Introduction
In HCP Terraform when using new key-value tags for workspace, the sentinel mock are not returning value for `workspace.tags` , which is causing failure in sentinel policies while validating .
Recommendation
To overcome this scenario, Users should be using tfe_provider to add providers to workspace or to create workspaces, which will add legacy tags to the workspaces .
As new key-value tags are yet in Beta, it is not returning proper values tags parameters, but the policy should return proper value for legacy tags as below :-
- Use tfe_provider to create workspace with legacy tags :-
provider "tfe" {
# hostname = var.hostname # Optional, defaults to HCP Terraform `app.terraform.io`
token = "********####*#&#*#&^#&*^#&*#%*********"
version = "~> 0.58.0"
}
data "tfe_organization" "foo" {
name = "hcp-terraform-test-org"
}
resource "tfe_workspace" "test" {
name = "test-null-resource-policy-tag"
organization = data.tfe_organization.foo.name
tag_names = ["dev", "app"]
}
- using `workspace.tags` in policy will return proper values in mock as below :-
--------------
workspace = {
"auto_apply": false,
"created_at": "2024-10-22T04:09:30.469Z",
"description": "",
"execution_mode": "default",
"id": "ws-uvyF4bNGUYFG7678JHG",
"name": "test-null-resource-policy-tag",
"tags": [
"app",
"dev",
],----------------------------