You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This small doc update adds a note to clarify why some mandatory Sentinel policies can still be overridden in Terraform Enterprise.
We had a few customer tickets where users were confused about why “hard mandatory” policies could still be overridden. The behaviour is expected, when the policy set has “This policy set can be overridden in the event of mandatory failures” enabled, users with the right permissions (like admins or team owners) can override both soft- and hard-mandatory policy failures.
This doc change makes that clearer to help prevent future confusion.
What’s Changed
Added a short clarification about when and why overrides can still occur.
Why
To address customer feedback and help users better understand how enforcement levels actually behave in practice.
@andrewassaf7 Thanks for adding this information. You added this to the 202301-1 version of the page. Is this the only version that this information applies to? Does this also apply to HCP Terraform?
@andrewassaf7 Thanks for adding this information. You added this to the 202301-1 version of the page. Is this the only version that this information applies to? Does this also apply to HCP Terraform?
@trujillo-adam Thanks for catching that! I added it under 202301-1 by mistake, should I move it to the latest version so it’s reflected globally ?. The information applies to all current versions of Terraform Enterprise where Sentinel policy sets support the “This policy set can be overridden in the event of mandatory failures” option. The behaviour is also consistent in HCP Terraform, since the enforcement and override mechanisms are shared across both platforms.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Description
This small doc update adds a note to clarify why some mandatory Sentinel policies can still be overridden in Terraform Enterprise.
We had a few customer tickets where users were confused about why “hard mandatory” policies could still be overridden. The behaviour is expected, when the policy set has “This policy set can be overridden in the event of mandatory failures” enabled, users with the right permissions (like admins or team owners) can override both soft- and hard-mandatory policy failures.
This doc change makes that clearer to help prevent future confusion.
What’s Changed
Why