Add installation instruction to README.md

Fix: corrected the file name __init__.py

Signed-off-by: pravo23 <[email protected]>

Enhance GitHub Actions Workflow with PR Triggers (StackGuardian#148)

* Add PR triggers to github actions workflow

* Update lint.yml
Centralized version definition to simplify version management (StackGuardian#142)

Co-authored-by: Rafid Aslam <[email protected]>
Update build_test.yml (StackGuardian#149)

* Update build_test.yml

* Update lint.yml
Update logger initialization to use module-specific loggers StackGuardian#140

Changed "logger = logging.getLogger()" line of code to "logger = logging.getLogger(__name__)" in all files

Removed the TODO Comments - "# TODO: At least add __name__ as the name for the logger" in all files
StackGuardian#140

Removed RESULTS text from error

Resolved - Generalize the function get_path_value_from_dict

Refactor get_path_value_from_dict

Moved get_path_value_from_dict to common.py.
Refactored Kubernetes and JSON handler files to import from common.py.

Updated Common.py

Fix linting (StackGuardian#167)

Add a getting started guide in README.md (StackGuardian#139)

* Add a getting started guide in README.md

* Add description of getting started activity, and some minor fixes
Add maintainers in README and CODEOWNERS file

Add additional rules and guidelines to contributing.md

Add examples for commit messages and guidelines for solving issues

Update CONTRIBUTING.md with guidelines about solving issues

Add separate heading about solving issues, and add examples for writing descriptions in commit changes
setup the docs base (StackGuardian#177)

* created the template for the official documentation

* setting up the environment

* cleaned up the documentation setup

* adjusted the color scheme

* setup the basic pages for the tirith documentation

* updated the intro page
Add dev container

Add dev container

Closes StackGuardian#175

Update Readme.MD

Simplify type checking in sort_collections()

Closes StackGuardian#185

Add Variable Replacement Support in Tirith Policies (StackGuardian#171)

* Add support for parameterizing Tirith policies

* Use pydash.get() and check for match only if the value is of type str

* Add variable replacement for meta and eval_expression in a policy

* Add unit tests for policy parameterization, change return type for cases where the path was not found, and change syntax of entering the variable names

* Fix linting

* tirith parametrization

---------

Co-authored-by: Rafid Aslam <[email protected]>
Removed RESULTS text from error

Resolved - Generalize the function get_path_value_from_dict

Refactor get_path_value_from_dict

Moved get_path_value_from_dict to common.py.
Refactored Kubernetes and JSON handler files to import from common.py.

Updated Common.py

Fix linting (StackGuardian#167)

Add a getting started guide in README.md (StackGuardian#139)

* Add a getting started guide in README.md

* Add description of getting started activity, and some minor fixes
Add maintainers in README and CODEOWNERS file

Add additional rules and guidelines to contributing.md

Add examples for commit messages and guidelines for solving issues

Update CONTRIBUTING.md with guidelines about solving issues

Add separate heading about solving issues, and add examples for writing descriptions in commit changes

Merge branch 'main' of https://github.com/StackGuardian/tirith

.devcontainer/devcontainer.json

@@ -0,0 +1,6 @@
+{
+  "name": "Tirith Dev Container",
+  "image": "mcr.microsoft.com/devcontainers/python:3.11",
+  "postCreateCommand": "pip install -e ."
+}
+

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @Akshat0694 @arunim2405 @refeed

.github/workflows/build_test.yml

@@ -1,6 +1,8 @@
 name: Build & test
 
-on: [push]
+on:
+  push:
+  pull_request:
 
 jobs:
   run_test:

.github/workflows/lint.yml

@@ -1,7 +1,8 @@
 name: Linting
-
-on: [push]
-
+on:
+  push:
+  pull_request:
+
 jobs:
   black:
     runs-on: ubuntu-latest

CONTRIBUTING.md

@@ -31,6 +31,35 @@ Please use GitHub Discussions to submit feedback and engage with community [http
 
 ## Basic guidelines
 
+### Commits
+
+-  Use the imperative, present tense («change», not «changed» or «changes») to be consistent with generated messages from commands like git merge.
+- Describe the changes you have made
+
+#### Examples
+**Good example**: 
+ - Commit Message:\
+  `Add feature to calculate total monthly cost for AWS resources`
+
+- Description:\
+`Implement a function that calculates the total monthly cost for AWS resources. Update the documentation to reflect this new feature.`
+
+  Why it’s Good:
+    > **Clarity**: Clearly states the action and the feature.\
+    >**Specificity**: Specifies what the feature is and what it affects (AWS resources).\
+    >**Consistency**: Uses imperative, present tense, aligning with best practices.
+
+
+**Bad Example**:  
+- Commit Message:\
+  `Fixed some stuff`
+- Description:\
+`Made changes to the code to fix issues. Updated a few things here and there.`
+  Why it’s Bad:
+    > **Vague**: Does not explain what was fixed.\
+    > **Lacks Detail**: Provides no insight into what "stuff" refers to or how it was changed.\
+    > Does not use imperitve present tense.
+
 ### Pull Requests
 
 - **Stay Updated**: Make sure your PR is based on the latest code from the `main` branch.
@@ -39,12 +68,18 @@ Please use GitHub Discussions to submit feedback and engage with community [http
 - **Pass Tests**: Ensure all tests pass before submitting your PR.
 - **Be Open to Feedback**: We're all here to help each other improve, so please be open to feedback and ready to make adjustments.
 
