Project-level Custom Flow

Configure a custom flow for all environments within a project.

Project-level custom flows allow you to configure one custom flow for all environments within a project.

🚧

Overriding Local Custom Flow

Project-level custom flows will override any existing custom flows configured for the environment.

Use cases to configure per project

  • Access control - Control access to the custom flow file using a separate repository with different permissions from the IaC repository, and prevent developers from modifying the custom flow.
  • DRY - Re-use the same custom flow across multiple environments.

How to configure

  1. Select the project which you like to configure from the projects list
  2. Go to Project Settings -> Polices
  3. Under Project Policies section
  4. Click Configure to configure VCS details. (it will open a popup window)
    a. Choose VCS type - you can re-authorize if your repository is not listed
    b. Choose the Repository URL (Branch is optional)
    c. Type Custom Flow File Path - it should be a full path to the file with the suffixes (.yml/.yaml) For example - env0-custom-flows/opa.yaml
    d. The file validation will take place as part of the policies save button. you can't save without a valid file.
  5. Choose VCS type, repository, file path, revision
  6. Click update to close the popup
  7. Enable Apply custom flow to all environments in this project checkbox
  8. Click Save to apply changes

🚧

Custom Flow File Validation

env0 validates the custom flow file in the following cases:

  1. When you Configure the custom flow under project policies.
  2. Before you run a deployment.

If the file is invalid, you cannot continue and must fix the file.

If you are not able to fix it, you can disable the setting until the file is fixed.

Examples for custom flows

Run OPA with policy in another VCS

This example policy will calculate how many null-resource's have been changing. It will fail when it is bigger than 2. In addition, we can see that custom flow takes the rego file from an external repository.

version: 1

deploy:
  steps:
    setupVariables:
      after:
        - curl -L -o opa https://openpolicyagent.org/downloads/v0.46.1/opa_linux_amd64_static
        - chmod 755 ./opa
        - git clone https://[email protected]/env0/templates.git external-repo

    terraformPlan:
      after:
        - terraform show -json .tf-plan >> tfplan.json
        - ./opa eval --format pretty -i tfplan.json -d ./external-repo/custom-flows/opa-polices/null-resource.rego --fail "data.resource.limit.allow = true"