Skip to content
A bridge enabling Pulumi CrossGuard to run OPA rules
Go Makefile Shell
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build
examples/kubernetes
scripts
.gitignore Add gitignore file Nov 28, 2019
Makefile Add build machinery Nov 28, 2019
README.md Initial commit Nov 28, 2019
analyzer.go Add initial OPA integration Nov 28, 2019
eval.go
go.mod
go.sum Add build machinery Nov 28, 2019
main.go Add initial OPA integration Nov 28, 2019
policy.go
serve.go

README.md

Pulumi Open Policy Agent (OPA) Bridge for CrossGuard

This project allows Open Policy Agent (OPA) rules to be run in the context of Pulumi's policy system, CrossGuard.

How it works

Pulumi can enforce policies during a deployment. This includes during a "preview" -- before a deployment is attempted -- in addition to afterwards -- when certain other properties are known.

The OPA integration implements the Pulumi plugin interface for policies. Unlike Pulumi's standard approach to implementing policy rules using an SDK in a general purpose language this bridge lets you leverage any existing OPA rule within the overall Pulumi CrossGuard system.

How to build and distribute

The binary this repo builds is not intended to be run directly. It produces a plugin named pulumi-policy-opa which, when packaged with a set of OPA rules in the rules/ directory, can be loaded by the Pulumi plugin system.

You can’t perform that action at this time.