• Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
Sentinel
  • Intro
  • Docs
Download
    • v0.19.x (latest)
    • v0.18.x
    • v0.17.x
    • v0.16.x
    • v0.15.x
    • v0.14.x
    • v0.13.x
  • Release Notes
    • Overview
    • Policy as Code
    • Policy Language
    • Imports
    • Enforcement Levels
    • Overview
    • Override Files
    • Remote Sources
    • Overview
    • apply
    • fmt
    • test
    • Overview
    • Basics
    • Rules
    • Traces
    • Testing
    • Imports
    • Debugging
    • Overview
    • Modules
    • Plugins
    • Static Imports
    • Internals

    • Overview
    • Variables
    • Values
    • Lists
    • Maps
    • Rules
    • Imports
    • Parameters
    • Boolean Expressions
    • Arithmetic
    • Slices
    • Conditionals
    • Loops
    • Collection Operations
    • Functions
    • Scope
    • Undefined
    • Logging and Errors
    • Specification
    • Overview
    • append
    • delete
    • error
    • keys
    • length
    • print
    • range
    • values
    • Overview
    • base64
    • decimal
    • http
    • json
    • runtime
    • sockaddr
    • strings
    • time
    • types
    • units
    • version

  • Consul
  • Nomad
  • Terraform
  • Vault
Type '/' to Search

»Command: apply

The sentinel apply command is used to execute a policy locally for development purposes.

»Usage

Usage: sentinel apply [options] POLICY

This command executes the policy file at the path specified by POLICY. In addition to a path to a policy, POLICY can reference a label of a policy entry in the configuration.

Use the exit code of this command to determine the exact status of the policy evaluation. 0 is pass, 1 is fail, 2 is undefined (fail, but because the result was undefined), and 3 is a runtime error. Errors unrelated to the policy status itself are returned with an exit status of 9.

To control the behavior of the apply command, create a configuration file. With this, you can define available import plugins, mock data, and global values. This can help you simulate a policy embedded within an application.

As of the 0.16 release, POLICY is optional. When it is not supplied, sentinel apply will run all policies in the supplied configuration.

The command-line flags are all optional. The list of available flags are:

  • -color - Enable or disable colorized output. Enabled by default if running interactively.

  • -config=path - Path to a configuration file specifying available imports, mock data, globals, etc. The default is sentinel.[hcl|json].

  • -json Enable JSON output. Using this mode, all other output will be suppressed and the full detail of the apply will be output in a machine-readable format. Enabling this implies -trace. See the section on tracing JSON output for more details.

  • -json-rule=RULE Enable JSON output, outputting only the value of the specified rule. When running against a policy set, the policy must be supplied to enable per-rule filtering. Implies -json.

  • -global key=value - Set global values. This is the same as setting global in the configuration file, and will override any of these respective values set in the configuration. The value is either a string, or a JSON number, array, or object. To force strings, use quotes.

  • -param key=value - Set parameters, the same as setting param in the configuration file. Values are handled in the same way they are with the -global flag.

  • -trace - Always show the execution trace. This shows intermediate boolean expression values. This always shows for failed policies.

  • ProvisionMulti-Cloud Infrastructure
  • SecureMulti-Cloud Security
  • ConnectMulti-Cloud Networking
  • RunMulti-Cloud Orchestration
Products
  • Terraform
  • Vault
  • Consul
  • Nomad
  • Vagrant
  • Packer
  • Boundary NEW
  • Waypoint NEW
  • Sentinel
Resources
  • Blog
  • Tutorials
  • Community
  • Events
  • Integrations
  • Library
  • Partners
  • Podcast
  • Support
  • Training
Company
  • About Us
  • JobsWe're Hiring
  • Press Center
  • Brand
  • Contact Us
  • System Status
  • Cookie Manager
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
stdin: is not a tty