Allow restricting OPA policy evaluation only for certain pipelines
pending feedback
P
Peacock blue Planarian
Currently, if we want to deploy a new OPA Policy that only applies for a single pipeline, we need to deploy it for the whole project/org, and then add a conditional at the OPA code level to only apply if the pipeline name matches a certain string.
We would like to be able to configure OPA policies selecting only certain pipelines to be evaluated against.
Log In
a
abhijit.pujare
marked this post as
pending feedback
a
abhijit.pujare
This should be possible to do within the rego. For example, you can write the policy such that it only applies to the pipelines you are interested in. A snippet of a sample policy can be found below (you can write the pipeline_allowed function as you wish for your use case):
deny[msg] {
pipeline_name := input.pipeline.name
pipeline_allowed(pipeline_name)
<rest of your logic>
}
N
New Cricket
Would like the ability to exclude specific IACM workspaces for TF plan events as well
Rohan Gupta
Merged in a post:
Exclude Select Projects From OPA Policy Set
J
Jade Aardvark
Ability to exclude certain projects from an account level OPA policy set
Rohan Gupta
marked this post as
long-term
This feature is on our roadmap adding your request to it.