@@ -5,22 +5,31 @@ This standalone example implements the
55extend OpenShell to provide advanced governance over sandbox policies.
66
77- every new sandbox receives ` policy.yaml ` sourced from this examples folder
8- - every new sandbox is attached to exactly ` github ` and ` gitlab `
8+ - every new sandbox is attached to exactly ` github ` and ` slack `
9+ - ` github ` must use the ` github ` provider profile
10+ - ` slack ` must use the custom ` slack ` provider profile
11+ - governed provider network policy lives in ` profiles/*.yaml ` , not in the
12+ signed baseline sandbox policy
913- every new sandbox gets an ` openshell.nvidia.com/policy-signature ` metadata annotation
1014 that is used to verify the policy
1115- every sandbox creation evaluation adds a ` correlation_id ` log annotation so the
1216 gateway log can be correlated with interceptor-side decisions
1317- users cannot attach or detach other providers after sandbox creation
1418- users cannot replace or merge sandbox policy after sandbox creation
15- - users cannot create provider records other than ` github ` and ` gitlab `
16- - users cannot update or delete the governed ` github ` or ` gitlab ` provider records
19+ - users cannot create provider records other than ` github ` and ` slack `
20+ - users cannot update or delete the governed ` github ` or ` slack ` provider records
21+ - users cannot import or update provider profiles other than ` github ` and
22+ ` slack `
23+ - provider profile deletion is blocked by the interceptor
1724
1825Run the interceptor:
1926
2027``` shell
2128cargo run -- \
2229 --listen 127.0.0.1:18081 \
23- --policy policy.yaml
30+ --policy policy.yaml \
31+ --profiles profiles \
32+ --gateway-endpoint http://127.0.0.1:8080
2433```
2534
2635At startup the example parses ` policy.yaml ` , converts it to the protobuf JSON
@@ -30,6 +39,22 @@ sandbox under `metadata.annotations["openshell.nvidia.com/policy-signature"]` an
3039verifies the JWT against the sandbox policy during the ` CreateSandbox ` validate
3140phase.
3241
42+ Provider profile YAML files are loaded by the interceptor from ` --profiles `
43+ (default: this example's ` profiles/ ` directory). The interceptor names each
44+ profile from its filename without the extension: ` profiles/github.yaml ` becomes
45+ profile ID ` github ` , and ` profiles/slack.yaml ` becomes profile ID ` slack ` . The
46+ YAML files do not need an ` id ` field; if one is present, the filename still wins.
47+
48+ When ` --gateway-endpoint ` is set, the interceptor reconciles the loaded profiles
49+ through the gateway's normal provider profile APIs. GitHub is already a built-in
50+ read-only profile, so the interceptor accepts the exported built-in ` github `
51+ profile as present; the gateway still rejects importing or updating that
52+ built-in ID. Slack is a custom profile: the interceptor uses
53+ ` ImportProviderProfiles ` for first-time vending and ` UpdateProviderProfiles ` for
54+ ongoing changes. It exports the current profile to read ` resource_version ` ,
55+ injects that version into the loaded YAML payload, and submits
56+ ` UpdateProviderProfiles ` . It never deletes governed profiles.
57+
3358The signing key is generated in memory on each interceptor start. This keeps the
3459example self-contained. Production governance services should load managed
3560signing keys, publish verifier keys, and define a rotation process.
@@ -45,7 +70,7 @@ Gateway TOML snippet:
4570
4671``` toml
4772[[openshell .gateway .interceptors ]]
48- name = " source-control -governance"
73+ name = " provider -governance"
4974grpc_endpoint = " http://127.0.0.1:18081"
5075order = 10
5176failure_policy = " fail_closed"
0 commit comments