From 51aee2c85b9c31fdab95574b365226eb203ec677 Mon Sep 17 00:00:00 2001
From: Wainer dos Santos Moschetta <wainersm@redhat.com>
Date: Mon, 12 Feb 2024 14:21:51 -0300
Subject: [PATCH] kbs: add sample policy

Created the sample_policies directory to hold exampe of policy files. An
allow_all.rego file is added.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
---
 kbs/quickstart.md                  | 2 +-
 kbs/sample_policies/README.md      | 6 ++++++
 kbs/sample_policies/allow_all.rego | 4 ++++
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 kbs/sample_policies/README.md
 create mode 100644 kbs/sample_policies/allow_all.rego

diff --git a/kbs/quickstart.md b/kbs/quickstart.md
index f9bd9f00c2..ba09264715 100644
--- a/kbs/quickstart.md
+++ b/kbs/quickstart.md
@@ -108,7 +108,7 @@ To test the KBS with sample evidence, you'll need to update the resource policy
 to something more permissive.
 This can be done with a command such as
 ```shell
-./kbs-client --url http://127.0.0.1:8080 config --auth-private-key config/private.key  set-resource-policy --policy-file allow_all.rego
+kbs-client --url http://127.0.0.1:8080 config --auth-private-key config/private.key  set-resource-policy --policy-file sample_policies/allow_all.rego
 ```
 
 ## Passport Mode
diff --git a/kbs/sample_policies/README.md b/kbs/sample_policies/README.md
new file mode 100644
index 0000000000..725b11d5cc
--- /dev/null
+++ b/kbs/sample_policies/README.md
@@ -0,0 +1,6 @@
+This directory contain sample policy files to configure the policy engine
+of the KBS. You can use those files to write your own policies.
+
+| File | Description |
+| ---  | ---         |
+|[allow_all.rego](./allow_all.rego)|Equivalent to turning off the policy engine. Release resources unconditionally|
\ No newline at end of file
diff --git a/kbs/sample_policies/allow_all.rego b/kbs/sample_policies/allow_all.rego
new file mode 100644
index 0000000000..0a9c01dee0
--- /dev/null
+++ b/kbs/sample_policies/allow_all.rego
@@ -0,0 +1,4 @@
+
+package policy
+
+default allow = true