Initial commit

mihaibuzgau · Jul 20, 2021 · 83f45b2 · 83f45b2
commit 83f45b2
Show file tree

Hide file tree

Showing 6 changed files with 114 additions and 0 deletions.
diff --git a/.github/workflows/build-release-policy.yaml b/.github/workflows/build-release-policy.yaml
@@ -0,0 +1,46 @@
+name: build-release
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+    - '*'
+
+jobs:
+  release_policy:
+    runs-on: ubuntu-latest
+    name: build
+    steps:
+
+    - uses: actions/checkout@v2
+
+    - name: Build Policy 
+      id: aserto-build
+      uses: aserto-dev/aserto-build-action@v2
+      with:
+        source_path: src
+        target_path: build
+        target_file: bundle.tar.gz
+        revision: "$GITHUB_SHA"
+        verbose: true
+
+    - name: Release Policy
+      id: release
+      uses: xresloader/upload-to-github-release@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        file: "build/bundle.tar.gz"
+        tags: true
+        draft: false
+        verbose: true
+
+    - name: Push Policy 
+      id: aserto-push
+      uses: aserto-dev/aserto-push-action@v2
+      env:
+        ASERTO_PUSH_KEY: ${{ secrets.ASERTO_PUSH_KEY }}
+      with:
+        bundle: build/bundle.tar.gz
+        release_id: ${{ steps.release.outputs.release_id }}
+        verbose: true
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+.DS_Store
+
+build/
diff --git a/Makefile b/Makefile
@@ -0,0 +1,37 @@
+SHELL 	   := $(shell which bash)
+
+NO_COLOR   :=\033[0m
+OK_COLOR   :=\033[32;01m
+ERR_COLOR  :=\033[31;01m
+WARN_COLOR :=\033[36;01m
+ATTN_COLOR :=\033[33;01m
+
+# Github action env variables used by build container
+GITHUB_SHA          ?= $(shell git rev-parse HEAD 2>/dev/null)
+GITHUB_WORKSPACE    := /github/workspace
+
+# build action input parameters
+SOURCE_PATH   := src
+TARGET_PATH   := build
+TARGET_FILE   := bundle.tar.gz
+REVISION      := $(GITHUB_SHA)
+BUILD_OPTIONS := 
+VERBOSE       := false
+
+.PHONY: build
+build:
+	@echo -e "$(ATTN_COLOR)==> $@ $(NO_COLOR)"
+	@docker run \
+	-ti \
+	--rm \
+	--entrypoint "/app/build.sh" \
+	-v $(PWD):$(GITHUB_WORKSPACE) \
+	-e GITHUB_WORKSPACE=$(GITHUB_WORKSPACE) \
+	-e GITHUB_SHA=$(GITHUB_SHA) \
+	-e INPUT_SOURCE_PATH=$(SOURCE_PATH) \
+	-e INPUT_TARGET_PATH=$(TARGET_PATH) \
+	-e INPUT_TARGET_FILE=$(TARGET_FILE) \
+	-e INPUT_REVISION=$(REVISION) \
+	-e INPUT_BUILD_OPTIONS=$(BUILD_OPTIONS) \
+	-e INPUT_VERBOSE=$(VERBOSE) \
+	ghcr.io/aserto-dev/aserto-one:action-v2 > /dev/null
diff --git a/README.md b/README.md
@@ -0,0 +1,5 @@
+# policy-template
+
+Repository template for Aserto policy repos.
+
+
diff --git a/src/.manifest b/src/.manifest
@@ -0,0 +1,3 @@
+{
+    "roots": ["policies"]
+}
diff --git a/src/policies/hello.rego b/src/policies/hello.rego
@@ -0,0 +1,20 @@
+package policies.hello
+
+# default to a "closed" system, 
+# only grant access when explicitly granted
+
+default allowed = false
+default visible = false
+default enabled = false
+
+allowed {
+    input.role == "web-admin"
+}
+
+enabled {
+    visible
+}
+
+visible {
+    input.app == "web-console"
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,5 @@
		# policy-template

		Repository template for Aserto policy repos.