Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • release/0.28 protected
  • trusted-gc_fix_null_header_http_send protected
  • cimpl-policy
  • trusted-GONRG-11243-Fix-Python-Version protected
  • test-cimpl-policy
  • trusted-fix_xuserid_optional_for_GC protected
  • trusted-cimpl-policy protected
  • trusted-GONRG-10453-Create_pipeline_Cimpl_policy protected
  • incountry
  • gc-oidc-test
  • trusted-gc-oidc-test protected
  • trusted-aws-fix-build protected
  • trusted-vl/python3.12 protected
  • trusted-vl/fastapi-swagger-mdw protected
  • doc_update
  • trusted-doc_update protected
  • trusted-okosse protected
  • trusted-GONRG-10847-Fix-GC-Dockerfile protected
  • trusted-docker_update protected
  • v0.28.2 protected
  • v0.28.1 protected
  • v0.28.0 protected
  • v0.27.6-gc.1 protected
  • v0.27.6 protected
  • v0.27.5 protected
  • v0.27.4 protected
  • v0.27.3 protected
  • v0.27.2 protected
  • v0.27.1 protected
  • v0.27.0 protected
  • v0.26.0 protected
  • v0.25.2 protected
  • v0.25.1 protected
  • v0.25.0 protected
  • v0.24.0 protected
  • v0.23.3 protected
  • v0.23.2 protected
  • v0.23.1 protected
  • v0.21.1 protected
40 results
Compare
Name Last commit Last update
app
build
deployment
devops
docs
frontend
loadtest
policy-examples
postman
.dockerignore
.editorconfig
.fossa.yml
.gitattributes
.gitignore
.gitlab-ci.yml
Dockerfile-Azure-Bootstrap
LICENSE
NOTICE
README.md
requirements.txt
requirements_bootstrap.txt
requirements_dev.txt
search_eando.py
README.md

Policy service

Policy service is used for management and evaluation of dynamic policies in OSDU.

Dependencies

Policy service has a runtime dependency on Open Policy Agent OPA. It also has a runtime dependency on OSDU entitlements service for API authorization.

Environmental variables

ENTITLEMENTS_BASE_URL and LEGAL_BASE_URL environmental variable must be set to run the service. The values provided should be of format scheme://host[:port] and not include any part of path (e.g., https://entitlements.osdu.compay.com).

API authorization

To read or evaluate policies, user calling the policy service, must be a member of service.policy.user or service.policy.admin group.

To create, update, or delete the policies, user must be a member of service.policy.admin group.

User can be added to these groups by using entitlements service.

For information on how to run the policy service: Policy Service README

For information on testing the policy service: Test Policy Service README

API documentation: OpenAPI

There is also a Policy Service Admin CLI: Policy Service Admin CLI

There is also a Policy Service Admin UI POC: Policy Service Admin UI