Creating a Policy
To create a new policy, use the policy init
command:
policy init
You'll be asked to select a server. Assuming you've logged in to the Aserto Policy Registry, you'll be able to select from following:
# SERVER
1 opcr.io
2 registry.prod.aserto.com
> Select server#:
If you haven't logged in to the Aserto Policy Registry, you'll only see the opcr
option. After selecting a server you'll be asked to confirm your choice, or otherwise override it with a different value:
server: (registry.prod.aserto.com):
Hitting "Enter" will confirm your choice. Otherwise, provide a different value and hit "Enter".
Next, provide your username in the policy registry you've selected:
> user : ([YOUR_USER_NAME]):
Provide the name of the secret containing the Github token you'd like to use (by default, the name should be GITHUB_TOKEN
)
> github secret name: (GITHUB_TOKEN): GITHUB_TOKEN
Specify the name of the repository you'll be pushing the policy to:
> repo : (): [YOUR-ORGANIZATION]/[POLICY-NAME]
The following directory structure will be created:
.
├── .github
│ ├── config.yaml
│ └── workflows
│ └── build-release-policy.yaml
├── .gitignore
└── src
├── .manifest
└── policies
└── hello.rego
Update the content of the policy as needed, then follow the steps to build, tag and push the policy to OPCR.