Policy Designer - Releases
Release Policy Store
This is the most useful feature of Agama Lab. It will generate a CJAR policy store zip file, containing all your policies, schemas, default entities, and trusted issuers files. You need to use CJAR to initialize Cedarling on your application.
There are 2 types:
1. Pre-release
Use this type when you want to test your policies. It will be pre-released to your GitHub repository, where you can get .cjar, .cjar.sha256sum, and .cjar.sigstore.json.
2. Stable release
When your policy store is ready for production, use a stable release. You need to merge all your agama-lab-policy-designer branch changes to the main branch to release a stable version. You can use the Agama Lab Pull Request feature or the GitHub Pull Request feature to merge changes.
After release, you will get the same files as in the pre-release.
Verify CJAR
It is always a good idea to verify your CJAR zip file. You can find the verification steps in the Release pop-up.
Steps to verify CJAR:
- Install Cosign
- Download your
.CJARand signature files from GitHub releases. - Run the following command to verify your CJAR file:
$ cosign verify-blob <your_cjar>.cjar \
--bundle <your_cjar>.cjar.sigstore.json \
--certificate-identity asset-signer@dev-gluu-cloud-platform.iam.gserviceaccount.com \
--certificate-oidc-issuer https://accounts.google.com
