> For the complete documentation index, see [llms.txt](https://docs.opsmx.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.opsmx.com/opsmx-1/opsmx-context-engine/user-guide/policy/create-policy.md).

# Create Policy

Policies will help you to maintain strict guidelines for a deployment pipeline by allowing users to validate the application configuration while creating an application in spinnaker through a policy.

Policies are of two types:

1. **Static Policy**: A policy that is enforced at all times.
2. **Run time Policy**: A policy that can only take effect while running a pipeline.

### Create Policy <a href="#create-policy" id="create-policy"></a>

To create a new policy follow the steps below:

1. From the ISD [**application dashboard**](https://docs.opsmx.com/user-guide/dashboard/application-dashboard), click **Setup** and then click **Policies** to access the policies page, where you can create, edit and delete the policies.

   ![](/files/v6qPfJaX6mkZfH1cvvnE)

2. In the **Policies** page, click **New Policy** button to create a policy as shown in the image below.<br>

   ![](/files/8IMR295wQl43Syb40sMt)

3. New Policy creation screen appears and **selects policy type** from the drop-down as shown below: <br>

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p><strong>Static Policies</strong> can be created/edited only by the <strong>Administrators.</strong></p><p><strong>Runtime Policies</strong> can be created/edited by the <strong>Developers.</strong></p></div>

   ![](/files/ojVKuFkWXBsFd0QEMiS5)

   Enter the following details:&#x20;

   * **Name**: Enter the Name of the policy in the text box.&#x20;
   * **Policy Type**: Select the Policy type from the drop-down.&#x20;
   * **Policy Engine**: Select the Policy Engine as OPA from the drop-down.&#x20;
   * **Policy Engine Account**: Select the Policy Engine Account from the drop-down.&#x20;
   * **Policy Description**: Enter the Policy Description in the text box.&#x20;
   * **Policy File**: Select and add any available Policy file.

4. Enter the Policy Details in the text box and click **Save & Finish** to create the policy. Users can restrict the group permission to access this policy by enabling the **Policy permissions** as shown in the image below.

   ![](/files/63qBR9Nk2j2SRjjEuWwU)

{% hint style="info" %}
**Note:** The repository contains a collection of sample policies that can be used with OpsMx ISD. Refer to the below link to view the sample policies.&#x20;
{% endhint %}

{% embed url="<https://github.com/OpsMx/policy-as-code-examples>" %}
Collection of sample policies
{% endembed %}

### Examples from the repository

Here are a couple of examples from the repository:

* **Static Policy to restrict image source while a pipeline is being saved**

  ```
  ######
  #IF
  # application named "sampleapp"
  # deploying to an account "production"
  # THEN
  # The image, if present MUST start with "docker.opsmx.com"
  #
  # Other applications/pipelines can be saved without these restrictions
  package opa.spinnaker.pipelines.new
  deny[msg] {
     count(input.new.stages)>0
     input.new.application == "sampleapp"
     input.new.stages[_].account == "production"

     images := input.new.stages[_].manifests[_].spec.template.spec.containers[_].image
     not startswith(images, "docker.opsmx.com/")
     msg := sprintf("[%v] being deployed to be from docker.opsmx.com", [images])
  }
  ```
* **Dynamic policy that verifies the deployment is not happening during a blackout window**

  ```
  # This policy verifies the deployment is not happening during a blackout window.
  # The blackout window can be configured by changing hour

  package opa.pipelines.datetimeslot

   deny["Pipeline has no start time"] {
       startTime := input.startTime
       startTime == 0
   }
    weekday {
       day := time.weekday(time.now_ns())
       day != "Saturday"
       day != "Sunday"
    }

    deny["No deployments allowed between 09am - 04pm on weekdays"] {
       [hour, minute, second] := time.clock([time.now_ns(), tz])
       tz = "Africa/Lagos"

       hour >= 9
       hour < 16
       weekday
     }
  ```

**To know more about policy as code, refer** [**here**](https://www.opsmx.com/blog/getting-started-with-policy-as-code/)**.**


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/opsmx-1/opsmx-context-engine/user-guide/policy/create-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.