-### Issues
+### Creating Issues
 
 - **Search First**: It helps to check if your problem or feature request has already been discussed before opening a new issue.
 - **Be Detailed**: When you open a new issue, providing as much detail as possible really helps. Feel free to use our templates for bugs and feature requests.
 - **Be Respectful**: Let's all be kind and considerate in our communication.
 
+### Solving Issues
+
+- Limit yourself to solving a maximum of four `good first issues`. Once you've reached this limit, consider tackling other types of issues.
+- Please work on only one issue at a time.
+- Please ask for assignee before working, and if there's no update for about a week on a particular issue, we'll remove the assignee.
+
 Thank you for taking the time to help improve our project!
 
 

README.md

@@ -6,6 +6,11 @@
 
 # Tirith (StackGuardian Policy Framework)
 
+## Maintainers
+
+This project is maintained by [StackGuardian](https://www.linkedin.com/company/stackguardian/).
+
+
 ## A call for contributors
 
 We are calling for contributors to help build out new features, review pull requests, fix bugs, and maintain overall code quality. If you're interested, please email us at team[at]stackguardian.io or get started by reading the [contributing.md](./CONTRIBUTING.md).
@@ -26,6 +31,7 @@ Tirith scans declarative Infrastructure as Code (IaC) configurations like Terraf
     - [StackGuardian Workflow Policy](#stackguardian-workflow-policy-using-sg-workflow-provider)
     - [JSON](#json)
     - [Kubernetes](#kubernetes)
+- [Getting Started](#getting-started)
 - [Want to contribute?](#want-to-contribute)
   - [Getting an issue assigned](#getting-an-issue-assigned)
   - [A bug report](#a-bug-report)
@@ -69,7 +75,41 @@ This is only a list of approved features that will be included in Tirith over th
 
 ## Installation
 
-### Setup Tirith on your system (developer install)
+### For users
+
+```
+pip install git+https://github.com/StackGuardian/tirith.git
+```
+
+### For developers
+
+#### Running the Dev Container
+
+- Clone the repository to your local machine:
+
+```bash
+   git clone <repository-url>
+   cd <repository-folder>
+```
+
+- Start the Docker Engine using docker desktop or CLI.
+
+- Open the project folder in Visual Studio Code
+
+- Once inside VS Code, open the Command Palette `(Ctrl+Shift+P or Cmd+Shift+P on macOS)` and search for **Dev Containers: Rebuild and Reopen in Container**. Select this option.
+
+- VS Code will build the dev container based on the devcontainer.json file or Docker configuration provided in the project. This may take a few minutes.
+
+- Once the container is up, you will have a fully configured development environment running inside Docker.
+
+Reference Links: 
+
+https://code.visualstudio.com/docs/devcontainers/create-dev-container#_create-a-devcontainerjson-file
+
+https://code.visualstudio.com/docs/devcontainers/containers#_managing-containers
+
+
+#### Manual Installation
 Here we are going to install Tirith in a Python virtual environment.
 
 1. Clone the Tirith repository to your system
@@ -1104,6 +1144,123 @@ JSON Output:
   ```
     twine upload --repository-url https://test.pypi.org/legacy/ dist/*
   ``` -->
+## Getting Started
+
+This is a short getting started guide for Tirith. We will take a look on how we can use Tirith to guardrail a JSON input.
+
+Create two files, one for input.json one for policy.json.
+
+**input.json**
+
+```json
+{
+  "path": "/stackguardian/wfgrps/test",
+  "verb": "POST",
+  "meta": {
+    "epoch": 1718860398,
+    "User-Agent": {
+        "name": "User-Agent",
+        "value": "PostmanRuntime/7.26.8"
+    }
+  }
+}
+```
+
+**policy.json**
+
+```json
+{
+    "meta": {
+        "version": "v1",
+        "required_provider": "stackguardian/json"
+    },
+    "evaluators": [
+        {
+            "id": "can_post",
+            "provider_args": {
+                "operation_type": "get_value",
+                "key_path": "verb"
+            },
+            "condition": {
+                "type": "Equals",
+                "value": "POST"
+            }
+        },
+        {
+            "id": "wfgrps_path",
+            "provider_args": {
+                "operation_type": "get_value",
+                "key_path": "path"
+            },
+            "condition": {
+                "type": "RegexMatch",
+                "value": "/stackguardian/wfgrps/test.*"
+            }
+        },
+        {
+            "id": "epoch_less_than_8th_july_2024",
+            "provider_args": {
+                "operation_type": "get_value",
+                "key_path": "meta.epoch"
+            },
+            "condition": {
+                "type": "LessThan",
+                "value": 1720415598
+            }
+        }
+    ],
+    "eval_expression": "can_post && wfgrps_path && epoch_less_than_8th_july_2024"
+}
+```
+
+### Evaluating the policy against the input
+
+To evaluate the policy against the input, run the following command:
+
+```sh
+tirith -input-path input.json -policy-path policy.json
+```
+
+Explanation:
+
+-   `tirith`:
+    -   This is the command to run the Tirith program, which is part of
+         the StackGuardian Policy Framework.
+
+-   `-input-path input.json`:
+    -   The `-input-path` option specifies the path to the input file.
+    -   input.json is the file that contains the input data to be
+         scanned by Tirith.
+
+-   `-policy-path policy.json`:
+    -   The `-policy-path option` specifies the path to the policy file.
+    -   policy.json is the file that contains the policies (rules)
+         defined in Tirith\'s policy as code.
+
+It should print:
+```
+Check: can_post
+  PASSED
+  Results:
+	1. PASSED: POST is equal to POST
+
+Check: wfgrps_path
+  PASSED
+  Results:
+	1. PASSED: /stackguardian/wfgrps/test matches regex pattern /stackguardian/wfgrps/test.*
+
+Check: epoch_less_than_8th_july_2024
+  PASSED
+  Results:
+	1. PASSED: 1718860398 is less than 1720415598
+
+Passed: 3 Failed: 0 Skipped: 0
+
+Final expression used:
+-> can_post && wfgrps_path && epoch_less_than_8th_july_2024
+✔ Passed final evaluator
+```
+
 
