Logic
The core of a policy is a set of logical expressions to determine whether a behavior is allowed or not. Sentinel makes it easy to write readable logical expressions to express the intended policy.
The logical expression syntax will be familiar to anyone who has programmed before. Sentinel also supports a couple more unique constructs to assist with common policy requirements. Detailed documentation on how to write logical expressions and the supported operators is available in the boolean expression reference.
Example logic:
a is b // Equality, you can also use ==a is not b // Inequality, you can also use !=a > b // Relational operators, comparisona < ba >= ba <= ba contains b // Inclusion check, substrings, etc.a not contains b // Negated version of above
The full list of available operators can be found in the boolean expression reference.
Logic can be combined with and
or or
. When combined with and
, both
sides must result in true
. When combined with or
, only one side needs
to be true to result in true
.
With these building blocks, basic rules can be built up:
main = rule { hour >= 8 and hour < 17}
Next, we'll introduce imports so that we can write rules that interact with external data.