Open Policy Containers
A Docker-inspired workflow for OPA policies
Version your policies
Tag your policies with a semantic version, just like you would a docker container
Test policy versions
Run a local read-eval-print loop to test your versioned policy, by setting inputs and issuing queries.
Build, tag, push, and pull policy images
$ policy build . -t myorg/peoplefinder:1.0.0 $ policy tag myorg/peoplefinder:1.0.0 myorg/peoplefinder $ policy push myorg/peoplefinder $ policy pull myorg/peoplefinder
Sign layers and verify signatures
$ cosign initialize $ cosign generate-key-pair $ cosign sign --key cosign.key myorg/peoplefinder:1.0.0 $ cosign verify --key cosign.pub myorg/peoplefinder:1.0.0
Test your policy version with a read-eval-print loop
$ policy repl myorg/peoplefinder:1.0.0 > data.system.bundles { "/Users/ogazitt/.policy/policies-root/blobs/sha256/84d...7e9": { "manifest": { "revision": "", "roots": [ "peoplefinder" ] } } }
We are a Cloud Native Computing Foundation sandbox project.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.