» Testing

It is important to ensure the policies you write are correct. Sentinel includes a built-in test framework that can be run locally and in CI environments to test that policies behave as expected.

A common pitfall with many simple ACL systems is that they provide no easy way to verify their correctness. You basically have to set the ACL and try the behaviors against a real system to verify it is working as expected. This requires a lot of setup and is unique to each system.

Sentinel's built-in test framework has zero dependencies. It is a single binary that can mock the data that real systems are exposing to the policy. It is designed to be CI-friendly and enables continuous testing of your policies. This is necessary for policy as code.

» Writing Tests

For this example, save the following policy as policy.sentinel:

is_weekday = rule { day not in ["saturday", "sunday"] }
is_open_hours = rule { hour > 8 and hour < 17 }
main = rule { is_open_hours and is_weekday }

Next, let's write a passing test case. This will test that the policy tests when we expect it to pass. Save the following in test/policy/good.json:

{
    "global": {
        "day": "monday",
        "hour": 14
    }
}

And run sentinel test:

$ sentinel test
PASS - policy.sentinel
  PASS - test/policy/good.json

The sentinel test command will automatically find all Sentinel policies and their associated test cases and run them all. Try adding another test case to force the policy to fail. This test case can be saved at test/policy/fail.json. The test framework will run all JSON files as individual test cases, allowing you to test a variety of scenarios for your policies.

» Next

Next, we have a page dedicated to next steps depending on what you would like to achieve.