Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/opcr-io/policy
CLI for building OPA policies into OCI images
https://github.com/opcr-io/policy
oci oci-image openpolicyagent
Last synced: 30 days ago
JSON representation
CLI for building OPA policies into OCI images
- Host: GitHub
- URL: https://github.com/opcr-io/policy
- Owner: opcr-io
- License: apache-2.0
- Created: 2021-09-28T22:31:02.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-09-12T08:46:24.000Z (3 months ago)
- Last Synced: 2024-09-13T00:11:17.503Z (3 months ago)
- Topics: oci, oci-image, openpolicyagent
- Language: Go
- Homepage: https://www.openpolicycontainers.com
- Size: 1.43 MB
- Stars: 213
- Watchers: 11
- Forks: 12
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-platform-engineering - Secure the software supply chain for OPA policies
- awesome-opa - Open Policy Containers - Secure software supply chains for OPA policies. Push, pull, tag, test, version, and sign OPA policies. (Tools and Utilities / Testing Blogs and Articles)
README
# policy - the CLI for managing authorization policies
The policy CLI is a tool for building, versioning and publishing your authorization policies.
It uses OCI standards to manage artifacts, and the [Open Policy Agent (OPA)](https://github.com/open-policy-agent/opa) to compile and run.
---
[](https://goreportcard.com/report/github.com/opcr-io/policy)
[](https://github.com/opcr-io/policy/actions/workflows/ci.yaml)
[](https://codebeat.co/projects/github-com-opcr-io-policy-main)
[
](https://asertocommunity.slack.com/)
[
](https://www.openpolicycontainers.com/docs/intro)
[](https://github.com/opcr-io/policy/actions/workflows/codeql-analysis.yml)
[](https://bestpractices.coreinfrastructure.org/projects/6859)
---
## Documentation
Please refer to our [documentation](https://openpolicycontainers.com) site for installation, usage, customization and tips.
## Slack Channel
Wanna discuss features or show your support for this tool?
* Channel: [Slack](https://asertocommunity.slack.com/)
* Invite: [Invite Link](https://asertocommunity.slack.com/join/shared_invite/zt-p06gin84-xNswWpTGyPDPxCz0LMux3g#/shared-invite/email)
---
## Installation
`policy` is available on Linux, macOS and Windows platforms.
* Binaries for Linux, Windows and Mac are available as tarballs in the [release](https://github.com/opcr-io/policy/releases) page.
* Via Homebrew for macOS or LinuxBrew for Linux
```shell
brew tap opcr-io/tap && brew install opcr-io/tap/policy
```
Note: if you want to try a pre-release version before the official release:
```shell
brew tap opcr-io/tap && brew install opcr-io/tap/policy-rc
```
* Via the nix package manager on nixOS, other linux distros, and macOS
At the moment the package is only available in the `unstable` channel. Below are some examples using nix to install `policy` via the shell, NixOS configuration, and home-manager configuration.
Shell:
```shell
nix-env --install -A nixpkgs.opcr-policy
```
NixOS:
```nix
# your other config ...
environment.systemPackages = with pkgs; [
# your other packages ...
opcr-policy
];
```
home-manager:
```nix
# your other config ...
home.packages = with pkgs; [
# your other packages ...
opcr-policy
];
```
* Via a GO install
```shell
go install github.com/opcr-io/policy/cmd/policy@latest
```
---
## Building From Source
`policy` is currently using go v1.16 or above. In order to build `policy` from source you must:
1. Install [mage](https://magefile.org/)
2. Clone the repo
3. Build and run the executable
```shell
mage build && ./dist/build_linux_amd64/policy
```
---
## Running with Docker
### Running the official Docker image
You can run as a Docker container:
```shell
docker run -it --rm ghcr.io/opcr-io/policy:latest --help
```
---
## The Command Line
```shell
$ policy --help
Usage: policy
Commands:
build Build policies.
images List policy images.
push Push policies to a registry.
pull Pull policies from a registry.
login Login to a registry.
logout Logout from a registry.
save Save a policy to a local bundle tarball.
tag Create a new tag for an existing policy.
rm Removes a policy from the local registry.
inspect Displays information about a policy.
repl Sets you up with a shell for running queries using an OPA instance with a policy loaded.
templates List and apply templates
version Prints version information.
Flags:
-h, --help Show context-sensitive help.
-c, --config="/Users/ogazitt/.policy/config.yaml"
Path to the policy CLI config file.
--debug Enable debug mode.
-v, --verbosity=INT Use to increase output verbosity.
-k, --insecure Do not verify TLS connections.
Run "policy --help" for more information on a command.
```
## Logs
Logs are printed to `stderr`. You can increase detail using the verbosity flag (e.g. `-vvv`).
## Demo Videos/Recordings
---
## Known Issues
This is still work in progress! If something is broken or there's a feature
that you want, please file an issue and if so inclined submit a PR!
---
## Credits
The policy CLI uses a lot of great and amazing open source projects and libraries.
A big thank you to all of them!
---
## Contributions Guideline
* File an issue first prior to submitting a PR!
* Ensure all exported items are properly commented
* If applicable, submit a test suite against your PR
## Reporting Vulnerabilities
Please send an email to one of the [maintainers](MAINTAINERS.md). We commit to addressing vulnerabilities promptly.