The runtime policies allows you to validate policies in runtime through 3rd party policy engines (like Open Policy Agent) using REST API.

Create Policy

To create a new policy follow the steps below:

1. Click “Compliance” → Click “Policy Management” → “+New Policy” button as shown below:

2. The Policy Management screen appears and select "Runtime" policy type as shown below:

Enter the following details:

• Enter the Name of the policy in the text box.

• Select the Policy type as Runtime from the drop-down.

• Select the Policy Engine as OPA from the drop-down.

• Select the Policy Engine Account from the drop-down.

• Enter the Policy Description in the text box.

• Select and add any available Policy file.

• Enter the Policy Details in the text box. Refer to the image below:

The Policy details is explained below:

Step 1

The start time is converted to nanoseconds and the Time zone is set to America/Los_Angeles.

# convert to nanoseconds
startTime := input.startTime * 1000000
# define time zone
tz = "America/Los_Angeles"

Step 2

A rule is set that if the pipeline has no start time then it will not execute the pipeline.

deny["Pipeline has no start time"] {
   startTime == 0
}

Step 3

A rule is set that no pipeline will be deployed between 2nd - 27th September 2020.

deny["No deploys between 2nd - 27th sept 2020"] {
   [year, month, day] := time.date(time.now_ns())
   year == 2020
   month == 9
   day > 2
   day < 27
 }

3. After entering the details click Save & Finish to create the policy as shown in the image below:

Edit Policy

To edit a policy follow the steps below:

1. Click the icon beside the name of the policy and select Edit as shown in the image below:

2. Edit the required details and click Save & Finish.

Delete Policy

To delete a policy follow the steps given below:

1. Click the icon beside the name of the policy and select Delete as shown in the image below:

2. The confirmation pop-up appears as shown below:

3. Click Yes, delete it! to delete the policy.