# Policies Configuration With the CLI
You can use the Insights CLI to manage the configuration of Policies. Be sure to first read the Insights CLI documentation which covers installation and preparation.
Check out the Policy Configurator documentation on use cases for configuring Policies.
# Pushing Policies Configuration to Insights
When pushing configuration of Policies to Insights, the CLI expects a settings.yaml
file in the current directory.
The file should follow the following format:
checks:
$reportType: # You can find this in the Action Items or Policy UI (e.g. `polaris`)
$eventType: # You can find this in the Action Items or Policy UI (e.g. `runAsRootAllowed`)
severity: <critical/high/medium/low/none>
ci:
block: <true/false>
admission:
block: <true/false>
For OPA policies, the $reportType
is opa
and the $eventType
is the Policy name.
Once the file has been created, use the following command to push the Policies Configuration:
insights-cli push settings
# Pushing Policies Configuration Example
Create the settings.yaml
file:
checks:
polaris:
runAsRootAllowed:
severity: medium
livenessProbeMissing:
severity: high
ci:
block: true
admission:
block: false
Next use the Insights CLI to push these configurations to Insights:
insights-cli push settings
The customizations in
settings.yaml
will override any previous customizations made in Insights. For example, if the above yaml was later pushed withoutlivenessProbeMissing
, that Policy would revert to the default values.
# Verifying the Configuration of Policies
- In Insights, go to the
Policy
page - In the Policies table, for the
Configuration
column select theCustomized
filter
This should show you the Policies that have been modified using the settings.yaml
file.
# Pushing Policies Configuration Along With Other Configurations
Configuration of Policies can be pushed to Insights along with other Insights configurations using the single command insights-cli push all
. For additional information see