Runtime Policies

The runtime policies allows you to validate policies in runtime through 3rd party policy engines (like Open Policy Agent) using REST API.

Create Policy

To create a new policy follow the steps below:

  1. Click the New Policy button as shown below:

Create New Runtime Policy

2. Enter the following details:

  • Click the Endpoint drop-down to select OPA as shown below:

Select Endpoint Type
  • Enter the Endpoint URL in the text box.

  • Enter the Name of the policy in the text box.

  • Enter the Description of the policy in the text box.

  • Check/uncheck the Active check box to make the policy active/inactive.

  • Enter the Policy Details in the text box. Refer to the image below:

Policy Management details

The Policy details is explained below:

Step 1

The start time is converted to nanoseconds and the Time zone is set to America/Los_Angeles.

# convert to nanoseconds
startTime := input.startTime * 1000000
# define time zone
tz = "America/Los_Angeles"

Step 2

A rule is set that if the pipeline has no start time then it will not execute the pipeline.

deny["Pipeline has no start time"] {
startTime == 0
}

Step 3

A rule is set that no pipeline will be deployed between 2nd - 27th September 2020.

deny["No deploys between 2nd - 27th sept 2020"] {
[year, month, day] := time.date(time.now_ns())
year == 2020
month == 9
day > 2
day < 27
}

3. After entering the details click Save & Finish to create the policy as shown in the image below:

Save Policy Details

Edit Policy

To edit a policy follow the steps below:

  1. Click the edit icon as shown in the image below:

Edit Policy

2. Enter the details and click Save & Finish.

Delete Policy

To delete a policy follow the steps given below:

  1. Click the delete icon as shown in the image below:

Delete Policy

2. The confirmation pop-up appears as shown below:

Delete Policy Confirmation

3. Click Yes, delete it! to delete the policy.