Skip to main content

Overview of Policies

Although the terms Policy and Rule are often used interchangeably, there is a subtle difference here.

A Rule is a specific individual constraint. It consists of specific instructions that you write in the form of a Rego statement for custom rules, or specific parameters that you configure for existing Rego statements used in built-in rules.

For example, you may define a rule that specifies only images from an explicitly authorized registry can be deployed.

A Policy is a collection of rules. Those rules codify a real-world policy describing procedures or behaviors for conducting business that are typically documented in written form in an employee handbook, wiki, or runbook. When a policy is applied to a system, it enforces or monitors the behavior of that system and its users.

Because you can distribute a complete collection of code-based policies to Styra OPA at the same time, the collection is called a Policy Bundle.

Policy Lifecycle

The policy lifecycle involves the following tasks:

  • Define Policy Rules: Define the policy using built-in or custom rules.

  • Validate and Analyze Policies: Validate the policy before distribution to analyze the impact the policy would have if you were to enforce it.

  • Publish Policies: Publish the policy to monitor and enforce compliance.

  • Replay Enforcement Decisions: Replay policy decisions in real-time or in the historical context.

For more information on

  1. How to organize policies, see the policy organization of DAS resources.

  2. Kubernetes Compliance policy packs, see the Overview of Compliance packs.