A set of utilities and classes for working with Open Policy Agent based tools, including Gatekeeper and Conftest
Project description
Policy Kit
A set of utilities and classes for working with Open Policy Agent based tools, including Gatekeeper and Conftest.
Installation
Policy Kit can be installed from PyPI using pip
or similar tools:
pip install policykit
CLI
The module provides a CLI tool called pk
for using some of the functionality.
$ pk build *.rego
[SecurityControls] Generating a ConstraintTemplate from "SecurityControls.rego"
[SecurityControls] Searching "lib" for additional rego files
[SecurityControls] Adding library from "lib/kubernetes.rego"
[SecurityControls] Saving to "SecurityControls.yaml"
You can also use the tool via Docker:
docker run --rm -it -v $(pwd):/app garethr/policykit build
Python
This module currently contains one class, for working with ConstraintTemplates
in Gatekeeper.
from policykit import ConstraintTemplate
with open(path_to_rego_source_file, "r") as rego:
ct = ConstraintTemplate(name, rego.read())
print(ct.yaml())
Action
on: push
name: Build
jobs:
gatekeeper:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Generate ConstraintTemplates for Gatekeeper
uses: garethr/policykit/action@master
with:
args: <directory-of-rego-source-files>
- name: Commit to repository
env:
GITHUB_TOKEN: ${{ secrets.github_token }}
COMMIT_MSG: |
Generated new ConstraintTemplates from Rego source
skip-checks: true
run: |
# Hard-code user config
git config user.email "<your-email-address>"
git config user.name "<your-username>"
git config --get-regexp "user\.(name|email)"
# Update origin with token
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
# Checkout the branch so we can push back to it
git checkout master
git add .
# Only commit and push if we have changes
git diff --quiet && git diff --staged --quiet || (git commit -m "${COMMIT_MSG}"; git push origin master
Notes
A few caveats for anyone trying to use this module.
- Loading libraries with
lib
is only supported in Gatekeeper HEAD today but should be in the next release. - This module does not support parameterized ConstraintTemplates
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
policykit-0.1.0.tar.gz
(5.0 kB
view hashes)
Built Distribution
Close
Hashes for policykit-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 01b7414b5a35333296437f096e0c9d575d168c4982dff268895c8b84f9fb2380 |
|
MD5 | 114a93094a2ce0dde3dc5d4f80415b20 |
|
BLAKE2b-256 | be07526c7804ae5888053b03575089a55ebacb53b5ff007ba6d847fe84b932a7 |