tfe_policy_set

Policies are rules enforced on Terraform runs. Two policy-as-code frameworks are integrated with Terraform Enterprise: Sentinel and Open Policy Agent (OPA).

Policy sets are groups of policies that are applied together to related workspaces. By using policy sets, you can group your policies by attributes such as environment or region. Individual policies that are members of policy sets will only be checked for workspaces that the policy set is attached to.

Example Usage

Basic usage (VCS-based policy set):

resource "tfe_policy_set" "test" {
  name                = "my-policy-set"
  description         = "A brand new policy set"
  organization        = "my-org-name"
  kind                = "sentinel"
  agent_enabled       = "true"
  policy_tool_version = "0.24.1"
  policies_path       = "policies/my-policy-set"
  workspace_ids       = [tfe_workspace.test.id]

  vcs_repo {
    identifier         = "my-org-name/my-policy-set-repository"
    branch             = "main"
    ingress_submodules = false
    oauth_token_id     = tfe_oauth_client.test.oauth_token_id
  }
}

Using manually-specified policies:

resource "tfe_policy_set" "test" {
  name                = "my-policy-set"
  description         = "A brand new policy set"
  organization        = "my-org-name"
  kind                = "sentinel"
  agent_enabled       = "true"
  policy_tool_version = "0.24.1"
  policy_ids          = [tfe_sentinel_policy.test.id]
  workspace_ids       = [tfe_workspace.test.id]
}

Manually uploaded policy set, in lieu of VCS:

data "tfe_slug" "test" {
  // point to the local directory where the policies are located.
  source_path = "policies/my-policy-set"
}

resource "tfe_policy_set" "test" {
  name          = "my-policy-set"
  description   = "A brand new policy set"
  organization  = "my-org-name"
  workspace_ids = [tfe_workspace.test.id]

  // reference the tfe_slug data source.
  slug = data.tfe_slug.test
}

Argument Reference

The following arguments are supported:

The vcs_repo block supports:

Attributes Reference

Import

Policy sets can be imported; use <POLICY SET ID> as the import ID. For example:

terraform import tfe_policy_set.test polset-wAs3zYmWAhYK7peR