kbs: add sample policy

Created the sample_policies directory to hold exampe of policy files. An allow_all.rego file is added. Signed-off-by: Wainer dos Santos Moschetta <[email protected]>
confidential-containers · Feb 12, 2024 · 51aee2c · 51aee2c
1 parent 446b63c
commit 51aee2c
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/kbs/quickstart.md b/kbs/quickstart.md
@@ -108,7 +108,7 @@ To test the KBS with sample evidence, you'll need to update the resource policy
 to something more permissive.
 This can be done with a command such as
 ```shell
-./kbs-client --url http://127.0.0.1:8080 config --auth-private-key config/private.key  set-resource-policy --policy-file allow_all.rego
+kbs-client --url http://127.0.0.1:8080 config --auth-private-key config/private.key  set-resource-policy --policy-file sample_policies/allow_all.rego
 ```
 
 ## Passport Mode

diff --git a/kbs/sample_policies/README.md b/kbs/sample_policies/README.md
@@ -0,0 +1,6 @@
+This directory contain sample policy files to configure the policy engine
+of the KBS. You can use those files to write your own policies.
+
+| File | Description |
+| ---  | ---         |
+|[allow_all.rego](./allow_all.rego)|Equivalent to turning off the policy engine. Release resources unconditionally|
diff --git a/kbs/sample_policies/allow_all.rego b/kbs/sample_policies/allow_all.rego
@@ -0,0 +1,4 @@
+
+package policy
+
+default allow = true