Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a getting started guide in README.md #139

Merged
merged 2 commits into from
Aug 20, 2024
Merged

Add a getting started guide in README.md #139

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e5284cb
Add a getting started guide in README.md
samriddhi99 Jul 16, 2024
a3e16d8
Add description of getting started activity, and some minor fixes
samriddhi99 Jul 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
118 changes: 118 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ Tirith scans declarative Infrastructure as Code (IaC) configurations like Terraf
- [StackGuardian Workflow Policy](#stackguardian-workflow-policy-using-sg-workflow-provider)
- [JSON](#json)
- [Kubernetes](#kubernetes)
- [Getting Started](#getting-started)
- [Want to contribute?](#want-to-contribute)
- [Getting an issue assigned](#getting-an-issue-assigned)
- [A bug report](#a-bug-report)
Expand Down Expand Up @@ -1110,6 +1111,123 @@ JSON Output:
```
twine upload --repository-url https://test.pypi.org/legacy/ dist/*
``` -->
## Getting Started

This is a short getting started guide for Tirith. We will take a look on how we can use Tirith to guardrail a JSON input.

Create two files, one for input.json one for policy.json.

**input.json**

```json
{
"path": "/stackguardian/wfgrps/test",
"verb": "POST",
"meta": {
"epoch": 1718860398,
"User-Agent": {
"name": "User-Agent",
"value": "PostmanRuntime/7.26.8"
}
}
}
```

**policy.json**

```json
{
"meta": {
"version": "v1",
"required_provider": "stackguardian/json"
},
"evaluators": [
{
"id": "can_post",
"provider_args": {
"operation_type": "get_value",
"key_path": "verb"
},
"condition": {
"type": "Equals",
"value": "POST"
}
},
{
"id": "wfgrps_path",
"provider_args": {
"operation_type": "get_value",
"key_path": "path"
},
"condition": {
"type": "RegexMatch",
"value": "/stackguardian/wfgrps/test.*"
}
},
{
"id": "epoch_less_than_8th_july_2024",
"provider_args": {
"operation_type": "get_value",
"key_path": "meta.epoch"
},
"condition": {
"type": "LessThan",
"value": 1720415598
}
}
],
"eval_expression": "can_post && wfgrps_path && epoch_less_than_8th_july_2024"
}
```

samriddhi99 marked this conversation as resolved.
Show resolved Hide resolved
### Evaluating the policy against the input

To evaluate the policy against the input, run the following command:

```sh
tirith -input-path input.json -policy-path policy.json
```

Explanation:

- `tirith`:
- This is the command to run the Tirith program, which is part of
the StackGuardian Policy Framework.

- `-input-path input.json`:
- The `-input-path` option specifies the path to the input file.
- input.json is the file that contains the input data to be
scanned by Tirith.

- `-policy-path policy.json`:
- The `-policy-path option` specifies the path to the policy file.
- policy.json is the file that contains the policies (rules)
defined in Tirith\'s policy as code.

It should print:
```
Check: can_post
PASSED
Results:
1. PASSED: POST is equal to POST

Check: wfgrps_path
PASSED
Results:
1. PASSED: /stackguardian/wfgrps/test matches regex pattern /stackguardian/wfgrps/test.*

Check: epoch_less_than_8th_july_2024
PASSED
Results:
1. PASSED: 1718860398 is less than 1720415598

Passed: 3 Failed: 0 Skipped: 0

Final expression used:
-> can_post && wfgrps_path && epoch_less_than_8th_july_2024
✔ Passed final evaluator
```


## Want to contribute?

Expand Down
Loading