Project-level custom flows allow you to configure one custom flow for all environments within a project.
Overriding Local Custom Flow
Project-level custom flows will override any existing custom flows configured for the environment.
- Access control - Control access to the custom flow file using a separate repository with different permissions from the IaC repository, and prevent developers from modifying the custom flow.
- DRY - Re-use the same custom flow across multiple environments.
- Select the project which you like to configure from the projects list
- Go to Project Settings -> Polices
- Under Project Policies section
- Click Configure to configure VCS details. (it will open a popup window)
a. Choose VCS type - you can re-authorize if your repository is not listed
b. Choose the Repository URL (Branch is optional)
c. Type Custom Flow File Path - it should be a full path to the file with the suffixes (.yml/.yaml) For example - env0-custom-flows/opa.yaml
d. The file validation will take place as part of the policies save button. you can't save without a valid file.
- Choose VCS type, repository, file path, revision
- Click update to close the popup
- Enable Apply custom flow to all environments in this project checkbox
- Click Save to apply changes
Custom Flow File Validation
env0 validates the custom flow file in the following cases:
- When you Configure the custom flow under project policies.
- Before you run a deployment.
If the file is invalid, you cannot continue and must fix the file.
If you are not able to fix it, you can disable the setting until the file is fixed.
This example policy will calculate how many null-resource's have been changing. It will fail when it is bigger than 2. In addition, we can see that custom flow takes the rego file from an external repository.
version: 1 deploy: steps: setupVariables: after: - curl -L -o opa https://openpolicyagent.org/downloads/v0.46.1/opa_linux_amd64_static - chmod 755 ./opa - git clone https://[email protected]/env0/templates.git external-repo terraformPlan: after: - terraform show -json .tf-plan >> tfplan.json - ./opa eval --format pretty -i tfplan.json -d ./external-repo/custom-flows/opa-polices/null-resource.rego --fail "data.resource.limit.allow = true"
Updated 7 months ago