OPA Policy Check Action

A GitHub action that validates the policy using OPA.
Usage
Example snippet
This example checks policy using an Open Policy Agent (OPA).
YAML
name: Policy validation using OPA
on: [ push ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@latest
      - name: Check policy using Open Policy Agent (OPA)
        uses: opsverse/opa-policy-[email protected]
        with:
          opaServerUrl: "<opa_server_url>"
          opaServerAuthToken: ${{ secrets.OPA_SERVER_AUTH_TOKEN }}
          opaServerInput: '<opa_server_input>'
          opaServerPackageName: "<opa_package_name>" # Package name to be given using `/` as the delimiter instead of `.`. For instance package `example.include` should be given as `example/include`
          skipTlsValidation: <skip_tls_validation> # Skip TLS validation. Get the data from OPA by ignoring the certificate.
name: Policy validation using OPA
on: [ push ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@latest
      - name: Check policy using Open Policy Agent (OPA)
        uses: opsverse/opa-policy-check@0.2.0
        with:
          opaServerUrl: "<opa_server_url>"
          opaServerAuthToken: ${{ secrets.OPA_SERVER_AUTH_TOKEN }}
          opaServerInput: '<opa_server_input>'
          opaServerPackageName: "<opa_package_name>" # Package name to be given using `/` as the delimiter instead of `.`. For instance package `example.include` should be given as `example/include`
          skipTlsValidation: <skip_tls_validation> # Skip TLS validation. Get the data from OPA by ignoring the certificate.
﻿
NOTE: The following is a simple policy in the OPA server.
include.rego:
Text
package example.include
    allow := false
package example.include
    allow := false
﻿
Inputs
Input
Description
opaServerUrl
Open Policy Agent (OPA) Server address (with protocol)
opaServerAuthToken
Open Policy Agent (OPA) Auth token
opaServerInput
Open Policy Agent (OPA) input
opaServerPackageName
Open Policy Agent (OPA) package name from which the server should fetch the policy
skipTlsValidation
Skip TLS validation. Get the data from OPA by ignoring the certificate (default = false)
Examples
Check policy using an Open Policy Agent (OPA)
You can check the policy using Open Policy Agent (OPA).
﻿
YAML
name: Policy validation using OPA
on: [ push ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@latest
      - name: Check policy using Open Policy Agent (OPA)
        uses: opsverse/opa-policy-[email protected]
        with:
          opaServerUrl: "https://opa.example.com"
          opaServerAuthToken: ${{ secrets.OPA_SERVER_AUTH_TOKEN }}
          opaServerInput: '{"input": null}'
          opaServerPackageName: "example/include" # Package name to be given using `/` as the delimiter instead of `.`. For instance package `example.include` should be given as `example/include`
          skipTlsValidation: true # Skip TLS validation. Get the data from OPA by ignoring the certificate.
name: Policy validation using OPA
on: [ push ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@latest
      - name: Check policy using Open Policy Agent (OPA)
        uses: opsverse/opa-policy-check@0.1.0
        with:
          opaServerUrl: "https://opa.example.com"
          opaServerAuthToken: ${{ secrets.OPA_SERVER_AUTH_TOKEN }}
          opaServerInput: '{"input": null}'
          opaServerPackageName: "example/include" # Package name to be given using `/` as the delimiter instead of `.`. For instance package `example.include` should be given as `example/include`
          skipTlsValidation: true # Skip TLS validation. Get the data from OPA by ignoring the certificate.
﻿
NOTE: The following is a simple policy in the OPA server.
include.rego:
package example.include
    allow := false
﻿

Input	Description
opaServerUrl	Open Policy Agent (OPA) Server address (with protocol)
opaServerAuthToken	Open Policy Agent (OPA) Auth token
opaServerInput	Open Policy Agent (OPA) input
opaServerPackageName	Open Policy Agent (OPA) package name from which the server should fetch the policy
skipTlsValidation	Skip TLS validation. Get the data from OPA by ignoring the certificate (default = false)

Did this page help you?

SonarQube Action

Image Updater Action