The team behind HashiCorp’s policy as code framework Sentinel has emitted version 0.16 of the project, allowing the definition of remotely sourced policies and modules, and opening it up to the company’s HCL configuration format.
The new features are now available for customers with enterprise subscriptions for Consul, Nomad, Terraform, and Vault.
Probably the most interesting addition comes in the form of support for fetching policies and modules from remote sources. To realise this, devs need to add a URL to the source attribute of the appropriate definition. This is meant to make tried and test policies easier to share and “encourages code reuse”.
To go along with that, the apply command has been tweaked to be able to use a remote policy’s configuration key for evaluation. Other improvements include a new version import in the project’s standard library, so that users don’t have to go through some form of string manipulation in order to parse versions and version constraints.
While some find HashiCorp pushing their own configuration language HCL isn’t exactly helping to make it accessible to a broader audience, the company continues its unification efforts with the 0.16 release. More precisely Sentinel’s CLI has learned to work with configuration files written in the HCL format, so that apply and test can now be set up in the syntax HashiCorp users might already know from infrastructure as code tool Terraform.
The update also lets the tool move beyond its earlier approach of only allowing the execution of one local policy at a time by introducing policy blog definitions. The latter means the system now automatically evaluates all policies within a configuration file, which better reflects the reality of organisations using several policies at once.
Providing users with an option to define policies as code and make them therefore versionable as well as integratable into automated processes is a tactic that has received quite a lot of interest in recent years. With HashiCorp’s philosophy of “everything as code” it doesn’t come as a surprise that the company has been a bit ahead of that curve, after all users have known Sentinel since 2017.
Teams tempted by the idea of the framework but hesitant because it hasn’t passed the magical 1.0 barrier yet, should be reminded that the company’s tools are known to be used in production before getting to that milestone. Terraform is an often cited example for that with the team behind it pointing out that broad deployment is amongst the company’s prerequisites for a 1.0 release. It also helps that Sentinel is available in Enterprise offerings only, so support should be quick to get.