policyConfig
The policyConfig reserved property contains values that should be exported as configuration for Pulumi policy packs. When an ESC environment is attached to a policy pack in a policy group, the values under policyConfig are made available to the policy pack at runtime.
Properties
| Property | Type | Description |
|---|---|---|
| policyName | object | Configuration values for the policy named policyName |
| packName:policyName | object | Configuration values for the policy named policyName in the pack named packName |
Keys can use either format:
policyName— when the ESC environment is associated with a single policy packpackName:policyName— to scope configuration to a specific pack, following the same namespacing pattern aspulumiConfig
Example
Without pack namespace
values:
compliance:
apiToken:
fn::secret: xxxxxxxxxxxxxxxx
policyConfig:
cost-compliance:
maxMonthlyCost: 5000
apiEndpoint: https://compliance.example.com
apiToken: ${compliance.apiToken}
Evaluated result
{
"policyConfig": {
"cost-compliance": {
"maxMonthlyCost": 5000,
"apiEndpoint": "https://compliance.example.com",
"apiToken": "[secret]"
}
}
}
With pack namespace
values:
policyConfig:
my-compliance-pack:cost-compliance:
maxMonthlyCost: 5000
Evaluated result
{
"policyConfig": {
"my-compliance-pack:cost-compliance": {
"maxMonthlyCost": 5000
}
}
}
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.