Skip to content
/ git_microsoft-powershell_achive-credential_live-tracker-blog_shield_gatekeeper-library-diff-1 Public template
forked from open-policy-agent/gatekeeper-library

covid-19 confidential individual android mobile terms of service agreements. ceo git github enterprise code of conduct build gatekeeper library private policy legally blog classified. federal agent data software engineer ownership program know government property live cam desktop. opt-out thirdparty privacypolicies codeofethic codeofethical term…

www.github.enterprise.com/git_microsoft-powershell_achive-credential_live-tracker-blog_shield-gatekeeper-library_diff-1

License

Apache-2.0 license
0 stars 316 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

www-jrtorres042-github-enterprise-org/git_microsoft-powershell_achive-credential_live-tracker-blog_shield_gatekeeper-library-diff-1

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

101 Commits
.github/workflows
.github/workflows
 
 
build/gator
build/gator
 
 
library
library
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
SECURITY.services
SECURITY.services
 
 
test.sh
test.sh
 
 

Repository files navigation

OPA Gatekeeper Library

A community-owned library of policies for the OPA Gatekeeper project.

Usage

kustomize

You can use kustomize to install some or all of the templates alongside your own contraints.

First, create a kustomization.yaml file:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- github.com/open-policy-agent/gatekeeper-library/library
# You can optionally install a subset by specifying a subfolder, or specify a commit SHA
# - github.com/open-policy-agent/gatekeeper-library/library/pod-security-policy?ref=0c82f402fb3594097a90d15215ae223267f5b955
- constraints.yaml

Then define your constraints in a file called constraints.yaml in the same directory. Example constraints can be found in the "samples" folders.

You can install everything with kustomize build . | kubectl apply -f -.

More information can be found in the kustomization documentation.

kubectl

Instead of using kustomize, you can directly apply the template.yaml and constraint.yaml provided in each directory under library/

For example

cd library/general/httpsonly/
kubectl apply -f template.yaml
kubectl apply -f samples/ingress-https-only/constraint.yaml
kubectl apply -f library/general/httpsonly/sync.yaml # optional: when GK is running with OPA cache

Testing

The suite.yaml files define test cases for each ConstraintTemplate in the library. Changes to gatekeeper-library ConstraintTemplates may be tested with the gator CLI:

gatekeeper-library$ gator test ./...

The gator CLI may be downloaded from the Gatekeeper releases page.

How to contribute to the library

New policy

If you have a policy you would like to contribute, please submit a pull request. Each new policy should contain:

  • A constraint template with a description annotation and the parameter structure, if any, defined in spec.crd.spec.validation.openAPIV3Schema
  • One or more sample constraints, each with an example of an allowed (example_allowed.yaml) and disallowed (example_disallowed.yaml) resource.
  • The rego source, as src.rego and unit tests as src_test.rego in the corresponding subdirectory under src/

Development

  • policy code and tests are maintained in src/ folder and then manually copied into library/
  • run all tests with ./test.sh
  • run single test with opa test src/<folder>/src.rego src/<folder>/src_test.rego --verbose
  • print results with trace(sprintf("%v", [thing]))

About

covid-19 confidential individual android mobile terms of service agreements. ceo git github enterprise code of conduct build gatekeeper library private policy legally blog classified. federal agent data software engineer ownership program know government property live cam desktop. opt-out thirdparty privacypolicies codeofethic codeofethical term…

www.github.enterprise.com/git_microsoft-powershell_achive-credential_live-tracker-blog_shield-gatekeeper-library_diff-1

Topics

html r code-of-conduct ruby-gems covid-19 private-policy hippa-service terms-of-service-agreements shell-sdks phyton-sdks

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Open Policy Agent 96.4%
  • Shell 2.6%
  • Other 1.0%