stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
51cf4bc16c5ec4cfd1131f0243a26435571d3039
git.stella-ops.org/policies/schemas/policy-pack.schema.json
master 51cf4bc16c more audit work
2026-01-08 20:46:43 +02:00

94 lines
2.8 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.io/schemas/policy-pack.schema.json",
"title": "Policy Pack Schema",
"description": "Schema for StellaOps policy packs and overrides.",
"type": "object",
"required": ["apiVersion", "kind", "metadata", "spec"],
"properties": {
"apiVersion": {
"type": "string",
"pattern": "^policy\\.stellaops\\.io/v[0-9]+$"
},
"kind": {
"type": "string",
"enum": ["PolicyPack", "PolicyOverride"]
},
"metadata": {
"type": "object",
"required": ["name", "version"],
"properties": {
"name": { "type": "string" },
"version": { "type": "string" },
"description": { "type": "string" },
"parent": { "type": "string" },
"environment": { "type": "string" }
},
"additionalProperties": true
},
"spec": {
"type": "object",
"properties": {
"settings": {
"type": "object",
"additionalProperties": true
},
"rules": {
"type": "array",
"items": { "$ref": "#/$defs/rule" }
},
"ruleOverrides": {
"type": "array",
"items": { "$ref": "#/$defs/ruleOverride" }
},
"additionalRules": {
"type": "array",
"items": { "$ref": "#/$defs/rule" }
}
},
"additionalProperties": true
}
},
"$defs": {
"rule": {
"type": "object",
"required": ["name", "action"],
"properties": {
"name": { "type": "string" },
"action": { "type": "string", "enum": ["allow", "warn", "block"] },
"priority": { "type": "integer" },
"description": { "type": "string" },
"match": { "type": "object", "additionalProperties": true },
"unless": { "type": "object", "additionalProperties": true },
"require": { "type": "object", "additionalProperties": true },
"message": { "type": "string" },
"log": { "type": "boolean" },
"enabled": { "type": "boolean" },
"type": { "type": "string" }
},
"additionalProperties": true
},
"ruleOverride": {
"type": "object",
"required": ["name"],
"properties": {
"name": { "type": "string" },
"action": { "type": "string", "enum": ["allow", "warn", "block"] },
"enabled": { "type": "boolean" }
},
"additionalProperties": true
}
},
"allOf": [
{
"if": { "properties": { "kind": { "const": "PolicyPack" } } },
"then": { "properties": { "spec": { "required": ["rules"] } } }
},
{
"if": { "properties": { "kind": { "const": "PolicyOverride" } } },
"then": { "properties": { "metadata": { "required": ["parent", "environment"] } } }
}
],
"additionalProperties": true
}
Reference in New Issue View Git Blame Copy Permalink