Policy Management

The policy management feature allows you to automatically create policies (in a declarative language) to set stringent guideline for safe and detailed controls on the Spinnaker deployment pipeline. This feature gives you the freedom to set or declare specific policy rules or guidelines. For e.g., Automated Testing should be completed before deployment, is a rule which must be completed when creating a Spinnaker pipeline and policies.

Policy management also allows you to validate policies in runtime through 3rd party policy engines (like Open Policy Agent) using REST API. Moreover, security managers can quickly add, modify, delete policies in tune with business policy changes. OES Policy Management allows you to quickly declare policies and integrate with 3rd party policy managers for validations.

Now that we have a fair idea about what Policy Management does and what are the benefits let's take a quick look how the policy management page looks. Refer to the image below:

Policy Management Home Screen

To view the above screen click Policy Management in the navigation menu as shown below:

Policy Management navigation

The home screen will display all the existing policies with their status. You will also be able to search existing policies. Refer to the image below:

Search Existing Policies

Runtime Policies

The runtime policies allows you to validate policies in runtime through 3rd party policy engines (like Open Policy Agent) using REST API.

Compliant Pipeline Policies

This type of policy will help you to maintain strict guidelines for a deployment pipeline.

Create Policy

To create a new policy follow the steps below:

  1. Click the New Policy button as shown below:

Create New Runtime Policy

2. Enter the following details:

  • Click the Endpoint drop-down to select OPA as shown below:

Select Endpoint Type
  • Enter the Endpoint URL in the text box.

  • Enter the Name of the policy in the text box.

  • Enter the Description of the policy in the text box.

  • Check/uncheck the Active check box to make the policy active/inactive.

  • Enter the Policy Details in the text box. Refer to the image below:

Policy Management details

The Policy details is explained below:

Step 1

The start time is converted to nanoseconds and the Time zone is set to America/Los_Angeles.

# convert to nanoseconds
startTime := input.startTime * 1000000
# define time zone
tz = "America/Los_Angeles"

Step 2

A rule is set that if the pipeline has no start time then it will not execute the pipeline.

deny["Pipeline has no start time"] {
startTime == 0
}

Step 3

A rule is set that no pipeline will be deployed between 2nd - 27th September 2020.

deny["No deploys between 2nd - 27th sept 2020"] {
[year, month, day] := time.date(time.now_ns())
year == 2020
month == 9
day > 2
day < 27
}

3. After entering the details click Save & Finish to create the policy as shown in the image below:

Save Policy Details

Edit Policy

To edit a policy follow the steps below:

  1. Click the edit icon as shown in the image below:

Edit Policy

2. Enter the details and click Save & Finish.

Delete Policy

To delete a policy follow the steps given below:

  1. Click the delete icon as shown in the image below:

Delete Policy

2. The confirmation pop-up appears as shown below:

Delete Policy Confirmation

3. Click Yes, delete it! to delete the policy.