Skip to content

naitianliu-google/gatekeeper-library

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
.github/workflows
.github/workflows
 
 
library
library
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
test.sh
test.sh
 
 

Repository files navigation

OPA Gatekeeper Library

A community-owned library of policies for the OPA Gatekeeper project.

Usage

Apply the template.yaml and constraint.yaml provided in each directory under library/

For example

cd library/general/httpsonly/
kubectl apply -f template.yaml
kubectl apply -f samples/ingress-https-only/constraint.yaml
kubectl apply -f library/general/httpsonly/sync.yaml # optional: when GK is running with OPA cache

How to contribute to the library

New policy

If you have a policy you would like to contribute, please submit a pull request. Each new policy should contain:

  • A constraint template with a description annotation and the parameter structure, if any, defined in spec.crd.spec.validation.openAPIV3Schema
  • One or more sample constraints, each with an example of an allowed (example_allowed.yaml) and disallowed (example_disallowed.yaml) resource.
  • The rego source, as src.rego and unit tests as src_test.rego in the corresponding subdirectory under src/

Development

  • policy code and tests are maintained in src/ folder and then manually copied into library/
  • run all tests with ./test.sh
  • run single test with opa test src/<folder>/src.rego src/<folder>/src_test.rego --verbose
  • print results with trace(sprintf("%v", [thing]))

About

The OPA Gatekeeper policy library.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Open Policy Agent 96.3%
  • Shell 2.9%
  • Makefile 0.8%