We frequently see people asking how they can use OPA to implement authorization and IAM within their apps. There are several examples online like the chef/automate guide but it would be nice to have a first-class guide in the OPA docs for new users to easily discover.

A few things to consider:

• IAM affects more than just backend APIs. The docs should (eventually) cover how to handle other a

Issue type

• Defect - Unexpected behaviour (obvious or verified by project member).

Defect

How to reproduce the issue

When querying a non-cached group membership by name, debug output states that the object the user is a member of was the parent of the group object.

if (&LDAP-Group == 'my-group') {
   # success
}

Will emit a debug message similar to `ou=groups,dc=e

1. What's the name of the policy?

https://github.com/github/site-policy/blob/master/Policies/github-terms-of-service.md

2. Is this issue related to a specific section within one of our policies (e.g. the Terms of Service)? If so, please include a link to the section or subsection.

https://github.com/github/site-policy/blob/master/Policies/github-terms-of-service.md#3-github-may-

After #829, it is all squashed on a single line. One option is to pass it through rustfmt, but we should make sure that's not adding too much compilation time. Also that would only work on nightly (I think) so if we ever want to switch to stable it may be a problem.

Feature

Apologies if this is the wrong place; I couldn't find an auth_pam repo.

I went looking at the docs for PAM auth to see what options were available, but it only mentions;

• pam_password_length
• pam_no_extend
• pam_password_min_time
• pam_password_max_time

Its not clear ho

Organisations usually come up with some best practices for monitoring and managing pods. A new policy could enforce a configurable list of labels to be mandatory to run a pod in the environment.
For example all pods should have an app label.

The policies.Config would need to be extended with a new field.

type Config struct {
...
PolicyMandatoryPodLabels  []string
}

🤔 Exte

What happened

A common workflow:

1. I make a PR, all the CI goes green, but the overall light is still stuck at yellow
2. I click through to the policy bot UI to see what I need to do to get my thing merged
   
   Unfortun

TL;DR

Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).

Why Topic

In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub

The implementation is generic so any set should work, however, the format is somewhat finicky (e.g., v1/services, NOT v1/Service or v1/service, etc.)

What seems to be the problem (1 sentence)

Folks should be entering their Linkedin username only on author pages. Not the whole URL. Need to scan the site and check for author pages that include "http" in the Linkedin value.

example: https://digital.gov/authors/bridget-fields/

Suggestion : dans https://github.com/DISIC/politique-de-contribution-open-source/blob/master/pratique.md mettre d’abord les éléments obligatoires, puis les éléments recommandés, puis les suggestions, et possiblement le mettre en avant dans les titres des chapitres