Skip to content

Commit

Permalink
Merge pull request #6 from masterpointio/docs/readme-updates
Browse files Browse the repository at this point in the history 
docs: readme about autoattach
  • Loading branch information
@oycyc
oycyc authored Dec 8, 2024
2 parents 19416a8 + 293d726 commit 3a54401
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@ This Terraform module allows you to manage [Spacelift Policies]((https://docs.sp

A Spacelift Policy is a set of rules and conditions defined to manage and control the behavior of infrastructure as code (IaC) workflows within the Spacelift platform. Spacelift policies are written using the [Rego language](https://www.openpolicyagent.org/docs/latest/policy-language/), which is part of the Open Policy Agent (OPA) framework. These policies can enforce security, compliance, and operational best practices, ensuring that infrastructure changes adhere to organizational standards.

> [!TIP]
>
> ## Attaching Policies to Spacelift Stacks
>
> Spacelift Policies can be attached to Spacelift Stacks via labels! [See the official Spacelift documentation](https://docs.spacelift.io/concepts/policy#automatically) that shows how policies with the label `autoattach:*` attaches to all stacks and `autoattach:label_here` attaches to all stacks with the `label_here` label.
## Usage

Here’s an example of how to use this module in your Terraform configuration:
Expand Down Expand Up @@ -41,12 +47,20 @@ module "spacelift_policies" {
body_file = "policies/approval.role-based.rego"
type = "APPROVAL"
description = "Gives certain roles the power to approve prod workloads."
labels = ["env:prod"]
labels = ["env:prod", "autoattach:needs-approvers"] # This policy will be auto-attached to stacks with the 'needs-approvers' label.
}
}
}
```

> [!TIP]
>
> ### Testing your Spacelift OPA Rego Policies
>
> Spacelift Policies use the Open Policy Agent (OPA) Rego language. You can test your policies using the [Rego Playground](https://play.openpolicyagent.org/).
>
> Masterpoint has an [open-source GitHub Action to automate the testing of OPA Rego policies](https://github.com/masterpointio/github-action-opa-rego-test). It is also showcased on [OPA Ecosystem's Integrations page](https://www.openpolicyagent.org/integrations/github-action-opa-rego-test/).
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

## Requirements
Expand Down

0 comments on commit 3a54401

Please sign in to comment.