Migrate from terraform-validator

gcloud beta terraform vet is a replacement for the open-source terraform-validator project, with a few minor differences. If you are migrating your CI/CD pipeline to use gcloud beta terraform vet , you will need to make the following changes.

1. Update the command and args

Replace terraform-validator validate with gcloud beta terraform vet
Replace --policy-path with --policy-library

Basic example:

  # Old 
terraform-validator  
validate  
./tfplan.json  
--policy-path = 
/path/to/policy-library # New 
gcloud  
beta  
terraform  
vet  
./tfplan.json  
--policy-library = 
/path/to/policy-library

With service account impersonation :

  # Old 
 GOOGLE_IMPERSONATE_SERVICE_ACCOUNT 
 = 
account@project.iam.gserviceaccount.com
terraform-validator  
validate  
./tfplan.json  
--policy-path = 
/path/to/policy-library # New 
gcloud  
beta  
terraform  
vet  
./tfplan.json  
--policy-library = 
/path/to/policy-library  
 \ 
  
--impersonate-service-account = 
account@project.iam.gserviceaccount.com

2. (Optional) Upgrade constraint templates

terraform-validator documentation historically gave instructions on how to write v1alpha1 Constraint Framework policies; there is a newer format that we recommend for writing new policies . You can also upgrade existing policies to use the new format

For policies sourced from github.com/GoogleCloudPlatform/policy-library , we recommend staying in sync with the remote repository.

Migrate from terraform-validator Stay organized with collections Save and categorize content based on your preferences.

1. Update the command and args

2. (Optional) Upgrade constraint templates

Migrate from terraform-validator