Sentinel Runtime Release Notes

These are the release notes for the Sentinel runtime.

Each version of the runtime is released with a corresponding version of Sentinel CLI. To download the CLI, see the downloads page.

Sentinel integrations and embedded runtimes may not always have the latest version installed, depending on the product's individual release cycle. For more information, contact the support team for your specific integration.

0.13.1 (November 25, 2019)

BUG FIXES:

  • runtime/eval: Parameters are no longer allowed in mock files. Adding one to a mock will result in a runtime error.
  • runtime/eval: Fixed an issue where import calls from within mocks were failing under certain circumstances.
  • imports/decimal: int should now correctly provide the truncated integer representation of a decimal number, not the rounded one.

0.13.0 (November 15, 2019)

LANGUAGE CHANGES:

  • Policy Parameters. The new policy parameters feature allows authors to use a param declaration at the top of a policy to supply values that are expected to come from outside of a policy. See the linked documentation for more details.

FEATURES:

  • imports/http: The http import is a new addition to the standard library enabling the use of HTTP-accessible data from outside the runtime in policy rules.

BUG FIXES:

  • runtime/eval: Fixed an issue where loading other imports before a mocked import would cause those imports to no longer be visible from within the policy.

0.12.0 (October 7, 2019)

LANGUAGE CHANGES:

  • New case statement. This statement is a selection control mechanism to conditionally execute a branch based on expression equality, allowing simplification of complex conditional chains that may otherwise need to be written with else if. See the Case Statements section of the Sentinel language specification for more details.

IMPROVEMENTS:

  • lang/semantic: Added a semantic check to ensure usage of append is not using a return value.

BUG FIXES:

  • runtime/eval: Corrected an issue where calling a method on an import object value that was the result of a method call on another import object value would have erroneously tried to call an import of the name of the "parent" import object value. Example: in a = subject.new(); b = a.call(); c = b.call(), b.call() would attempt to call a method named call on the root namespace for an import named a. This has now been corrected so that b.call() will now correctly call the call method for the respective object namespace residing in the import named subject.
  • imports: Some standard imports may have been returning null for some unknown keys in objects when they should have been returning undefined. This was due to an SDK issue which was corrected in SDK version 0.3.2, which has now been corrected.
  • cmd/test: sentinel test will now correctly fail a policy if it encounters an error.
  • cmd/test: sentinel test will now correctly display errors and other output that were missing due to a formatting issue.
  • runtime/eval: The append builtin now correctly returns undefined for all calls, as called for by the Specification. Note that in most cases, the semantic check outlined above will trigger an error if the return value is used.

0.11.0 (September 5, 2019)

LANGUAGE CHANGES:

  • New builtin function: range(). This function existed in the spec in earlier versions but was removed as it lacked an implementation. This has now been implemented and re-added to the spec. See the Range section of the Sentinel Specification for more details.
  • Lists are now comparable. Lists are equal if their corresponding elements are comparable and equal.
  • Method calls on values returned by imports are now supported. See the Imports section of the Sentinel Specification for more details.

FEATURES:

  • imports/decimal: This is a new import designed to do exact precision mathematical calculations.
  • runtime/eval: Compound call expressions that refer to imports (example: foo.bar().baz() when foo is a loaded import) will now function as expected. Previously, this was only supported up to the first call (example: foo.bar()).
  • imports/time: Timespaces returned by calls such as time.now are now callable. Example: t = time.now; t.after(some_previous_time) will now function.

IMPROVEMENTS:

  • runtime/eval: The implementation of comparison of non-comparable types has now changed. Rather than triggering a runtime error, non-comparable types will now return false when attempting to compare.

0.10.4 (August 15, 2019)

BUG FIXES:

  • runtime/encoding: Fixed an issue with conversion of null values that could lead to crashes in imports.

0.10.3 (July 15, 2019)

BUG FIXES:

  • command/config: Parsing a configuration file where malformed data is encountered after apparently properly-formed data will now report an error. An example would be a situation where misplaced braces would cause a JSON object to only parse part of the configuration file.

0.10.2 (June 25, 2019)

BUG FIXES:

  • lang/parser: Corrected an issue where parsing certain compound binary expressions where the negation predicate (not) was in use would cause the negation to have no effect. Example: foo else "bar" not in "baz" would have been parsed and evaluated as foo else "bar" in "baz", effectively producing the opposite result.

0.10.1 (May 9, 2019)

BUG FIXES:

  • command/test: sentinel test now displays policies without tests as an unknown result with [no test files], instead of the somewhat erroneous behavior of displaying it as a PASS. A full test run with a mixture of passing tests and no tests still results in an overall successful result.

0.10.0 (April 18, 2019)

LANGUAGE CHANGES:

  • Mixed-number arithmetic operations are now allowed. Addition (+), subtraction (-), multiplication (*), division (/), and remainder operations (%) are no longer restricted to number values of the same type, and can mix integer and floating point. The result of these operations is always a floating-point number.
  • Remainder (modulo, %) operations are now allowed on floating-point numbers.

