/sentinel-lint

Go Packages to lint HashiCorp Sentinel file types

Primary LanguageGoApache License 2.0Apache-2.0

Sentinel Linter

Important

This repository is not supported or endorsed by the authors of Sentinel (HashiCorp). Do not contact them if you find any issues with this linter!

This repository holds a linter for HashiCorp Sentinel Configuration and HashiCorp Sentinel Language files.

Warning

This project is still a work in progress. Only the bare minimum is implemented, and new rules will be added in the future.

Intended usage of these Go modules

These Go modules are intended to be used by other tools to inspect Sentinel files e.g. Text editor integrations (Language Servers)

Usage

Simple scenario

  • Create a new Linter Configuration with the required sentinel version

  • Create a Lint file with a parsed AST

  • Create a list of rules that will be evaluated

  • Run the linter using the configuration, rule list and file

  • Evaluate the results

For example;

package main

import (
  "fmt"
  "os"

  "github.com/glennsarti/sentinel-lint/lint"
  "github.com/glennsarti/sentinel-lint/parsing"
  "github.com/glennsarti/sentinel-lint/rules"
  "github.com/glennsarti/sentinel-lint/runner"
)

func main() {
  cfg := lint.Config{SentinelVersion: "latest"}

  // Read the file
  filename := "something/policy.sentinel"
  bytes, _ := os.ReadFile(filename)

  // Parse the file
  f, _, issues, _ := parsing.ParseSentinelFile(cfg.SentinelVersion, filename, bytes)
  if len(issues) > 0 {
    fmt.Printf("There were %d issues while parsing\n", len(issues))
    os.Exit(1)
  }

  // Lint the file
  r, _ := runner.NewRunner(cfg, rules.NewDefaultRuleSet(), lint.PolicyFile{
    File:     f,
    FilePath: filename,
  })
  issues, _ = r.Run()
  if len(issues) > 0 {
    fmt.Printf("There were %d issues while linting\n", len(issues))
    os.Exit(1)
  }
  os.Exit(0)
}

File types

This linter supports the following types of sentinel files:

Go Type Description
ConfigPrimaryFile The primary configuration file for a Sentinel configuration
ConfigOverrideFile An override file for a Sentinel configuration
ConfigTestFile A test configuration file for a Sentinel policy
PolicyFile A policy file
ModuleFile A Sentinel module file

TODO

  • Add more rules

  • Add a rule documentation system

  • Release v0.0.1

  • What would v1.0.0 look like?