add mixed example

testifysec · Mar 28, 2023 · 724d123 · 724d123
1 parent 5671ef0
commit 724d123
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -118,6 +118,27 @@ Each line in the command corresponds to a separate flag or parameter for the cre
 
 The final policy file generated by this command would contain two steps, with the specified intermediate certificate, attestations, and associated Rego policy files for each step.
 
+### Adding custom Rego modules and Cert Constraints
+
+```
+policy-tool create -x $SAST_ATTESTATION_ID \
+                   -a "https://witness.dev/attestations/material/v0.1" \
+                   -g test.rego \
+                   -y sticky.yaml \
+                   -r $CERT \
+                   --constraint-emails=cole@testifysec.com \
+                   -x $TEST_ATTESTATION_ID \
+                   -r $CERT \
+                   -y sticky.yaml \
+                   -x $BUILD_ATTESTATION_ID \
+                   -r $CERT \
+                   -y sticky.yaml \
+                   -t $TSA_CERT > policy.json
+```
+
+
+This example demonstrates how to create a policy using attestations, custom Rego modules, and certificate constraints. The Rego modules are defined in the `sticky.yaml` file and the `test.rego` file. Note that you must specify which attestation the Rego module belongs to by using the `-a` flag preceding the module. Certificate constraints should be placed after the root CA flag `-r`.
+
 ## Create Command
 
 `create` - Creates a policy file.