Running your first Policy
Now that you’ve created your first policy in the Writing your first Policy guide, let’s run it using the sentrie exec command.
Your Policy
Section titled “Your Policy”Assuming you followed the previous guide, you should have a policy file first-policy.sentrie that looks like this:
namespace user_management
shape User { role: string status: string}
policy user_access {
fact user: User as currentUser
rule allow_admin = { yield user.role == "admin" }
rule allow_user = { yield allow_admin or (user.role == "user" and user.status == "active") }
export decision of allow_admin export decision of allow_user
}Running the Policy
Section titled “Running the Policy”Use the sentrie exec command to run your policy against test data:
sentrie exec user_management/user_access/allow_user --facts '{"user": {"role": "user", "status": "active"}}'Expected Output:
Namespace: sh/sentrie/examplePolicy: user_access
Rules: ✓ allow_admin: ⨯ False ✓ allow_user: ✓ True
Values: ✓ allow_admin: false ✓ allow_user: trueUnderstanding the Output
Section titled “Understanding the Output”The exec command shows you:
- Namespace: The namespace of the policy
- Policy: The policy name
- Rules: Which rules matched (✓) or didn’t match (✗)
- Values: The final results of exported rules
- Attachments: The attachments of the exported rules
Providing Required Facts
Section titled “Providing Required Facts”Since the user fact is required (no ? modifier), you must provide it when executing:
sentrie exec user_management/user_access --facts '{"user": {"role": "admin", "status": "active"}}'Expected Output:
Namespace: user_managementPolicy: user_access
Rules: ✓ allow_user: ✓ True ✓ allow_admin: ✓ True
Values: ✓ allow_user: true ✓ allow_admin: trueNext Steps
Section titled “Next Steps”Now that you can run policies, explore the CLI Reference to learn about all available commands and options.