https://docs.spacelift.io/concepts/policy
Regarding the messages that are able to be raised into Spacelift for WARN or DENY policies, it appears that it only supports cleartext currently and does not resolve URLs to clickable hyperlinks. It would also be useful to recognize markdown or html.
We do all of our Policy as Code enforcement through Checkov and send the results through to Spacelift’s third party metadata and use a Spacelift Plan Policy on what to do with it. If it’s a compliance policy that is one of our blocker policies, then it would deny the run and raise a message about what policy was breached and provide documentation to help the developer with code snippets and further information about that specific policy check.
As an example:
msg := sprintf("Blocker: %s failed check for policy %s. Documentation: %s.", [results[i].resource, results[i].check_class, policy.documentation_url])
The documentation url comes through as plain text in the Spacelift runs and is not clickable, which isn't very convenient having to copy out to clipboard and pasting into a browser.
Furthermore, at times the message is too long when the documentation url is a long url, so then it runs out of room to display, and the developer would have to go into the logs of the plan phase to find it. This is where I feel markdown/html would also be useful.
Desirable Outcome:
msg := sprintf("Blocker: %s failed check for policy %s. [Confluence Documentation](%s).", [results[i].resource, results[i].check_class, policy.documentation_url]).
Resulting in:
“Blocker: AWS::IAM::Role.MyBadRole failed check for policy MY_ROLE_POLICY. Confluence Documentation.”
Please authenticate to join the conversation.
✅ Completed
💡 Feature Requests
UI/UX
About 1 year ago
Get notified by email when there are changes.
✅ Completed
💡 Feature Requests
UI/UX
About 1 year ago
Get notified by email when there are changes.