A new platform for documentation and tutorials is launching soon.
We are migrating Terraform documentation into HashiCorp Developer, our new developer experience.
Search Terraform documentation » Policy Checks APINote: Sentinel policies are a paid feature, available as part of the Team & Governance upgrade package. Learn more about Terraform Cloud pricing here .
» List Policy ChecksThis endpoint lists the policy checks in a run.
Note : The sentinel
hash in the result
attribute structure represents low-level Sentinel details generated by the policy engine. The keys or structure may change over time. Use the data in this hash at your own risk.
GET /runs/:run_id/policy-checks
Parameter Description run_id
The ID of the run to list policy checks for.
» Query ParametersThis endpoint supports pagination with standard URL query parameters . Remember to percent-encode [
as %5B
and ]
as %5D
if your tooling doesn't automatically encode URLs. If neither pagination query parameters are provided, the endpoint will not be paginated and will return all results.
Parameter Description page[number]
Optional. If omitted, the endpoint will return the first page.page[size]
Optional. If omitted, the endpoint will return 20 policy checks per page.
» Sample Requestcurl \
--header "Authorization: Bearer $TOKEN " \
https://app.terraform.io/api/v2/runs/run-CZcmD7eagjhyXavN/policy-checks
curl \
--header "Authorization: Bearer $TOKEN " \
https://app.terraform.io/api/v2/runs/run-CZcmD7eagjhyXavN/policy-checks
» Sample Response{
"data" : [
{
"id" : "polchk-9VYRc9bpfJEsnwum" ,
"type" : "policy-checks" ,
"attributes" : {
"result" : {
"result" : false ,
"passed" : 0 ,
"total-failed" : 1 ,
"hard-failed" : 0 ,
"soft-failed" : 1 ,
"advisory-failed" : 0 ,
"duration-ms" : 0 ,
"sentinel" : { ...}
} ,
"scope" : "organization" ,
"status" : "soft_failed" ,
"status-timestamps" : {
"queued-at" : "2017-11-29T20:02:17+00:00" ,
"soft-failed-at" : "2017-11-29T20:02:20+00:00"
} ,
"actions" : {
"is-overridable" : true
} ,
"permissions" : {
"can-override" : false
}
} ,
"relationships" : {
"run" : {
"data" : {
"id" : "run-veDoQbv6xh6TbnJD" ,
"type" : "runs"
}
}
} ,
"links" : {
"output" : "/api/v2/policy-checks/polchk-9VYRc9bpfJEsnwum/output"
}
}
]
}
{
"data" : [
{
"id" : "polchk-9VYRc9bpfJEsnwum" ,
"type" : "policy-checks" ,
"attributes" : {
"result" : {
"result" : false ,
"passed" : 0 ,
"total-failed" : 1 ,
"hard-failed" : 0 ,
"soft-failed" : 1 ,
"advisory-failed" : 0 ,
"duration-ms" : 0 ,
"sentinel" : { ...}
} ,
"scope" : "organization" ,
"status" : "soft_failed" ,
"status-timestamps" : {
"queued-at" : "2017-11-29T20:02:17+00:00" ,
"soft-failed-at" : "2017-11-29T20:02:20+00:00"
} ,
"actions" : {
"is-overridable" : true
} ,
"permissions" : {
"can-override" : false
}
} ,
"relationships" : {
"run" : {
"data" : {
"id" : "run-veDoQbv6xh6TbnJD" ,
"type" : "runs"
}
}
} ,
"links" : {
"output" : "/api/v2/policy-checks/polchk-9VYRc9bpfJEsnwum/output"
}
}
]
}
» Show Policy CheckThis endpoint gets information about a specific policy check ID. Policy check IDs can appear in audit logs.
Note : The sentinel
hash in the result
attribute structure represents low-level Sentinel details generated by the policy engine. The keys or structure may change over time. Use the data in this hash at your own risk.
GET /policy-checks/:id
Parameter Description id
The ID of the policy check to show.
