Open patrick-east opened 4 years ago
The current guide doesn't really explain what all can or cannot be done with OPA policies and Terraform plans.
There are notably a few areas that are not easily covered by policies due to the information available at the time the JSON plan is generated:
https://www.terraform.io/docs/configuration/expressions.html#values-not-yet-known https://www.terraform.io/docs/configuration/expressions.html#dynamic-blocks https://www.terraform.io/docs/configuration/expressions.html#function-calls
It is probably worth noting in the docs update how Sentinel handles (or not) these sort of things: https://www.terraform.io/docs/cloud/sentinel/import/tfconfig.html#references-with-terraform-0-12 to ensure users have a good idea of what limitations there are with the different solutions and enforcing policies on terraform plans in general.
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.
The current guide doesn't really explain what all can or cannot be done with OPA policies and Terraform plans.
There are notably a few areas that are not easily covered by policies due to the information available at the time the JSON plan is generated:
https://www.terraform.io/docs/configuration/expressions.html#values-not-yet-known https://www.terraform.io/docs/configuration/expressions.html#dynamic-blocks https://www.terraform.io/docs/configuration/expressions.html#function-calls
It is probably worth noting in the docs update how Sentinel handles (or not) these sort of things: https://www.terraform.io/docs/cloud/sentinel/import/tfconfig.html#references-with-terraform-0-12 to ensure users have a good idea of what limitations there are with the different solutions and enforcing policies on terraform plans in general.