1+ # Development Flexible Policy Configuration
2+ # This policy provides flexible access for development environments
3+
4+ policies :
5+ version : " v2"
6+ name : " Development Flexible Policy"
7+ description : " Flexible policy for development environments with permissive access"
8+ deny_by_default : false # Allow by default for development
9+ enable_dry_run : false # Disable dry run for faster development workflow
10+ require_approval_for_admin : false
11+ audit_all_operations : true
12+
13+ # Global rules (apply to all targets)
14+ global_policies :
15+ - name : " development_observation"
16+ description : " Read operations allowed for all environments"
17+ enabled : true
18+ operations :
19+ - service_status
20+ - network_status
21+ - network_scan
22+ - file_read
23+ - container_inspect
24+ - backup_list
25+ - snapshot_list
26+ target_roles : [development, staging, production, gateway]
27+ allowed : true
28+ requires_approval : false
29+ parameter_constraints :
30+ file_path :
31+ type : " string"
32+ required : true
33+ max_length : 2048 # More permissive for development
34+ pattern : " ^[^<>:\" |?*]+$"
35+ host :
36+ type : " string"
37+ required : false
38+ max_length : 253
39+ port :
40+ type : " int"
41+ required : false
42+ min : 1
43+ max : 65535
44+
45+ - name : " development_package_management"
46+ description : " Package management for development"
47+ enabled : true
48+ operations :
49+ - package_update
50+ - package_install
51+ - package_remove
52+ - package_list
53+ target_roles : [development, staging]
54+ allowed : true
55+ requires_approval : false
56+ operation_timeout : 300 # 5 minutes
57+ parameter_constraints :
58+ package_name :
59+ type : " string"
60+ required : true
61+ max_length : 256 # More permissive for development packages
62+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9._+-]*$"
63+
64+ # Role-based policies
65+ role_policies :
66+ gateway :
67+ - name : " gateway_local_operations"
68+ description : " Full access for gateway local operations"
69+ enabled : true
70+ operations :
71+ - service_restart
72+ - service_start
73+ - service_stop
74+ - file_read
75+ - file_write
76+ - file_delete
77+ - file_copy
78+ - network_test
79+ - network_status
80+ target_roles : [gateway]
81+ allowed : true
82+ requires_approval : false
83+ operation_timeout : 120
84+ parameter_constraints :
85+ service_name :
86+ type : " string"
87+ required : true
88+ max_length : 128
89+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
90+ file_path :
91+ type : " string"
92+ required : true
93+ max_length : 2048
94+ pattern : " ^[^<>:\" |?*]+$"
95+
96+ development :
97+ - name : " development_full_container_access"
98+ description : " Full container access for development"
99+ enabled : true
100+ operations :
101+ - container_create
102+ - container_delete
103+ - container_start
104+ - container_stop
105+ - container_restart
106+ - container_inspect
107+ target_roles : [development]
108+ allowed : true
109+ requires_approval : false
110+ operation_timeout : 300
111+ parameter_constraints :
112+ container_name :
113+ type : " string"
114+ required : true
115+ max_length : 128 # More permissive names
116+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
117+ template :
118+ type : " string"
119+ required : true
120+ max_length : 256
121+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_./-]*$"
122+ config :
123+ type : " dict"
124+ required : false
125+ default : {}
126+
127+ - name : " development_stack_management"
128+ description : " Full stack management for development"
129+ enabled : true
130+ operations :
131+ - stack_deploy
132+ - stack_remove
133+ - stack_update
134+ target_roles : [development]
135+ allowed : true
136+ requires_approval : false
137+ operation_timeout : 600 # 10 minutes for complex deployments
138+ parameter_constraints :
139+ stack_name :
140+ type : " string"
141+ required : true
142+ max_length : 128
143+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
144+ config :
145+ type : " dict"
146+ required : true
147+ description : " Stack configuration (Docker Compose, etc.)"
148+
149+ - name : " development_backup_operations"
150+ description : " Full backup operations for development"
151+ enabled : true
152+ operations :
153+ - backup_create
154+ - backup_restore
155+ - backup_list
156+ - backup_delete
157+ target_roles : [development]
158+ allowed : true
159+ requires_approval : false
160+ operation_timeout : 900 # 15 minutes for development backups
161+ parameter_constraints :
162+ backup_id :
163+ type : " string"
164+ required : true
165+ max_length : 128
166+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
167+ target_path :
168+ type : " string"
169+ required : true
170+ max_length : 2048
171+ pattern : " ^[^<>:\" |?*]+$"
172+ backup_type :
173+ type : " string"
174+ required : false
175+ default : " full"
176+ allowed_values : ["full", "incremental", "differential"]
177+
178+ - name : " development_snapshot_operations"
179+ description : " Full snapshot operations for development"
180+ enabled : true
181+ operations :
182+ - snapshot_create
183+ - snapshot_delete
184+ - snapshot_restore
185+ - snapshot_list
186+ target_roles : [development]
187+ allowed : true
188+ requires_approval : false
189+ operation_timeout : 300
190+ parameter_constraints :
191+ container_id :
192+ type : " string"
193+ required : true
194+ max_length : 128
195+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
196+ snapshot_name :
197+ type : " string"
198+ required : true
199+ max_length : 128
200+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
201+ description :
202+ type : " string"
203+ required : false
204+ max_length : 512
205+
206+ - name : " development_service_management"
207+ description : " Full service management for development"
208+ enabled : true
209+ operations :
210+ - service_restart
211+ - service_start
212+ - service_stop
213+ target_roles : [development]
214+ allowed : true
215+ requires_approval : false
216+ operation_timeout : 120
217+ parameter_constraints :
218+ service_name :
219+ type : " string"
220+ required : true
221+ max_length : 128
222+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
223+ timeout :
224+ type : " int"
225+ required : false
226+ min : 10
227+ max : 600
228+ default : 60
229+
230+ staging :
231+ - name : " staging_balanced_access"
232+ description : " Balanced access for staging environment"
233+ enabled : true
234+ operations :
235+ - service_restart
236+ - service_start
237+ - service_stop
238+ - container_start
239+ - container_stop
240+ - container_restart
241+ - stack_deploy
242+ - stack_update
243+ - file_read
244+ - file_write
245+ - backup_create
246+ - backup_list
247+ target_roles : [staging]
248+ allowed : true
249+ requires_approval : false
250+ parameter_constraints :
251+ service_name :
252+ type : " string"
253+ required : true
254+ max_length : 96
255+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
256+ container_name :
257+ type : " string"
258+ required : true
259+ max_length : 96
260+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
261+ stack_name :
262+ type : " string"
263+ required : true
264+ max_length : 96
265+ pattern : " ^[a-zA-Z0-9][a-zA-Z0-9_.-]*$"
266+
267+ # Emergency policies (simplified for development)
268+ emergency_policies :
269+ - name : " development_emergency"
270+ description : " Emergency operations for development environments"
271+ enabled : true
272+ operations :
273+ - service_restart
274+ - container_start
275+ - container_stop
276+ - backup_create
277+ target_roles : [development, staging]
278+ allowed : true
279+ requires_approval : false
280+
281+ # No maintenance windows for development - 24/7 access
282+ maintenance_windows : []
283+
284+ # Policy lifecycle
285+ created_at : " 2024-01-01T00:00:00Z"
286+ created_by : " devops-team"
287+ effective_from : " 2024-01-01T00:00:00Z"
0 commit comments