HashiDays One conference. Three cities. Find a city near you
Sentinel
Sentinel Home

You are viewing documentation for version v0.13.x. View latest version.

Rules

Rules form the basis of a policy by representing behavior that is either passing or failing (true or false). Rules are a first class language construct in Sentinel. A policy can and should be broken down into rules to aid with readability, testability, and performance.

Rules provide:

  • Readability: A policy that is broken down into rules can be read more easily. The logic becomes clearer to see for policy writers when they come back to it.

  • Debuggability: When tracing is enabled, the trace is formatted by rule names. A policy that is broken down into more rules is more easily debugging by noticing unexpected rule values.

  • Testability: Policy testing is built on asserting the values of rules. By breaking logic down into rules, you're able to more effectively test your policies.

  • Performance: As explained in the next section, rules are only evaluated once on demand. This means that a rule referenced multiple time only has a one-time performance cost. For complex logic, this could result in improved performance.

An example usage of rules is shown below:

is_sunny     = rule { weather is "sunny" }
is_wednesday = rule { day is "wednesday" }
main = rule { is_sunny and is_wednesday }

Details about rules and their behavior can be found in the language reference. Rules have important behavior so we recommend reading the language reference on rules. Rules will be used throughout the remainder of the documentation.