How To Use the Sentinel Playground to Troubleshoot Sentinel Policies

Avatar
Kristina Hunter
  • Updated

Introduction

Sentinel is a policy-as-code framework that allows you to define rules to govern infrastructure provisioning and changes. The Sentinel Playground is a valuable tool for testing and debugging your policies before you apply them to your infrastructure.

Procedure

This guide outlines the steps to test and troubleshoot a Sentinel policy using the Sentinel Playground.

  1. Access the Sentinel Playground in your browser.
  2. Paste your Sentinel policy code into the editor pane on the left.
  3. Paste the mock input data that represents the data your policy will evaluate into the pane on the right.
  4. Select the Run button to execute your policy against the mock input.

The Output pane displays the evaluation results, including passes, fails, and any errors, with detailed information about the outcome.

Common Errors and Solutions

This section covers common errors you may encounter in the Sentinel Playground and how to resolve them.

Error: Import "tfplan/v2" is not available

This error indicates that the tfplan/v2 mock data is missing or named incorrectly.

Error message: policy.sentinel:1:1: Import "tfplan/v2" is not available

Solution:

The Sentinel Playground automatically adds prefixes and suffixes to mock names. To resolve this, rename the mock to tfplan-v2. The Playground will automatically update the name to mock-tfplan-v2.sentinel.

Error: Import "tfplan-functions" or "aws-functions" is not available

This error occurs when using modules without providing their contents as mock data.

Error message: policy.sentinel:1:1: Import "tfplan-functions" is not available
Error message: policy.sentinel:36:1: Import "aws-functions" is not available

Solution:

When your policy uses modules, you must add the contents of each module as a separate mock, using the module's name as the mock name.

Important Notes

  • The Sentinel Playground is a testing tool and does not replace the need for testing in a staging environment that mirrors your production setup.
  • Do not use sensitive data, such as real API keys or credentials, in the Sentinel Playground.

Additional Information

Articles in this section

Related articles