Skip to content

Commit

Permalink
moving tip
Browse files Browse the repository at this point in the history
  • Loading branch information
@Daniellem97
Danielle authored and Daniellem97 committed Oct 11, 2023
1 parent 6704c94 commit 6535cac
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions docs/concepts/policy/terraform-plan-policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,11 +165,11 @@ deny["must not target the forbidden endpoint: forbidden.endpoint/webhook"] {

## Custom inputs

Sometimes you might want to pass some additional data to your policy input. For example, you may want to pass the `configuration` data from the Terraform plan, the result of a third-party API or tool call. You can do that by generating a JSON file with the data you need at the root of your project. The file name must follow the pattern `$key.custom.spacelift.json` and must represent a valid JSON _object_. The object will be merged with the rest of the input data, as `input.third_party_metadata.custom.$key`. Be aware that the file name is case-sensitive. Below are two examples, one exposing Terraform configuration and the other exposing the result of a third-party security tool.

!!! Tip
To learn more about integrating security tools with Spacelift using custom inputs, please refer to our [blog post](https://spacelift.io/blog/integrating-security-tools-with-spacelift){: rel="nofollow"}.

Sometimes you might want to pass some additional data to your policy input. For example, you may want to pass the `configuration` data from the Terraform plan, the result of a third-party API or tool call. You can do that by generating a JSON file with the data you need at the root of your project. The file name must follow the pattern `$key.custom.spacelift.json` and must represent a valid JSON _object_. The object will be merged with the rest of the input data, as `input.third_party_metadata.custom.$key`. Be aware that the file name is case-sensitive. Below are two examples, one exposing Terraform configuration and the other exposing the result of a third-party security tool.

### Example: exposing Terraform configuration to the plan policy

Let's say you want to expose the Terraform configuration to the plan policy to ensure that only the "blessed" modules are used to provision resources. You would then add the following command to the list of [`after_plan` hooks](../stack/stack-settings.md#customizing-workflow):
Expand Down

0 comments on commit 6535cac

Please sign in to comment.