https://www.runatlantis.io/ logo
Title
j

jwr

03/31/2023, 5:55 PM
The docs describing the setup for conftest mention the need to specify a full path to your policy set, using
path: /home/atlantis/conftest_policies
as an example. How can I reference the path to my policies using a relative path in my git repository, the same repository from which atlantis would have already run
terraform plan
?
To be more specific, my repo looks like this:
terraform/
|-- environments
|   `-- prod
|       `-- <http://main.tf|main.tf>
|-- modules
|   `-- my_app
|       `-- <http://main.tf|main.tf>
`-- policies
    |-- bar.rego
    |-- baz.rego
    `-- foo.rego
And my repo-level config is able to navigate those directories for
terraform plan/apply
like this:
projects:
  - name: production
    dir: terraform/environments/prod
    autoplan:
      when_modified:
        - "*.tf"
        - "../../modules/my_app/*.tf"
      enabled: true
    apply_requirements: [mergeable, approved] # Supported elements are [mergeable, approved]
    workflow: init-plan-apply
So I'd like to reference policies the same way if possible, but I haven't been able to get that part to work:
policies:
  owners:
    teams:
      - devops
  policy_sets:
    - name: policy-tests
      path: "../../policies/"
      source: local
workflows:
  init-plan-apply:
    plan:
      steps:
        - init
        - plan:
            extra_args: ["-lock-timeout=300s"]
    policy_check:
      steps:
        - policy_check:
            extra_args:
              ["-p ../../policies/", "--all-namespaces"]
    apply:
      steps:
        - init
        - apply:
            extra_args: ["-lock-timeout=300s"]