Skip to main content

Policy Engine

Policy Engine is the core component of Indent that governs how decisions are rendered.

Common Expression Language (CEL)

The Common Expression Language (CEL) is a non-Turing complete language designed for simplicity, speed, and safety. Policy Engine uses CEL to evaluate policies and make decisions based on the context of the request.

Indent uses policies to determine who can request, who can review, and how access management is configured. CEL expressions can be constructed visually using the Policy Builder or via code:



When a request is submitted, Indent validates requirements based on the request and current policy. Once all the requirements have been met, the provisioning workflows to grant and revoke are kicked off. You can read more about granting and revoking access works.

Types (Protobuf)

info

Protocol Buffers types are only available for on-premise customers. If you are using the cloud version of Indent, please reach out to support for more information.

External resources can be dynamically typed using a Resource. For typed resources, Indent uses Protocol Buffers to provide the schema used to validate the request.

Types are registered with Indent to validate requests and resources. CEL natively supports Protocol Buffers types, so you can use them in your policies.

Validation

Tests can be written to validate policies and ensure they are working as expected. These tests take the form of CEL expressions that check the output of a policy against a known input.

Dynamic references

Dynamic references are used to pull in data from external sources. For example, you can use a dynamic reference to pull in whether a user is on-call (e.g. PagerDuty, OpsGenie, etc) or a member of a specific group. Connected integrations define the dynamic references available to Indent. These references can be used in policies to make decisions based on the context of the request.