 ## Want to contribute?
 

documentation/.gitignore

@@ -0,0 +1,20 @@
+# Dependencies
+/node_modules
+
+# Production
+/build
+
+# Generated files
+.docusaurus
+.cache-loader
+
+# Misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*

documentation/README.md

@@ -0,0 +1,41 @@
+# Website
+
+This website is built using [Docusaurus](https://docusaurus.io/), a modern static website generator.
+
+### Installation
+
+```
+$ yarn
+```
+
+### Local Development
+
+```
+$ yarn start
+```
+
+This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
+
+### Build
+
+```
+$ yarn build
+```
+
+This command generates static content into the `build` directory and can be served using any static contents hosting service.
+
+### Deployment
+
+Using SSH:
+
+```
+$ USE_SSH=true yarn deploy
+```
+
+Not using SSH:
+
+```
+$ GIT_USER=<Your GitHub username> yarn deploy
+```
+
+If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch.

documentation/babel.config.js

@@ -0,0 +1,3 @@
+module.exports = {
+  presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
+};

documentation/docs/getting-started-with-tirith.md

@@ -0,0 +1,51 @@
+---
+id: getting-started-with-tirith
+title: Getting started with Tirith
+sidebar_label: Getting Started 
+description: This documentation overviews you about the introduction of the tirith software.
+keywords:
+  - tirith
+  - stack-guardian
+# url: https://www.lambdatest.com/support/docs/getting-started-with-tirith
+site_name: Tirith
+slug: getting-started-with-tirith/
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<script type="application/ld+json"
+  dangerouslySetInnerHTML={{ __html: JSON.stringify({
+   "@context": "https://schema.org",
+    "@type": "BreadcrumbList",
+    "itemListElement": [{
+      "@type": "ListItem",
+      "position": 1,
+      "name": "Home",
+      "item": "https://www.lambdatest.com"
+    },{
+      "@type": "ListItem",
+      "position": 2,
+      "name": "Support",
+      "item": "https://www.lambdatest.com/support/docs/"
+    },{
+      "@type": "ListItem",
+      "position": 3,
+      "name": "Getting Started With Tirith",
+      "item": "https://www.lambdatest.com/support/docs/getting-started-with-tirith/"
+    }]
+  })
+}}></script>
+Tirith is a robust policy framework designed to automate and enforce security, governance, and compliance across infrastructure-as-code (IaC) platforms like Terraform, CloudFormation, and Kubernetes. It simplifies policy creation and management, ensuring infrastructure adheres to industry regulations and best practices.
+
+## Key Benefits of Tirith
+
+- **Centralized Policy Management :** Tirith offers a unified platform for centralized policy management, reducing duplication and streamlining governance across multiple infrastructures and environments. This ensures consistent application of policies, regardless of the platform being used.
+
+- **Simplified Policy Creation :** Tirith’s [intuitive, no-code interface](https://tirith-policy-builder.vercel.app/) and declarative language simplify policy authoring, enabling users to define and manage policies effortlessly. This removes the need for deep technical expertise, allowing teams to quickly align with evolving regulatory requirements.
+
+- **Proactive Compliance Enforcement :** With seamless CI/CD pipeline integration, Tirith proactively enforces compliance by running pre-deployment checks. This ensures non-compliant infrastructure configurations are detected and resolved before deployment, enhancing operational efficiency.
+
+- **Integration with Popular Tools :** Tirith integrates with popular infrastructure-as-code (IaC) tools like Terraform, CloudFormation, and Kubernetes, making it easy to incorporate into your existing workflows.
+
+- **Enhanced Security :** By enforcing consistent policies across your infrastructure, Tirith helps to reduce the risk of security vulnerabilities and compliance violations.