Introduction
Sentinel is a powerful policy-as-code framework that lets you define rules to govern infrastructure provisioning and changes. The Sentinel Playground is an invaluable tool for testing and debugging your policies before applying them to live infrastructure.
Procedure
-
Access the Sentinel Playground from your browser at https://play.sentinelproject.io/
- Paste your Sentinel policy code into the left-hand editor pane
-
In the right-hand pane, paste the mock input values as Sentinel code that represent the data your policy will evaluate in a real scenario
-
Click the Run button. The Playground will execute your policy against the mock input.
The Output pane will display the evaluation results, and indicate passes, fails, and errors. There will be detailed information on why the policy passed, failed, or encountered an error.
Common Errors
Error message: policy.sentinell:1:1: Import "tfplan/v2" is not available
This indicates that the tfplan/v2 mock data is missing or named incorrectly. The Sentinel Playground automatically adds the required prefixes and suffixes to the mock name. To resolve, change the mock name to tfplan-v2. Note that when this change is made, the mock name is automatically updated to mock-tfplan-v2.sentinel.
Error message: policy.sentinell:1:1: Import "tfplan-functions" is not available
Error message: policy.sentinel:36:1: Import "aws-functions" is not available
When using modules, the contents of the module will need to be added as a mock with the module name.
Important Notes
The Sentinel Playground is not a complete replacement for testing in a staging environment that mirrors your production setup.
Never use sensitive data in the Sentinel Playground, such as real API keys or credentials.