workflow policies
Akshat0694 opened this issue · comments
Policy for controlling Workflow object (example below) definition:
Like IaC policies, workflow policies are enforced on Workflow Groups and/or Workflows. Important to note is that, these policies are not applied on users or groups.
To control:
- Order and values of Workflow Steps
- Values in VSC Config
- Approvers (or should this be the part of authorization instead?)
"IsArchive": "0",
"IsActive": "1",
"Description": "Approval testing with workflow DocVersion V2.BETAe",
"ModifiedAt": "1635109805",
"ResourceType": "WORKFLOW",
"LatestWfrunStatus": "PENDING",
"Tags": [],
"DocVersion": "V2.BETA",
"EnvironmentVariables": [
{
"config": {
"textValue": "test",
"varName": "test"
},
"kind": "PLAIN_TEXT"
}
],
"EnforcedPolicies": [
{
"ResourceName": "wrrf"
}
],
"Authors": [
"akshat.tandon@stackguardian.io"
],
"WfStepsConfig": [
{
"name": "default",
"wfStepTemplateId": "/stackguardian/terraform:1",
"wfStepInputData": {
"schemaType": "FORM_JSONSCHEMA",
"data": {
"terraformVersion": "1.0.0",
"managedTerraformState": true,
"terraformAction": "plan",
"debugMode": false
}
},
"approval": true
}
],
"ActivitySubscribers": [
"akshat.tandon@stackguardian.io"
],
"ResourceName": "testworkflow23",
"VCSConfig": {
"iacVCSConfig": {
"iacTemplateId": "/stackguardian/s3-website:8",
"useMarketplaceTemplate": true
},
"iacInputData": {
"schemaType": "FORM_JSONSCHEMA",
"data": {
"s3_bucket_ignore_public_acls": false,
"bucket_region": "eu-central-1",
"s3_bucket_block_public_acls": false,
"s3_bucket_restrict_public_buckets": false,
"s3_bucket_tags": {},
"s3_bucket_acl": "public-read",
"s3_bucket_versioning": {
"enabled": true,
"mfa_delete": false
},
"s3_bucket_force_destroy": true,
"s3_bucket_block_public_policy": false
}
}
},
"SubResourceId": "/wfgrps/test-14/wfs/testworkflow23",
"OrgId": "/orgs/tandlabs",
"CreatedAt": "1632465449"
}```