Problem
When a run executes in HCP Terraform, a Sentinel policy check results in a "Hard Fail" status, but the UI reports that zero policies failed. The policy check window displays the following error message.
Error: unable to display. Please download all logs to view
After downloading the logs, the policy-check-log.txt file contains this error.
An error occurred: unexpected EOF
Cause
This error occurs when the workspace's Terraform state file has grown too large for the Sentinel service to read completely within its operational limits. The service stops processing before reaching the end of the file, which results in an unexpected EOF (End-of-File) error.
Solution
To resolve this issue, you must confirm the state file size and then refactor your configuration to reduce it.
Step 1: Confirm the State File Size
-
Navigate to the States tab for the affected workspace in the HCP Terraform UI. The URL will follow this pattern.
https://app.terraform.io/app/<ORGANIZATION>/workspaces/<WORKSPACE>/states
-
Select the state version associated with the failed run. If the state file is too large, HCP Terraform will display a warning.
State file too large to display (xxx MB compressed)
This warning confirms that the state file size is the cause of the Sentinel error.
Step 2: Reduce State File Size
To resolve this issue, you must refactor your configuration to reduce the overall size of the Terraform state file. This often involves splitting a large monolithic configuration into smaller, more manageable workspaces.
For guidance on managing configuration complexity, refer to the Workspace configuration best practices documentation.