The sentinel apply command is used to execute a policy locally for development purposes.
Usage: sentinel apply [options] POLICY
This command executes the policy file at the path specified by POLICY. In addition to a path to a policy, POLICY can reference a label of a policy entry in the configuration.
Use the exit code of this command to determine the exact status of the policy evaluation. 0 is pass, 1 is fail, 2 is undefined (fail, but because the result was undefined), and 3 is a runtime error. Errors unrelated to the policy status itself are returned with an exit status of 9.
To control the behavior of the apply command, create a configuration file. With this, you can define available import plugins, mock data, and global values. This can help you simulate a policy embedded within an application.
As of the 0.16 release, POLICY is optional. When it is not supplied, sentinel apply will run all policies in the supplied configuration.
The command-line flags are all optional. The list of available flags are:
-color - Enable or disable colorized output. Enabled by default if running interactively.
-config=path - Path to a configuration file specifying available imports, mock data, globals, etc. The default is sentinel.[hcl|json].
-json Enable JSON output. Using this mode, all other output will be suppressed and the full detail of the apply will be output in a machine-readable format. Enabling this implies -trace. See the section on tracing JSON output for more details.
-json-rule=RULE Enable JSON output, outputting only the value of the specified rule. When running against a policy set, the policy must be supplied to enable per-rule filtering. Implies -json.
-global key=value - Set global values. This is the same as setting global in the configuration file, and will override any of these respective values set in the configuration. The value is either a string, or a JSON number, array, or object. To force strings, use quotes.
-param key=value - Set parameters, the same as setting param in the configuration file. Values are handled in the same way they are with the -global flag.
-timeout - Allows users to specify a timeout after which the apply command will stop running. There is no timeout if not provided. The timeout needs to be specified as a Duration type, eg 100ms, 5s etc
-trace - Always show the execution trace. This shows intermediate boolean expression values. This always shows for failed policies.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4