|
1 | 1 | --- |
2 | 2 | description: Open preview of config policy management for CircleCI |
3 | | -contentTags: |
| 3 | +contentTags: |
4 | 4 | platform: |
5 | 5 | - Cloud |
6 | 6 | --- |
@@ -28,7 +28,7 @@ reserved. |
28 | 28 | [#orbs] |
29 | 29 | === `orbs` |
30 | 30 |
|
31 | | -`orbs` is a Rego object containing orbs and versions present in the given config file. It |
| 31 | +`orbs` is a Rego object containing orbs and versions present in the given config file. It |
32 | 32 | can be utilized by policies related to orbs. |
33 | 33 |
|
34 | 34 | [#definition-orbs] |
@@ -66,7 +66,7 @@ my_orbs := config.orbs |
66 | 66 | [#ban-orbs] |
67 | 67 | === `ban_orbs` |
68 | 68 |
|
69 | | -This function violates a policy if a config includes orbs based on the orb name. Versions should not |
| 69 | +This function violates a policy if a config includes orbs based on the orb name. Versions should not |
70 | 70 | be included in the provided list of orbs. |
71 | 71 |
|
72 | 72 | [#definition-ban-orbs] |
@@ -167,18 +167,17 @@ enable_rule["check_resource_class"] |
167 | 167 | hard_fail["check_resource_class"] |
168 | 168 | ---- |
169 | 169 |
|
170 | | - |
171 | | - |
172 | | - |
173 | | - |
174 | | - |
175 | | - |
176 | 170 | [#contexts-allowed-by-project-ids] |
177 | 171 | === `contexts_allowed_by_project_ids` |
178 | 172 |
|
179 | | -This function accepts project ids (`PROJECTS`) as one of the following types string/set-of-strings/array-of-strings and |
180 | | -context names (`ALLOWED_CONTEXTS`) as one of string/set-of-strings/array-of-strings types. |
181 | | -It prevents the usage of ANY context NOT IN `ALLOWED_CONTEXTS` for ALL projects that are IN `PROJECTS`. |
| 173 | +This function accepts project ids (`PROJECTS`) and |
| 174 | +context names (`ALLOWED_CONTEXTS`) as one of the following types: |
| 175 | + |
| 176 | +* string |
| 177 | +* set of strings |
| 178 | +* array of strings |
| 179 | + |
| 180 | +It prevents the usage of **any** context **not in** `ALLOWED_CONTEXTS` for **all** projects that are **in** `PROJECTS`. |
182 | 181 |
|
183 | 182 | [#definition-contexts-allowed-by-project-ids] |
184 | 183 | ==== Definition |
@@ -214,13 +213,17 @@ enable_rule["rule_contexts_allowed_by_project_ids"] |
214 | 213 | hard_fail["rule_contexts_allowed_by_project_ids"] |
215 | 214 | ---- |
216 | 215 |
|
217 | | - |
218 | 216 | [#contexts-blocked-by-project-ids] |
219 | 217 | === `contexts_blocked_by_project_ids` |
220 | 218 |
|
221 | | -This function accepts project ids (`PROJECTS`) as one of the following types string/set-of-strings/array-of-strings and |
222 | | -context names (`BLOCKED_CONTEXTS`) as one of string/set-of-strings/array-of-strings types. |
223 | | -It blocks the usage of ANY context IN `BLOCKED_CONTEXTS` for ALL projects IN `PROJECTS`. |
| 219 | +This function accepts project IDs (`PROJECTS`) and |
| 220 | +context names (`BLOCKED_CONTEXTS`) as one of the following types: |
| 221 | + |
| 222 | +* string |
| 223 | +* set of strings |
| 224 | +* array of strings |
| 225 | + |
| 226 | +It blocks the usage of **any** context **in** `BLOCKED_CONTEXTS` for **all** projects **in** `PROJECTS`. |
224 | 227 |
|
225 | 228 | [#definition-contexts-blocked-by-project-ids] |
226 | 229 | ==== Definition |
@@ -260,9 +263,14 @@ hard_fail["rule_contexts_blocked_by_project_ids"] |
260 | 263 | [#contexts-reserved-by-project-ids] |
261 | 264 | === `contexts_reserved_by_project_ids` |
262 | 265 |
|
263 | | -This function accepts project ids (`PROJECTS`) as one of the following types string/set-of-strings/array-of-strings and |
264 | | -context names (`RESERVED_CONTEXTS`) as one of string/set-of-strings/array-of-strings types. |
265 | | -It blocks the usage of ANY context IN `RESERVED_CONTEXTS` for ALL projects NOT IN `PROJECTS`. |
| 266 | +This function accepts project ids (`PROJECTS`) and |
| 267 | +context names (`RESERVED_CONTEXTS`) as one of the following types: |
| 268 | + |
| 269 | +* string |
| 270 | +* set of strings |
| 271 | +* array-of-strings |
| 272 | + |
| 273 | +It blocks the usage of **any** context **in** `RESERVED_CONTEXTS` for **all** projects **not in** `PROJECTS`. |
266 | 274 |
|
267 | 275 | [#definition-contexts-reserved-by-project-ids] |
268 | 276 | ==== Definition |
@@ -302,9 +310,14 @@ hard_fail["rule_contexts_reserved_by_project_ids"] |
302 | 310 | [#contexts-reserved-by-branches] |
303 | 311 | === `contexts_reserved_by_branches` |
304 | 312 |
|
305 | | -This function accepts VCS branch names (`BRANCHES`) as one of the following types string/set-of-strings/array-of-strings and |
306 | | -context names (`RESERVED_CONTEXTS`) as one of string/set-of-strings/array-of-strings types. |
307 | | -Branch names NOT IN `BRANCHES` are NOT allowed to use the contexts IN `RESERVED_CONTEXTS`, however other contexts may be used. |
| 313 | +This function accepts VCS branch names (`BRANCHES`) and |
| 314 | +context names (`RESERVED_CONTEXTS`) as one of the following types: |
| 315 | + |
| 316 | +* string |
| 317 | +* set-of-strings |
| 318 | +* array-of-strings |
| 319 | + |
| 320 | +Branch names **not in** `BRANCHES` are **not** allowed to use the contexts **in** `RESERVED_CONTEXTS`, however, other contexts may be used. |
308 | 321 |
|
309 | 322 | [#definition-contexts-reserved-by-branches] |
310 | 323 | ==== Definition |
|
0 commit comments