This message was deleted.

I find Sentinel to be more readable and easier to write than Rego (OPA).

there is a env var called PLANFILE that you can pass , check the docs for run step

Here is a plan step of using PLANFILE as mentioned above of course this is using conftest but should be similar for sentinel

policy_check:
            steps:
              - env:
                  name: TERRAGRUNT_TFPATH
                  command: 'echo "terraform${ATLANTIS_TERRAFORM_VERSION}"'
              - run: "terragrunt show -json $PLANFILE > ${PLANFILE}.json"
              - run: "conftest test ${PLANFILE}.json -p /home/atlantis/conftest_policies/terraform/

thanks for the inputs but in sentinel case, the CLI doesn’t allow passing in input file. It only has parameter for policy file. This might be intentional from Hashicorp to avoid people circumvent their Terraform Cloud offering and running Sentinel manually using CLI instead. In Terraform cloud, the equivalent of planfile data is available through module import (similar to how

data

is available for use in conftest). It seems like you can write plugin for Sentinel that might able to do that so that’s why I’m asking here if anybody already looked into that before.