Policy validation
Preview
This product or feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of theService Specific Terms. Pre-GA products and features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions.
Businesses are shifting towards infrastructure-as-code, and with that changecomes a concern that configuration errors can cause security and governanceviolations. To address this, security and cloud administrators need to be ableto set up guardrails that make sure everyone in their organization followssecurity best practices. These guardrails are in the form ofconstraints.
Constraints define your organization's source of truth for security andgovernance requirements. The constraints must be compatible with tools acrossevery stage of the application lifecycle, from development, to deployment, andeven to an audit of deployed resources.
gcloud beta terraform vet is a tool forenforcing policy compliance as part of an infrastructure CI/CD pipeline. Whenyou run this tool,gcloud beta terraform vet retrieves project data with Google CloudAPIs that are necessary for accurate validation of your plan. You can usegcloud beta terraform vet to detect policy violations and provide warnings or haltdeployments before they reach production. The same set of constraints that youuse withgcloud beta terraform vet can also be used with any other tool thatsupports the same framework.
Withgcloud beta terraform vet you can:
- Enforce your organization's policy at any stage of application development
- Remove manual errors by automating policy validation
- Reduce learning time by using a single paradigm for all policy management
Support
Untilgcloud beta terraform vet is generally available (GA), regular support channelsmight not be available. For support withgcloud beta terraform vet,open a ticket on theterraform-google-conversion GitHub repository.
Documentation
gcloud beta terraform vet includes the following resources:
- Quickstart – How to implement a constraint that throws an error, and then modify the constraint so the validation check passes.
- Create a policy library – How to create a centralized policy repository.
- Create Terraform constraints – How to add Terraform-based constraints.
- Create CAI constraints – How to add CAI-based constraints.
- Validate policies – How to validate policy compliance with
gcloud beta terraform vet. - Troubleshooting – Potential problems and solutions to fix them.
- Migrate from terraform-validator - How to migrate to
gcloud beta terraform vetfromterraform-validator.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.