using sentinel imports while making policies in terraform

Question

Hey i am trying to work with sentinel cli with terraform i have a policy.sentinel file

import "tfplan"
allowed_machine_types = [
    "n1-standard-1",
    "n1-standard-2",
    "n1-standard-4",
    "n1-standard-8",
]

main = rule {
    all tfplan.resources as type, resources {
        all resources as r {
            r.applied.machine_type in allowed_machine_types
        }
    }
}

and a config.json file for my imports

{
"imports":{
    "tfplan": {
        "path": "./plan"
        }
    }
}

the plan is an executable file that is generated after running

terraform plan -out plan

when i run sentinel apply -config=config.json policy.sentinel

my error

Runtime error while running the policy:

test.sentinel:1:1: fork/exec ./plan: exec format error

A runtime error is a non-recoverable error and always represents a bug
in the policy. When a runtime error is experienced, the result of the
policy is "false". Please fix the error above and try again.

i am not very good at sentinel so what could be issue ? how do we use imports ? i tried going through the documentation and i could not get how to go about it

score 1 · Answer 1 · answered Feb 11 '18 at 07:47

1

You can not exec the plan file as it's not executable - you need to exec the terraform plan plugin: that is not available anywhere..

answered Feb 11 '18 at 07:47

matti

426
3
7

So what is the alternative to using terraform with sentinel CLI – cjmash Feb 11 '18 at 09:57
to me it looks like you can not - unless you use terraform enterprise – matti Feb 11 '18 at 14:12

using sentinel imports while making policies in terraform

1 Answers1