Testing Terraform Sentinel Policies Using Mocks
Oct 07, 2019
This talk and demo will show how you can generate Terraform Sentinel mock data (mocks) from your Terraform Cloud and Terraform Enterprise plans and use them to test your Terraform Sentinel policies with the Sentinel Simulator.
While you can test Terraform Sentinel policies in your Terraform Cloud account or on your private Terraform Enterprise server by triggering runs against workspaces, doing so has some limitations:
- Each test takes longer since you first have to run a
- You might have to discard many runs from your workspaces
- Your workspace history might become cluttered
In contrast, using the Sentinel Simulator with mocks is faster since the tests will not run Terraform at all. It avoids having to discard runs from your workspaces. Additionally, you can copy and edit generated Sentinel mocks to test your policies against multiple combinations of resource attributes.
Finally, you can trigger automatic tests whenever you modify your policies. Note: Sentinel mock data cannot be generated from Terraform open source plans. Using the Sentinel Simulator to test Terraform Sentinel policies requires a subscription or license that includes the mock generation feature.
Senior Solutions Engineer, HashiCorp