When writing and testing Sentinel policies, it is common to use the Sentinel CLI. However, supplying parameters via
sentinel.hcl does not work in Terraform Cloud or Terraform Enterprise despite the fact it works in the Sentinel CLI.
Trying to supply Sentinel parameters via the configuration file will produce an error:
Unsupported block type; Blocks of type “param” are not expected here
Creating/editing TFC/TFE Sentinel Parameter Procedures
It's possible to directly manipulate Sentinel Parameters using the UI by editing the policy set.
- Parameters can be created and updated with the equivalent named actions in the policy set params API
- If you have a way to manage it appropriately, parameter values can also be declared as default values (e.g.,
param foo default "default_value"). This is typically undesirable as it requires per-policy implementation