This guide helps you configure tests using Sentinel to govern your Terraform stacks.
-
Login to app.terraform.io
-
Go to the tutorial on setting up Terraform Cloud.
-
Follow the steps up until the input variable set section. Populate your ocid, fingerprint, region, tenancy ocid, and private key by gathering the inputs from your OCI Console. For the private key, download a private key pem file and input the contents of the file as the value.
-
Fork this repo. Create a new workspace and choose the Version control workflow. Point your workspace at the forked repo.
-
Run a terraform apply within your workspace dashboard.
- Referencing the enforce policy set guide go to settings, select
policy sets, and clickconnect new policy set. - Select your forked repo again and for the path enter "oci" since that is the name of the directory where the tests live.
- Select "Policies enforced on select workspaces" and specify your new workspace from the dropdown. Click the connect policy set button.
- Try running a plan and apply on your Terraform code. You can modify your tests enforcement levels in the sentinel.hcl file. See how the tests behave when you remove tags from your resources or run a
terraform planafter deleting resources from theprohibited_list(within the deletion.sentinel file). - Try adding additional checks i.e validate-variables-have-descriptions.sentinel.
- A Terraform Cloud Login
- An OCI Account
- An Oracle Cloud ocid, fingerprint, tenancy ocid, and private key
- Sentinel requires a Team & Governance Terraform Cloud account.
- Once done with the tutorial, go ahead and tear down your resources.
This project is open source. Please submit your contributions by forking this repository and submitting a pull request! Oracle appreciates any contributions that are made by the open source community.
Copyright (c) 2024 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.
ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK.