FLEX-WP-0006: implement ops-warden signing gate policy

2026-06-23 21:17:42 +02:00
parent 53e0d055c9
commit 0fde95a87c
25 changed files with 1796 additions and 10 deletions
--- a/examples/ops-warden/check_request_allow_agt.json
+++ b/examples/ops-warden/check_request_allow_agt.json
@@ -0,0 +1,22 @@
+{
+  "id": "check:ops-warden-ci-deploy-agent-agt",
+  "tenant": "tenant:platform",
+  "subject": {
+    "id": "ci-deploy-agent",
+    "type": "agt"
+  },
+  "action": "sign",
+  "resource": {
+    "id": "ssh-cert:actor/ci-deploy-agent",
+    "type": "ssh-certificate",
+    "system": "ops-warden"
+  },
+  "context": {
+    "principals": [
+      "deploy"
+    ],
+    "actor_type": "agt",
+    "ttl_hours": 1,
+    "pubkey_fingerprint": "SHA256:example-agt-fingerprint"
+  }
+}