Default policy automation
This MR implements a script with a configfile which helps to update policies especially if they are based on upstream policies. Also the Idea is to use a single file to generate (or check) policies of different tools to make sure they are the same. This is useful if you have to implement multiple tools. The config file could in this way also give a later indication on which policy is implemented with which tool
the script:
- loops over the policies specified in the config file
- depending on the implementation (none, manual, upstream) different actions are done
- none, no action is done, this is mostly for logging to see which policies are not implemented to check against this as features evolve
- manual, its only checked if the file exists, this can be expanded to check some fields (like name, id, category...)
- upstream. this is the main focus atm. it downloads the upstream policy and overwrites fields to unify the experience
- finally the policy is written as file to /policies
the scripts should be used as a developer and in git diff the changes to the files are seen. the script already shows some drifts from upstream and also some errors in filenames etc.
i recommend to first integrate !5 (merged), since i used the values in the config.
Edited by Steffen Lützenkirchen