Skip to content

spacelift-io/spacelift-policies-example-library

Repository files navigation

Spacelift Policies Example Library

This repository contains a collection of Spacelift Policy examples that can be re-purposed (if needed), and used with Spacelift. Spacelift Policies use the Open Policy Agent, which are written in the rego language. As you'll find in this repository, there are various types of Spacelift Policies - which allow for a lot of flexibility and customization. For more information on Spacelift Policies please refer to the documentation.

Useful resources

  • Spacelift Policies: You can find information about all available Spacelift Policy types here.
  • Open Policy Agent: Spacelift Policies utilize the Open Policy Agent, which uses the Rego language.
  • Spacelift Policy Workbench: Use the Spacelift Policy Workbench to debug your policies using sample policy inputs.
  • Testing Policies: Learn about creating test cases for your Spacelift Policies.

Policy Examples by Type

Policy Types Currently In This Library are below. Feel free to click on a given policy type to be taken to examples for that policy type.

Policy Type Description
ACCESS (Deprecated) Define who gets to access individual Stacks and with what level of access.
APPROVAL Define who can approve or reject a run/task and how a run/task can be approved.
LOGIN Define who gets to login to your Spacelift account and with what level of access.
PLAN Define which changes can be applied.
PUSH Define how git push events are interpreted.
TRIGGER Define what happens when blocking runs terminate.

All Policy Examples

Access Policy

Access policies have been deprecated. Please read this for details.

Approval Policy

Login Policy

Notification Policy

Plan Policy

Push Policy

Trigger Policy

Policy Tests

Tests can be added for policies using the convention <policy_filename>_test.rego. For example if you have a policy called plan.rego, you can create a test file called plan_test.rego.

You can use the following command to run all policy tests:

./run_policy_tests.sh