Method func ( c * Client ) CreateNetworkPolicy ( ctx context . Context , policy types . CreateNetworkPolicy ) ( types . NetworkPolicyCreated , error )
Creates a new network policy that controls network access for agents. Network policies can be scoped at different levels (system global, global, repo, workflow, cluster, or node) and define rules for CIDR ranges and domain names.
Parameters Context for the API request
policy
types.CreateNetworkPolicy
required
The network policy configuration to create Show CreateNetworkPolicy fields
scope
NetworkPolicyScope
required
The scope of the policy. Valid values:
system_global - System-wide policy (admin only)global - Project-wide policyrepo - Repository-specific policyworkflow - Workflow-specific policycluster - Kubernetes cluster policynode - Kubernetes node policy config
NetworkPolicyConfig
required
Policy enforcement configuration Show NetworkPolicyConfig fields
CIDR enforcement mode: alert, enforce, or both. Defaults to enforce.
Default CIDR policy: allow or deny. Defaults to allow.
DNS resolution mode: bypass, strict, or permissive. Defaults to bypass.
Default resolve policy: allow or deny. Defaults to allow.
rules
[]CreateNetworkPolicyRule
Optional initial rules to create with the policy
Required for repo and workflow scopes. GitHub repository ID.
Required for workflow scope. GitHub Actions workflow name.
Required for cluster and node scopes. Kubernetes cluster name.
Required for node scope. Kubernetes node name.
Response The unique identifier of the created network policy
Timestamp when the policy was created
Timestamp when the policy was last updated
Example Create a global network policy import ( " context " " github.com/garnet-org/api/client " " github.com/garnet-org/api/types " ) func main () { c := client . New ( "https://api.garnet.ai" , "your-token" ) ctx := context . Background () policy := types . CreateNetworkPolicy { Scope : types . NetworkPolicyScopeGlobal , Config : types . NetworkPolicyConfig { CIDRMode : types . NetworkPolicyCIDRModeEnforce , CIDRPolicy : types . NetworkPolicyTypeAllow , ResolveMode : types . NetworkPolicyResolveModeStrict , ResolvePolicy : types . NetworkPolicyTypeAllow , }, Rules : [] types . CreateNetworkPolicyRule { { Type : types . NetworkPolicyRuleTypeCIDR , Value : "10.0.0.0/8" , Action : types . NetworkPolicyTypeAllow , }, }, } created , err := c . CreateNetworkPolicy ( ctx , policy ) if err != nil { panic ( err ) } fmt . Printf ( "Created policy: %s \n " , created . ID ) }
Create a workflow-specific policy policy := types . CreateNetworkPolicy { Scope : types . NetworkPolicyScopeWorkflow , RepositoryID : "repo-123" , WorkflowName : "ci.yml" , Config : types . NetworkPolicyConfig { CIDRMode : types . NetworkPolicyCIDRModeEnforce , CIDRPolicy : types . NetworkPolicyTypeDeny , ResolveMode : types . NetworkPolicyResolveModePermissive , ResolvePolicy : types . NetworkPolicyTypeAllow , }, Rules : [] types . CreateNetworkPolicyRule { { Type : types . NetworkPolicyRuleTypeDomain , Value : "api.github.com" , Action : types . NetworkPolicyTypeAllow , }, { Type : types . NetworkPolicyRuleTypeDomain , Value : "*.npmjs.org" , Action : types . NetworkPolicyTypeAllow , }, }, } created , err := c . CreateNetworkPolicy ( ctx , policy )
Create a Kubernetes cluster policy policy := types . CreateNetworkPolicy { Scope : types . NetworkPolicyScopeCluster , ClusterName : "prod-cluster" , Config : types . NetworkPolicyConfig { CIDRMode : types . NetworkPolicyCIDRModeEnforce , CIDRPolicy : types . NetworkPolicyTypeAllow , ResolveMode : types . NetworkPolicyResolveModeStrict , ResolvePolicy : types . NetworkPolicyTypeAllow , }, } created , err := c . CreateNetworkPolicy ( ctx , policy )
NetworkPolicyScope Values The scope determines where and how the policy applies:
system_globalglobalrepoworkflowclusternode
Policies are merged hierarchically with more specific scopes overriding broader scopes.
Errors
ErrInvalidNetworkPolicyScopeErrInvalidNetworkPolicyRepositoryIDErrInvalidNetworkPolicyWorkflowNameErrInvalidNetworkPolicyClusterNameErrInvalidNetworkPolicyNodeNameErrInvalidNetworkPolicyCIDRModeErrInvalidNetworkPolicyCIDRPolicyErrNetworkPolicyAlreadyExistsErrUnauthorizedNetworkPolicy
