Policy Pack Management
note
DEPRECATED: As of v2024.11.1, governance assets are now shipped with the installer. In addition to that, the configuration that loads the assets appropriate to your tenant is embedded in a license field.
Download the Policy Pack Artifact
Download the policy pack to your workstation. The artifact is a zip file.
Construct the Manifest
The manifest is a json file with references to the artifact’s content and location in the s3 object storage. Construct the manifest using your s3 bucket configuration.
# use s3 bucket settings from your self-hosted instance config
S3_BUCKET_POLICY=<bucket-name-set-in-kots-config>
S3_BUCKET_PREFIX_POLICY=<bucket-prefix-set-in-kots-config>/policy
# copy existing manifest to workstation
aws s3 cp \
s3://$S3_BUCKET_POLICY/$S3_BUCKET_PATH_POLICY/metadata.json \
metadata_old.json
# inspect existing manifest for version number
# make sure to set a version larger than the existing version
jq '.version' metadata_old.json
POLICY_PACK_VERSION=<increase-version-from-current>
# apply pack Id to local pack artifact
mv artifact.zip bundle.zip
# set the checksum
# make sure no filename is included
ID=$(md5sum bundle.zip)
# construct the json manfest
cat>metadata.json<<EOF
{
"version": $POLICY_PACK_VERSION,
"bucket": "$S3_BUCKET_POLICY",
"path": "$S3_BUCKET_PATH_POLICY/bundle.zip",
"checksum": "$ID"
}
EOF
Upload the Policy Pack Artifact
Upload the policy pack artifact first.
aws s3 cp \
s3://$S3_BUCKET_POLICY/$S3_BUCKET_PATH_POLICY/bundle.zip \
bundle.zip
Upload the Manifest
Then upload the manifest
aws s3 cp \
s3://$S3_BUCKET_POLICY/$S3_BUCKET_PATH_POLICY/metadata.json \
metadata.json
Confirm
After the manifests has been uploaded, look at the server logs for messages similar to these:
...
[PolicyCenter] Adding EUAI-IV latest version 2 to ETS Bag
[PolicyCenter] Adding FACE latest version 8 to ETS Bag
[PolicyCenter] Adding HEAD-DET latest version 3 to ETS Bag
[PolicyCenter] Adding NIST-GOV latest version 2 to ETS Bag
[PolicyCenter] Adding NIST-MANAGE latest version 2 to ETS Bag
[PolicyCenter] Adding NIST-MAP latest version 2 to ETS Bag}
...