From fd0b7483da27c02271d870c556f67a91a570ce36 Mon Sep 17 00:00:00 2001
From: Dave Heward <74298782+davidh-unmind@users.noreply.github.com>
Date: Tue, 30 Nov 2021 15:39:14 +0000
Subject: [PATCH] Add clarity + further policy_check examples to docs

---
 runatlantis.io/docs/policy-checking.md | 37 +++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/runatlantis.io/docs/policy-checking.md b/runatlantis.io/docs/policy-checking.md
index 5c22328216..ec828bfb94 100644
--- a/runatlantis.io/docs/policy-checking.md
+++ b/runatlantis.io/docs/policy-checking.md
@@ -49,9 +49,36 @@ policies:
       source: local
 ```
 
-`name` - A name of your policy set.
-`path` - Path to a policies directory.
-`source` - Tells atlantis where to fetch the policies from. Currently you can only host policies locally by using `local`.
+- `name` - A name of your policy set.
+- `path` - Path to a policies directory. *Note: replace `<CODE_DIRECTORY>` with absolute dir path to conftest policy/policies.*
+- `source` - Tells atlantis where to fetch the policies from. Currently you can only host policies locally by using `local`.
+
+By default conftest is configured to only run the `main` package. If you wish to run specific/multiple policies consider passing `--namespace` or `--all-namespaces` to conftest [`extra_args`](https://www.runatlantis.io/docs/custom-workflows.html#adding-extra-arguments-to-terraform-commands).
+
+Example Server Side Repo configuration using `--all-namespaces` and a local src dir.
+
+```
+repos:
+  - id: github.com/myorg/example-repo
+policies
+  owners:
+    users:
+      - example-dev
+    policy_sets:
+      - name: example-conf-tests
+        path: /home/atlantis/conftest_policies  # Consider seperate vcs & mount into container
+        source: local
+workflows:
+  custom:
+    plan:
+      steps:
+        - init
+        - plan
+    policy_check
+     steps:
+       - policy_check
+           extra_args: ["-p /home/atlantis/conftest_policies/", "--all-namespaces"]
+```
 
 ### Step 3: Write the policy
 
@@ -91,8 +118,4 @@ deny[msg] {
 
 ```
 
-::: tip Notes
-By default conftest is configured to only run the `main` package. If you want to change this behavior [`extra_args`](https://www.runatlantis.io/docs/custom-workflows.html#adding-extra-arguments-to-terraform-commands) can be used to pass in flags to conftest such as `--namespace` or `--all-namespaces`
-:::
-
 That's it! Now your Atlantis instance is configured to run policies on your Terraform plans 🎉