From 89b2d843baef303a8015c7bc2bc7ab19f8e3bfa5 Mon Sep 17 00:00:00 2001 From: Dave Heward <74298782+davidh-unmind@users.noreply.github.com> Date: Tue, 30 Nov 2021 15:39:14 +0000 Subject: [PATCH 1/2] Add clarity + further policy_check examples to docs --- runatlantis.io/docs/policy-checking.md | 37 +++++++++++++++++++++----- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/runatlantis.io/docs/policy-checking.md b/runatlantis.io/docs/policy-checking.md index 5c22328216..6c2388f13e 100644 --- a/runatlantis.io/docs/policy-checking.md +++ b/runatlantis.io/docs/policy-checking.md @@ -49,9 +49,36 @@ policies: source: local ``` -`name` - A name of your policy set. -`path` - Path to a policies directory. -`source` - Tells atlantis where to fetch the policies from. Currently you can only host policies locally by using `local`. +- `name` - A name of your policy set. +- `path` - Path to a policies directory. *Note: replace `` with absolute dir path to conftest policy/policies.* +- `source` - Tells atlantis where to fetch the policies from. Currently you can only host policies locally by using `local`. + +By default conftest is configured to only run the `main` package. If you wish to run specific/multiple policies consider passing `--namespace` or `--all-namespaces` to conftest with [`extra_args`](https://www.runatlantis.io/docs/custom-workflows.html#adding-extra-arguments-to-terraform-commands) via a custom workflow as shown in the below example. + +Example Server Side Repo configuration using `--all-namespaces` and a local src dir. + +``` +repos: + - id: github.com/myorg/example-repo +policies + owners: + users: + - example-dev + policy_sets: + - name: example-conf-tests + path: /home/atlantis/conftest_policies # Consider seperate vcs & mount into container + source: local +workflows: + custom: + plan: + steps: + - init + - plan + policy_check + steps: + - policy_check + extra_args: ["-p /home/atlantis/conftest_policies/", "--all-namespaces"] +``` ### Step 3: Write the policy @@ -91,8 +118,4 @@ deny[msg] { ``` -::: tip Notes -By default conftest is configured to only run the `main` package. If you want to change this behavior [`extra_args`](https://www.runatlantis.io/docs/custom-workflows.html#adding-extra-arguments-to-terraform-commands) can be used to pass in flags to conftest such as `--namespace` or `--all-namespaces` -::: - That's it! Now your Atlantis instance is configured to run policies on your Terraform plans 🎉 From 2abbd9d3d48e564b1502d5de2ab379ce43f7fbd9 Mon Sep 17 00:00:00 2001 From: Dave Heward <74298782+davidh-unmind@users.noreply.github.com> Date: Tue, 30 Nov 2021 16:51:19 +0000 Subject: [PATCH 2/2] Fix broken link to Atlantis on AWS Fargate Terraform module --- runatlantis.io/docs/deployment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runatlantis.io/docs/deployment.md b/runatlantis.io/docs/deployment.md index 45685cb075..542afad983 100644 --- a/runatlantis.io/docs/deployment.md +++ b/runatlantis.io/docs/deployment.md @@ -73,7 +73,7 @@ To install: ```sh helm install atlantis runatlantis/atlantis -f values.yaml ``` - + If you are using helm v2, run: ```sh helm install -f values.yaml runatlantis/atlantis @@ -524,7 +524,7 @@ OpenShift runs Docker images with random user id's that use `/` as their home di ### AWS Fargate If you'd like to run Atlantis on [AWS Fargate](https://aws.amazon.com/fargate/) - check out the Atlantis module on the [Terraform Module Registry](https://tf-registry.herokuapp.com/modules/terraform-aws-modules/atlantis/aws/latest) + check out the Atlantis module on the [Terraform Module Registry](https://registry.terraform.io/modules/terraform-aws-modules/atlantis/aws/latest) and then check out the [Next Steps](#next-steps). ### Google Kubernetes Engine (GKE)