Giter Site home page Giter Site logo

circle-policy-agent's Introduction

policy-agent

CircleCI

The policy-agent is essentially a CircleCI-flavored wrapper library around the Open Policy Agent (OPA), which will allow the users to write the policy documents in CircleCI terminology.

policy-agent is responsible, at its core, for doing the following:

tools setup

We use golangci-lint and task in this repository:

$ brew install go-task/tap/go-task
$ brew install golangci-lint

or

sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.46.2

See common project tasks with task -l, including:

task lint
task fmt
task test

run lint

task lint

run tests

task test

API Documentation

With godoc, you can view generated html documentation on your machine for policy-agent. There are two task commands for convenience:

* doc: 		Run 'godoc', print docs url
* doc-open: Run 'godoc', open the docs url in your browser

Helpers

CircleCI has provided helper functions to make it easier to write Rego policies. To use this code, please include import data.circleci.config in your Rego file.

Currently supported helpers:

circle-policy-agent's People

Contributors

davidmdm avatar ryan-wren avatar dependabot[bot] avatar sagar-connect avatar rooneyshuman avatar julesfaucherre avatar eddiewebb avatar jbialy avatar semanticallynull avatar gosuku avatar

Stargazers

Peter ONeill avatar Koichi Shiraishi avatar Alec Cunningham avatar

Watchers

Mike Taylor avatar Robert Zuber avatar James Cloos avatar Nathan Sorenson avatar Atul S avatar Chris Johnson avatar avatar

Forkers

alloydwhitlock olukotun-ts eddiewebb samkenxstream gosuku loderunner julesfaucherre

circle-policy-agent's Issues

Generic helper functions for maps & arrays in CCI config

We are seeing some common basic functions that make assertions in config easier.

  • in_array - for objects like context which can be a list or single value makes checking match either case.
  • job_name - since jobs of a worklows can be a single string, or include things like custom name this uses the right name in either case.

.... Others?

Restrict Context Access by Project

Hey! that's my context!

Inside an org with many teams, some will want to restrict contexts to only be used on their projects.

This rule would check and ensure:

  • IF they are using a context provided (function argument)
  • AND NOT in our list of project IDs (user side) -- I think user would just { not list_of_projects[meta.project_id]} on the hard_fail stanza?
  • THEN FAIL

Restrict Context Access by Branch Name

This is the "Branch Based Secrets" we all want and love.

Included in playground as example. This ticket is to make the branch name an argument, and move to config package.

@davidmdm - hope your ok if I track the things we're interested in collabing on here?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.