# Create Policy Policies will help you to maintain strict guidelines for a deployment pipeline by allowing users to validate the application configuration while creating an application in spinnaker through a policy. Policies are of two types: * **Static Policy**: A policy that is enforced at all times. * **Run time Policy**: A policy that can only take effect while you are running a pipeline. ### Create Policy To create a new policy follow the steps below: 1. From the ISD application dashboard, Click "**Compliance**" --> Click "**Policy Management**" tab and then Click "+**New Policy"** button as shown in the image below. ![](https://2047464521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MBEa1hoX6SqpDj-ymNs%2Fuploads%2FWaDA9FpHAMrtuxCOaOgz%2Fimage.png?alt=media\&token=cd64d989-2840-4f41-91d7-4ae876bd6a43) 2\. The Policy Management screen appears and select policy type from the drop down as shown below: {% hint style="info" %} **Static Policies** can be created/edited only by the **Administrators**. **Runtime Policies** can be created/edited by the **Developers**. {% endhint %} ![](https://2047464521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MBEa1hoX6SqpDj-ymNs%2Fuploads%2FpHG9ELa80G3lD9Co6FZQ%2Fimage.png?alt=media\&token=5f1ede27-cb03-4e9c-b4b7-2ee21c88e79c) Enter the following details: * Enter the Name of the policy in the text box. * Select the Policy type from the drop-down. * Select the Policy Engine as OPA from the drop-down. * Select the Policy Engine Account from the drop-down. * Enter the Policy Description in the text box. * Select and add any available Policy file. 3\. Enter the **Policy Details** in the text box and click “**Save & Finish**” to create the policy as shown in the image below: ![](https://2047464521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MBEa1hoX6SqpDj-ymNs%2Fuploads%2F0BuCtlsDey7hvRCyS2f4%2Fimage.png?alt=media\&token=4a6b11b8-2daa-4645-aa50-3520f9debec4) {% hint style="info" %} **Note:** The repository contains a collection of sample policies that can be used with OpsMx ISD. Refer to the below link to view the sample policies. {% endhint %} {% embed url="" %} Collection of sample policies {% endembed %} ### Here are a couple of examples from the repository: **Static Policy to restrict image source while a pipeline is being saved** ``` ###### #IF # application named "sampleapp" # deploying to an account "production" # THEN # The image, if present MUST start with "docker.opsmx.com" # # Other applications/pipelines can be saved without these restrictions package opa.spinnaker.pipelines.new deny[msg] { count(input.new.stages)>0 input.new.application == "sampleapp" input.new.stages[_].account == "production" images := input.new.stages[_].manifests[_].spec.template.spec.containers[_].image not startswith(images, "docker.opsmx.com/") msg := sprintf("[%v] being deployed to be from docker.opsmx.com", [images]) } ``` **Dynamic policy that verifies the deployment is not happening during a blackout window** ``` # This policy verifies the deployment is not happening during a blackout window. # The blackout window can be configured by changing hour package opa.pipelines.datetimeslot deny["Pipeline has no start time"] { startTime := input.startTime startTime == 0 } weekday { day := time.weekday(time.now_ns()) day != "Saturday" day != "Sunday" } deny["No deployments allowed between 09am - 04pm on weekdays"] { [hour, minute, second] := time.clock([time.now_ns(), tz]) tz = "Africa/Lagos" hour >= 9 hour < 16 weekday } ``` **To know more about policy as code, refer** [**here**](https://www.opsmx.com/blog/getting-started-with-policy-as-code/)**.**