Skip to content

Commit 3a54401

Browse files
oycycoycyc
authored
Merge pull request #6 from masterpointio/docs/readme-updates
docs: readme about autoattach
2 parents 19416a8 + 293d726 commit 3a54401

File tree

1 file changed

+15
-1
lines changed

1 file changed

+15
-1
lines changed

README.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,12 @@ This Terraform module allows you to manage [Spacelift Policies]((https://docs.sp
66

77
A Spacelift Policy is a set of rules and conditions defined to manage and control the behavior of infrastructure as code (IaC) workflows within the Spacelift platform. Spacelift policies are written using the [Rego language](https://www.openpolicyagent.org/docs/latest/policy-language/), which is part of the Open Policy Agent (OPA) framework. These policies can enforce security, compliance, and operational best practices, ensuring that infrastructure changes adhere to organizational standards.
88

9+
> [!TIP]
10+
>
11+
> ## Attaching Policies to Spacelift Stacks
12+
>
13+
> Spacelift Policies can be attached to Spacelift Stacks via labels! [See the official Spacelift documentation](https://docs.spacelift.io/concepts/policy#automatically) that shows how policies with the label `autoattach:*` attaches to all stacks and `autoattach:label_here` attaches to all stacks with the `label_here` label.
14+
915
## Usage
1016

1117
Here’s an example of how to use this module in your Terraform configuration:
@@ -41,12 +47,20 @@ module "spacelift_policies" {
4147
body_file = "policies/approval.role-based.rego"
4248
type = "APPROVAL"
4349
description = "Gives certain roles the power to approve prod workloads."
44-
labels = ["env:prod"]
50+
labels = ["env:prod", "autoattach:needs-approvers"] # This policy will be auto-attached to stacks with the 'needs-approvers' label.
4551
}
4652
}
4753
}
4854
```
4955

56+
> [!TIP]
57+
>
58+
> ### Testing your Spacelift OPA Rego Policies
59+
>
60+
> Spacelift Policies use the Open Policy Agent (OPA) Rego language. You can test your policies using the [Rego Playground](https://play.openpolicyagent.org/).
61+
>
62+
> Masterpoint has an [open-source GitHub Action to automate the testing of OPA Rego policies](https://github.com/masterpointio/github-action-opa-rego-test). It is also showcased on [OPA Ecosystem's Integrations page](https://www.openpolicyagent.org/integrations/github-action-opa-rego-test/).
63+
5064
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
5165

5266
## Requirements

0 commit comments

Comments
 (0)