Metadata-Version: 2.1
Name: policykit
Version: 0.1.1
Summary: A set of utilities and classes for working with Open Policy Agent based tools, including Gatekeeper and Conftest
Home-page: https://github.com/garethr/policykit
License: Apache-2.0
Author: Gareth Rushgrove
Author-email: gareth@morethanseven.net
Requires-Python: >=3.7,<4.0
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Requires-Dist: PyYAML (>=5.1,<6.0)
Requires-Dist: attrs (>=19.3,<20.0)
Requires-Dist: click (>=7.0,<8.0)
Requires-Dist: colorama (>=0.4.1,<0.5.0)
Project-URL: Repository, https://github.com/garethr/policykit
Description-Content-Type: text/markdown

# Policy Kit

A set of utilities and classes for working with [Open Policy Agent](https://www.openpolicyagent.org/) based tools, including [Gatekeeper](https://github.com/open-policy-agent/gatekeeper) and [Conftest](https://github.com/instrumenta/conftest).


## Installation

Policy Kit can be installed from PyPI using `pip` or similar tools:

```
pip install policykit
```


## CLI

The module provides a CLI tool called `pk` for using some of the functionality.

```console
$ pk build *.rego
[SecurityControls] Generating a ConstraintTemplate from "SecurityControls.rego"
[SecurityControls] Searching "lib" for additional rego files
[SecurityControls] Adding library from "lib/kubernetes.rego"
[SecurityControls] Saving to "SecurityControls.yaml"
```

You can also use the tool via Docker:

```
docker run --rm -it -v $(pwd):/app  garethr/policykit build
```


## Python

This module currently contains one class, for working with `ConstraintTemplates` in Gatekeeper.

```python
from policykit import ConstraintTemplate

with open(path_to_rego_source_file, "r") as rego:
    ct = ConstraintTemplate(name, rego.read())
print(ct.yaml())
```


## Action

```
on: push
name: Build
jobs:
  gatekeeper:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - name: Generate ConstraintTemplates for Gatekeeper
      uses: garethr/policykit/action@master
      with:
        args: <directory-of-rego-source-files>
    - name: Commit to repository
      env:
        GITHUB_TOKEN: ${{ secrets.github_token }}
        COMMIT_MSG: |
          Generated new ConstraintTemplates from Rego source
          skip-checks: true
      run: |
        # Hard-code user config
        git config user.email "<your-email-address>"
        git config user.name "<your-username>"
        git config --get-regexp "user\.(name|email)"
        # Update origin with token
        git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
        # Checkout the branch so we can push back to it
        git checkout master
        git add .
        # Only commit and push if we have changes
        git diff --quiet && git diff --staged --quiet || (git commit -m "${COMMIT_MSG}"; git push origin master
```


## Notes

A few caveats for anyone trying to use this module.

* [Loading libraries with `lib`](https://github.com/open-policy-agent/frameworks/commit/55fa33d1cca93f3b133e76a48d2e19adbdeb9de3) is only supported in Gatekeeper HEAD today but should be in the next release.
* This module does not support parameterized ConstraintTemplates

