https://github.com/weaveworks/policy-library

The policy-as-code library
https://github.com/weaveworks/policy-library

policies

Last synced: 7 months ago
JSON representation

The policy-as-code library

• Host: GitHub
• URL: https://github.com/weaveworks/policy-library
• Owner: weaveworks
• License: apache-2.0
• Created: 2022-08-17T10:14:06.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2024-06-28T09:40:27.000Z (over 1 year ago)
• Last Synced: 2025-01-19T10:10:06.318Z (9 months ago)
• Topics: policies
• Language: Open Policy Agent
• Homepage:
• Size: 15 MB
• Stars: 4
• Watchers: 7
• Forks: 1
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Weave Policy Library

This is the Weave Policy library v1.0.0.

## Directory Structure

```

├── policies

|   ├── Policy Name

│   |   ├── policy.yaml

│   |   ├── policy.rego

│   |   ├── tests

│   |   │   ├── xxx_test.yaml

├── examples

|   ├── Template Name

│   |   ├── policy.yaml

│   |   ├── policy.rego

│   |   ├── tests

│   |   │   ├── xxx_test.yaml

├── standards

│   ├── Standard Name

│   │   ├── standard.yaml

├── categories

│   ├── categories.yaml

├── scripts

│   ├── sync.py

│   ├── test_policies

├── crd.yaml

├── .githooks

```

## Policy and Template Structure

- Policy Directory Name: This is the name of the Policy. Try to look at the other directories and follow the naming pattern if applicable.

- policy.rego: REGO code for the policy.

- policy.yaml: Policy CRD object that contains the spec of the policy.

- tests: This directory has:

    - Example `yaml` files that you can use to test the policies with `scripts/test_policies` binary.

    - REGO files to test the policies using OPA Testing Framework.

## Standards File Format

```

id: weave.standards. # weave standard id

name: 

description: 

controls:

- id: weave.controls. # weave control id

  description: 

  name: 

  order: 

```

## Testing Policies using OPA Testing Framework

Download it [here](https://www.openpolicyagent.org/docs/latest/#running-opa) 

```bash

# test all policies and examples

opa test examples/ policies/ -v --ignore '*.yml','*.yaml','.md','.csv'

# test single policy

opa test policies/ControllerContainerRunningAsRoot -v --ignore '*.yml','*.yaml','.md','.csv'

```

## Policy Management scripts

We use [polctl](https://github.com/weaveworks/polctl) management scripts to manage (test, automate and sync) policies, standards, etc...

## Setup repo githooks

`git config --local core.hooksPath .githooks/`

This command sets the path for the repo hooks to .githooks directory so that it can be version-controlled and used by everyone using this repo.