Migrate from terraform-validator

gcloud beta terraform vet is a replacement for the open-source terraform-validator project, with a few minor differences. If you are migrating your CI/CD pipeline to use gcloud beta terraform vet, you will need to make the following changes.

1. Update the command and args

  • Replace terraform-validator validate with gcloud beta terraform vet
  • Replace --policy-path with --policy-library

Basic example:

# Old
terraform-validatorvalidate./tfplan.json--policy-path=/path/to/policy-library
# New
gcloudbetaterraformvet./tfplan.json--policy-library=/path/to/policy-library

With service account impersonation:

# Old
GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=account@project.iam.gserviceaccount.com
terraform-validatorvalidate./tfplan.json--policy-path=/path/to/policy-library
# New
gcloudbetaterraformvet./tfplan.json--policy-library=/path/to/policy-library\
--impersonate-service-account=account@project.iam.gserviceaccount.com

2. (Optional) Upgrade constraint templates

terraform-validator documentation historically gave instructions on how to write v1alpha1 Constraint Framework policies; there is a newer format that we recommend for writing new policies. You can also upgrade existing policies to use the new format

For policies sourced from github.com/GoogleCloudPlatform/policy-library, we recommend staying in sync with the remote repository.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年10月29日 UTC.