Open Policy Registry
A Docker-inspired workflow for OPA policies
Version your policies
Tag your policies with a semantic version, just like you would a docker container
Test policy versions
Run a local read-eval-print loop to test your versioned policy, by setting inputs and issuing queries.
Build, tag, push, and pull policy images
$ policy build . -t myorg/peoplefinder:1.0.0 $ policy tag myorg/peoplefinder:1.0.0 myorg/peoplefinder $ policy push myorg/peoplefinder $ policy pull myorg/peoplefinder
Sign layers and verify signatures
$ cosign init $ cosign generate-key-pair $ cosign sign -key cosign.key myorg/peoplefinder:1.0.0 $ cosign verify -key cosign.pub myorg/peoplefinder:1.0.0
Test your policy version with a read-eval-print loop
$ policy repl myorg/peoplefinder:1.0.0
> data.system.bundles
{
"/Users/ogazitt/.policy/policies-root/blobs/sha256/84d...7e9": {
"manifest": {
"revision": "",
"roots": [
"peoplefinder"
]
}
}
}Sign up for the newsletter
Stay up to date with news about OPCR.