» Sample Requestcurl \
--header "Authorization: Bearer $TOKEN " \
https://app.terraform.io/api/v2/policy-checks/polchk-9VYRc9bpfJEsnwum
curl \
--header "Authorization: Bearer $TOKEN " \
https://app.terraform.io/api/v2/policy-checks/polchk-9VYRc9bpfJEsnwum
» Sample Response{
"data" : {
"id" : "polchk-9VYRc9bpfJEsnwum" ,
"type" : "policy-checks" ,
"attributes" : {
"result" : {
"result" : false ,
"passed" : 0 ,
"total-failed" : 1 ,
"hard-failed" : 0 ,
"soft-failed" : 1 ,
"advisory-failed" : 0 ,
"duration-ms" : 0 ,
"sentinel" : { ...}
} ,
"scope" : "organization" ,
"status" : "soft_failed" ,
"status-timestamps" : {
"queued-at" : "2017-11-29T20:02:17+00:00" ,
"soft-failed-at" : "2017-11-29T20:02:20+00:00"
} ,
"actions" : {
"is-overridable" : true
} ,
"permissions" : {
"can-override" : false
}
} ,
"relationships" : {
"run" : {
"data" : {
"id" : "run-veDoQbv6xh6TbnJD" ,
"type" : "runs"
}
}
} ,
"links" : {
"output" : "/api/v2/policy-checks/polchk-9VYRc9bpfJEsnwum/output"
}
}
}
{
"data" : {
"id" : "polchk-9VYRc9bpfJEsnwum" ,
"type" : "policy-checks" ,
"attributes" : {
"result" : {
"result" : false ,
"passed" : 0 ,
"total-failed" : 1 ,
"hard-failed" : 0 ,
"soft-failed" : 1 ,
"advisory-failed" : 0 ,
"duration-ms" : 0 ,
"sentinel" : { ...}
} ,
"scope" : "organization" ,
"status" : "soft_failed" ,
"status-timestamps" : {
"queued-at" : "2017-11-29T20:02:17+00:00" ,
"soft-failed-at" : "2017-11-29T20:02:20+00:00"
} ,
"actions" : {
"is-overridable" : true
} ,
"permissions" : {
"can-override" : false
}
} ,
"relationships" : {
"run" : {
"data" : {
"id" : "run-veDoQbv6xh6TbnJD" ,
"type" : "runs"
}
}
} ,
"links" : {
"output" : "/api/v2/policy-checks/polchk-9VYRc9bpfJEsnwum/output"
}
}
}
» Override PolicyThis endpoint overrides a soft-mandatory or warning policy.
Note : The sentinel
hash in the result
attribute structure represents low-level Sentinel details generated by the policy engine. The keys or structure may change over time. Use the data in this hash at your own risk.
POST /policy-checks/:id/actions/override
Parameter Description id
The ID of the policy check to override.
» Sample Requestcurl \
--header "Authorization: Bearer $TOKEN " \
--header "Content-Type: application/vnd.api+json" \
--request POST \
https://app.terraform.io/api/v2/policy-checks/polchk-EasPB4Srx5NAiWAU/actions/override
curl \
--header "Authorization: Bearer $TOKEN " \
--header "Content-Type: application/vnd.api+json" \
--request POST \
https://app.terraform.io/api/v2/policy-checks/polchk-EasPB4Srx5NAiWAU/actions/override
» Sample Response{
"data" : {
"id" : "polchk-EasPB4Srx5NAiWAU" ,
"type" : "policy-checks" ,
"attributes" : {
"result" : {
"result" : false ,
"passed" : 0 ,
"total-failed" : 1 ,
"hard-failed" : 0 ,
"soft-failed" : 1 ,
"advisory-failed" : 0 ,
"duration-ms" : 0 ,
"sentinel" : { ...}
} ,
"scope" : "organization" ,
"status" : "overridden" ,
"status-timestamps" : {
"queued-at" : "2017-11-29T20:13:37+00:00" ,
"soft-failed-at" : "2017-11-29T20:13:40+00:00" ,
"overridden-at" : "2017-11-29T20:14:11+00:00"
} ,
"actions" : {
"is-overridable" : true
} ,
"permissions" : {
"can-override" : false
}
} ,
"links" : {
"output" : "/api/v2/policy-checks/polchk-EasPB4Srx5NAiWAU/output"
}
}
}
{
"data" : {
"id" : "polchk-EasPB4Srx5NAiWAU" ,
"type" : "policy-checks" ,
"attributes" : {
"result" : {
"result" : false ,
"passed" : 0 ,
"total-failed" : 1 ,
"hard-failed" : 0 ,
"soft-failed" : 1 ,
"advisory-failed" : 0 ,
"duration-ms" : 0 ,
"sentinel" : { ...}
} ,
"scope" : "organization" ,
"status" : "overridden" ,
"status-timestamps" : {
"queued-at" : "2017-11-29T20:13:37+00:00" ,
"soft-failed-at" : "2017-11-29T20:13:40+00:00" ,
"overridden-at" : "2017-11-29T20:14:11+00:00"
} ,
"actions" : {
"is-overridable" : true
} ,
"permissions" : {
"can-override" : false
}
} ,
"links" : {
"output" : "/api/v2/policy-checks/polchk-EasPB4Srx5NAiWAU/output"
}
}
}
The GET endpoints above can optionally return related resources, if requested with the include
query parameter . The following resource types are available:
Resource Name Description run
The run this policy check belongs to. run.workspace
The associated workspace of the run.