BUG FIXES:

  • lang/parser: Fixed a bug that affected the use of not with contains, matches, or in in a compound expression.
  • runtime/eval: Fixed error messages on evaluation errors with contains and in to indicate that strings are an allowed type along with lists and maps.

0.9.2 (March 15, 2019)

This is a dependency update related to the changes mentioned in 0.9.1. No other changes have been made.

0.9.1 (March 14, 2019)

This is a patch release that is required to integrate with the latest versions of the Sentinel SDK. No other changes have been made.

0.9.0 (January 28, 2019)

FEATURES:

  • imports/strings: Added a join function to the strings import. This can be used to join a list into a string with a specific separator. Multi-dimensional lists and all Sentinel primitives are supported.

0.8.1 (January 17, 2019)

BUG FIXES:

  • lang/eval: Fixed a bug that prevents the effective use of return statements in for loops.

0.8.0 (January 14, 2019)

FEATURES:

  • Mocks can now be represented by Sentinel code. This allows for the mocking of functions and other complex data structures that cannot be represented in JSON. For more information on using this feature via mocks, click here.

IMPROVEMENTS:

  • Import validation has now been moved to the semantic checking phase. This should result in better reporting of validation errors. In addition, import validation will now enforce the use of an as identifier when an import path is not a valid identifier on its own (example: import "foo/bar").

0.7.0 (December 12, 2018)

BUG FIXES:

  • There have been changes to the runtime in how scope is handled over multiple policy executions. Scope is now correctly unique per single policy execution, and values set or builtins that are overridden in one policy will no longer affect those values within another.

0.6.0 (November 30, 2018)

FEATURES:

  • imports/runtime: This new import allows for one to check various aspects of the Sentinel runtime as it may be embedded in the simulator or a specific implementation. For now, it allows the version to be checked.

0.5.1 (November 28, 2018)

IMPROVEMENTS:

  • imports/time: Added the zone and zone_string attributes to assist with validation of a timespace's zone.
  • command/fmt: Added a new -check flag. This option does not commit changes, but instead checks to see what files need formatting and outputs them on stdout.

BUG FIXES:

  • command/test: Ensure that passing test results are correctly output one per line. Tests are also now run in a deterministic fashion based on lexicographical (alphabetical) order.
  • imports/time: month_name and weekday_name will now show up correctly in a returned timespace result.

0.5.0 (November 5, 2018)

IMPROVEMENTS:

  • spec: Selectors can now contain any reserved word (example: rule) or keyword operator (example: any, all, is, not). This only works for the selector part of the expression (after the first period) - the first primary expression (before the first period) still needs to be an identifier that does not conflict with reserved words.

BUG FIXES:

  • The simulator should now display import function call names correctly in import errors.

0.4.0 (October 1, 2018)

FEATURES:

  • builtin: Added the bool built-in type conversion function. Booleans will also now accepted as conversion into other values as well, with the full list of behaviors available in the spec.

0.3.2 (September 27, 2018)

FEATURES:

  • command/apply: sentinel apply now prints out messages output by the print() function when a trace is output on policy failure, or when a trace is forced with -trace.
  • imports/time: Added the month_name and weekday_name keys to the timespace, which return full-English names for the month and day of the week.

BUG FIXES:

  • command/fmt: sentinel fmt - Will no longer print out the filter status message on the output stream when -write=false Is not explicitly stated. This brings the behavior of the command in line with the help text.
  • runtime: Index operations on the right-hand-side that have negative indexes that go out of range (example: length(list) * -1 - 1) now correctly return undefined. left-hand-side index assignments with a out-of-range negative index still return runtime errors.

0.3.1 (August 3, 2018)

BUG FIXES:

  • runtime: Basic index assignment has been implemented as per the spec.
  • runtime: Index expressions for lists with negative indexes will no longer panic if the list index is less than length(list) * -1.

0.3.0 (July 20, 2018)

FEATURES:

  • New standard import: types. This can be used to dynamicaly detect the type of some value.

0.2.0 (April 11, 2018)

FEATURES:

  • New standard import: json. Marshal and unmarshal JSON documents and access their contents as native Sentinel values.
  • break and continue. These are now both specified and implemented. break allows loop exiting and continue allows immediate execution of the next iteration.

IMPROVEMENTS:

  • runtime: print() map values are now ordered alphabetically by keys.

BUG FIXES:

  • command/test: If no test block exists, test behaves like it is asserting main: true.
  • runtime: default maximum stack depth to 500
  • runtime: print() map values now appear like more typical maps.
  • runtime: division by zero is an error, not a crash
  • runtime: plugins that send map values with null values now decode properly into native Sentinel values.

0.1.0 (September 19, 2017)

Initial release.