View Registered Policies
View Policy Runs
validate
that takes in a ValidationInput
object and throws a ValidationError
if the policy is violated. If the policy is not violated, the function should return nothing.
Here is a sample policy which enforces auto-shutdown for all services:
manifest
: The manifest of the deployment that is being created.context
: The context of the deployment that is being created. context
has the following fields:
environment
: This field tells you about the deployment target - whether it’s production or development, cost-optimized, etc.createdByUser
: The user that is creating the deployment.activeDeployment
: The manifest of the currently running version (if any).context
object to write more complex policies. Here are a few examples showing how to use the context
object:
Enforce health checks for production services
Enforce that production deployments are only made through service accounts for better security and audit trails
mutate
that takes in a MutationInput
object and returns a MutationOutput
object. The MutationOutput
object contains the mutated manifests.
Here is a sample mutation policy which mutates the registry for the images to private JFrog repository:
generatedK8sManifests
: The generated Kubernetes manifests for the deployment which would be applied to the Kubernetes cluster.context
: The context of the deployment that is being created. context
has the following fields:
environment
: This field tells you about the deployment target - whether it’s production or development, cost-optimized, etc.createdByUser
: The user that is creating the deployment.activeDeployment
: The manifest of the currently running version (if any).inputManifest
: The TrueFoundry manifest of the deployment that is being created.inputManifest
in the context
object to see if this deplotment is of type notebook and then only do the mutation.
src/policy.ts
.src/models.ts
. Use type definitions from src/types.ts
to ensure type-safe code.