Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • release/0.28 protected
  • trusted-gc_fix_null_header_http_send protected
  • cimpl-policy
  • trusted-GONRG-11243-Fix-Python-Version protected
  • test-cimpl-policy
  • trusted-fix_xuserid_optional_for_GC protected
  • trusted-cimpl-policy protected
  • trusted-GONRG-10453-Create_pipeline_Cimpl_policy protected
  • incountry
  • gc-oidc-test
  • trusted-gc-oidc-test protected
  • trusted-aws-fix-build protected
  • trusted-vl/python3.12 protected
  • trusted-vl/fastapi-swagger-mdw protected
  • doc_update
  • trusted-doc_update protected
  • trusted-okosse protected
  • trusted-GONRG-10847-Fix-GC-Dockerfile protected
  • trusted-docker_update protected
  • v0.28.2 protected
  • v0.28.1 protected
  • v0.28.0 protected
  • v0.27.6-gc.1 protected
  • v0.27.6 protected
  • v0.27.5 protected
  • v0.27.4 protected
  • v0.27.3 protected
  • v0.27.2 protected
  • v0.27.1 protected
  • v0.27.0 protected
  • v0.26.0 protected
  • v0.25.2 protected
  • v0.25.1 protected
  • v0.25.0 protected
  • v0.24.0 protected
  • v0.23.3 protected
  • v0.23.2 protected
  • v0.23.1 protected
  • v0.21.1 protected
40 results
Compare
Shane Hutchins's avatar
Merge branch 'avoid_import_unknown_external_library' into 'master'
Shane Hutchins authored 
Added whitelisted cloud provider names

See merge request !572
dd4d195d
History
Shane Hutchins's avatar dd4d195d
History
Name Last commit Last update
app
build
cache
deployment
devops
docs
loadtest
policy-examples
postman
.dockerignore
.editorconfig
.fossa.yml
.gitattributes
.gitignore
.gitlab-ci.yml
.trufflehog-exclude
Dockerfile-Azure-Bootstrap
LICENSE
NOTICE
README.md
VERSION
publish.yml
requirements.txt
requirements_bootstrap.txt
requirements_dev.txt
requirements_setversion.txt
search_eando.py
setversion.py
unittest.sh
README.md

Policy service

Policy service is used for management and evaluation of dynamic policies in OSDU.

Dependencies

Policy service has a runtime dependency on Open Policy Agent OPA. It also has a runtime dependency on OSDU entitlements service for API authorization.

Environmental variables

ENTITLEMENTS_BASE_URL and LEGAL_BASE_URL environmental variable must be set to run the service. The values provided should be of format scheme://host[:port] and not include any part of path (e.g., https://entitlements.osdu.compay.com).

API authorization

To read or evaluate policies, user calling the policy service, must be a member of service.policy.user or service.policy.admin group.

To create, update, or delete the policies, user must be a member of service.policy.admin group.

User can be added to these groups by using entitlements service.

For information on how to run the policy service: Documentation

Policy Service README

For information on testing the policy service: Test Policy Service README

API documentation: OpenAPI

There also a great CLI support from AdminCLI (formerly Policy AdminCLI):