows an end-to-end workflow with many parts, and uses a small number of Sentinel policies to keep things simple. If you'd rather see a wider range of how to govern specific kinds of infrastructure with Sentinel policies, see the example policies in the hashicorp/terraform-guides repo.
Fork this repo, then create a Terraform Enterprise workspace linked to your fork. Set values for the following Terraform variables:
Add and remove Sentinel policies as desired, and edit main.tf to ensure your policies are enforced on the correct workspaces. Queue an initial run to set up your policies, then continue to iterate on the policy repo and approve Terraform runs as needed.
> sentinel test Manually apply a policy using a specific test config:
> sentinel apply -config ./test/aws-restrict-instance-type-prod/dev-not-prod.json aws-restrict-instance-type-prod.sentinel (This example results in a policy failure, as intended; see the "test" property of any test config for the expected behavior.)
This repo contains an example of running sentinel test against your sentinel files as PR checks. It uses a third-party action called thrashr888/sentinel-github-actions/test to run the tests. After submitting a PR, you'll see any test errors show up as a comment on the PR.
An example of using Sentinel policies in VCS in Terraform Enterprise