Centralized policy
"Centralized policy" is the concept of controlling distributed policy execution from a centralized location. This enables the policy owner to easily control the rules that are evaluated in each run of Datree without creating operation overhead. Logging into the dashboard allows you to manage the centralized policy.
tip
If you want to manage your policy via code - check out our policy-as-code feature
Enable and disable rules in a policy
Each of the 53 built-in rules can be toggled "ON" or "OFF" in the dashboard to suit your needs. Once a rule is disabled or enabled, it will automatically propagate to all policy checks executed against that policy (via account token). This way, the policy owner is not required to manually update all of the devices connected to this policy.
Edit rule fail suggestion text
The output text that is shown in the CLI when a rule fails is editable. The policy owner can use this to educate policy consumers (e.g. developers, teammates, etc.) and clarify how they should fix their misconfigurations.
| Dashboard view | CLI output | |
|---|---|---|
| Before edit |  |  |
| After edit |  |  |
Policy management
Add policies with different rules configured, giving each of your use cases its own custom policy.
Add a new policy
Create a new policy and give it a descriptive name.
By default, each new policy is created without any rules enabled, giving you the freedom to configure it according to your needs.
Running checks against the new policy
To run the Datree CLI against the new policy (instead of the default one), you will need to add the `-p [policy-name]` to your policy check execution (e.g. $ datree test ~/.datree/k8s-demo.yaml -p A_team)
$ datree test [K8s-manifest] -p [policy-name]
