Problem
When writing and testing Sentinel policies, it is common to use the Sentinel CLI. However, supplying parameters via sentinel.hcl does not work in Terraform Cloud (TFC) or Terraform Enterprise (TFE)despite the fact it works in the Sentinel CLI.
Trying to supply Sentinel parameters via the configuration file will produce an error:
Unsupported block type; Blocks of type “param” are not expected here
Creating/editing TFC/TFE Sentinel Parameter Procedures
-
It's possible to directly manipulate Sentinel Parameters using the UI by editing the policy set.
- Parameters can be created and updated with the equivalent named actions in the policy set params API
- If managed appropriately, parameter values can also be declared as default values (e.g.,
param foo default "default_value"). This is typically undesirable as it requires per-policy implementation