Policy Group Environments

The PolicyGroup resource

A policy group represents the collection of OPA policies stored in a VCS repository.

When linked to an environment, the policy group will participate in the policy check phase of every run in that environment.

Key path

Description

type* (string)

Available values: policy-groups

id (string)

attributes.error-message (string)

This field contains the error description when the group’s status is errored.

attributes.name* (string)

The policy group name must be unique within the account and contain only letters, numbers, dashes

attributes.opa-version (string)

The version of Open Policy Agent to use for the policy evaluation.

If omitted, the system default version is assigned.

attributes.status (string)

Policy group current status.

  • fetching - waiting for policies to be synchronized with VCS.

  • active - synchronization completed, policy group is ready.

  • errored - synchronization has failed. Attribute error-message contains the details.

attributes.vcs-repo.branch (string)

Branch of a repository the policy group is associated with. If omitted, the repository default branch will be used.

attributes.vcs-repo.identifier* (string)

A reference to your VCS repository.

For GitHub, GitHub Enterprise and GitLab the format is <org>/<repo>. For Azure DevOps Services the format is <org>/<project>/<repo>.

attributes.vcs-repo.path (string)

The sub-directory of the VCS repository where OPA policies are stored. The scalr-policy.hcl file must exist in this directory. Files and directories outside this directory will be ignored during a sync from VCS, and changing them won’t trigger a policy group update.

If omitted or submitted as an empty string, this defaults to the repository’s root.

relationships.account* (object)

The account this policy group belongs to.

relationships.account.data.type* (string)

Available values: accounts

relationships.account.data.id* (string)

relationships.environments (object)

List of environments this policy group is linked to.

relationships.environments.data* (array)

relationships.policies (object)

List of OPA policies this group contains.

relationships.policies.data* (array)

relationships.vcs-provider* (object)

The policy group’s VCS provider.

relationships.vcs-provider.data.type* (string)

Available values: vcs-providers

relationships.vcs-provider.data.id* (string)

relationships.vcs-revision (object)

The Git commit information when the policy group was fetched from VCS.

relationships.vcs-revision.data.type* (string)

Available values: vcs-revisions

relationships.vcs-revision.data.id* (string)

relationships.workspaces (object)

List of workspaces affected by this policy group.

relationships.workspaces.data* (array)

links.self (string)

Update policy group environments relationships

PATCH /api/iacp/v3/policy-groups/{policy_group}/relationships/environments
Parameters

  • policy_group (string) – The ID of the policy_group to update.

Update policy group environment relationships:

PATCH /api/iacp/v3/policy-groups/{policy_group}/relationships/environments HTTP/1.1
Host: my.scalr.io
Content-Type: application/json
Prefer: profile=preview

{
"data": [
    {
      "id": "env-svrcnchebt61e30",
      "type": "environments"
    }
  ]
}
Status Codes

  • 204 No Content – Successfully updated the policy group environments relationships.

  • 404 Not Found – Environments or policy group not found, or user unauthorized to perform action.

  • 4XX – Client error.

  • 5XX – Server error.

Create policy group environments relationships

POST /api/iacp/v3/policy-groups/{policy_group}/relationships/environments
Parameters

  • policy_group (string) – The ID of the policy_group to update.

Create policy group environment relationships:

POST /api/iacp/v3/policy-groups/{policy_group}/relationships/environments HTTP/1.1
Host: my.scalr.io
Content-Type: application/json
Prefer: profile=preview

{
"data": [
    {
      "id": "env-svrcnchebt61e30",
      "type": "environments"
    }
  ]
}
Status Codes

  • 204 No Content – Successfully created the policy group environments relationships.

  • 404 Not Found – Environments or policy group not found, or user unauthorized to perform action.

  • 4XX – Client error.

  • 5XX – Server error.

Delete policy group’s environment relationship

DELETE /api/iacp/v3/policy-groups/{policy_group}/relationships/environments/{environment}
Parameters

  • policy_group (string) – The ID of the policy group.

  • environment (string) – The ID of the environment to be unlinked from policy group.

Status Codes

  • 204 No Content – Successfully deleted the policy group’s environment relationship.

  • 404 Not Found – Environment or policy group not found, or user unauthorized to perform action.

  • 4XX – Client error.

  • 5XX – Server error.