Terraform
Working With Sentinel JSON Result Data
When using the HCP Terraform UI, Sentinel policy check results are available both in a human-readable log form, and in a more detailed, lower-level JSON form. While the logs may suppress some output that would make the logs harder to read, the JSON output exposes the lower-level output directly to you. Being able to parse this data in its entirety is especially important when working with non-boolean rule data in a policy designed to work with Sentinel 0.17.0 and higher.
Note: HCP Terraform Free Edition includes one policy set of up to five policies. In HCP Terraform Plus Edition, you can connect a policy set to a version control repository or create policy set versions via the API. Refer to HCP Terraform pricing for details.
The JSON data exposed is the same as you would see when using the policy
checks API, with the data starting at the
sentinel
key.
Viewing JSON Data
To view the JSON data, expand the policy check on the runs page if it is not already expanded. The logs are always displayed first, so click the View JSON Data button to view the JSON data. You can click the View Logs button to switch back to the log view.
Filtering JSON Data
The JSON data is filterable using a jq-subset filtering language. See the JSON filtering page for more details on the filtering language.
Filters are entered by putting the filter in the aptly named filter box in the JSON viewer. After entering the filter, pressing Apply or the enter key on your keyboard will apply the filter. The filtered results, if any, are displayed in result box. Clearing the filter will restore the original JSON data.
Quick-Filtering main
Rules
Clicking the Filter "main" rules button will quickly apply a filter that
shows you the results of the main
rule for every policy in the policy set. You
can use this to quickly get the results of each policy in the set, without
having navigate through the rest of the policy result data.