Skip to main content
  1. Docs
  2. Reference
  3. REST API Docs
  4. Stack Policy

Stack Policy

    Stack Policy APIs allow you to retrieve information about policy groups and policy packs associated with a Pulumi stack. Policies define governance rules that are enforced during stack updates.

    Get Stack Policy Groups

    GET /api/stacks/{orgName}/{projectName}/{stackName}/policygroups

    Returns the list of policy groups that include the specified stack. Policy groups define which policy packs are enforced on a set of stacks. The response includes each group’s name, the stacks it applies to, and the policy packs configured within it.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The project name
    • stackName string path required
      The stack name

    Responses

    200 OK
    Schema: AppListPolicyGroupsResponse
    • policyGroups array[AppPolicyGroupSummary] required
      List of policy groups
    • name string required
      The unique name of the policy group.
    • isOrgDefault boolean required
      Whether this is the organization’s default policy group, applied to all stacks not in another group.
    • numStacks integer required
      Number of stacks assigned to this policy group.
    • numAccounts integer optional
      Number of cloud accounts assigned to this policy group.
    • entityType enum required
      The type of entity this policy group targets (e.g. stacks, accounts).
      Values: stacks, accounts
    • mode enum required
      The enforcement mode of the policy group.
      Values: audit, preventative
    • numEnabledPolicyPacks integer required
      Number of policy packs currently enabled in this group.

    Get Stack Policy Packs

    GET /api/stacks/{orgName}/{projectName}/{stackName}/policypacks

    Returns the policy packs currently enforced on the specified stack through its policy group memberships. The optional ‘mode’ query parameter filters results by enforcement mode: ‘audit’ (violations are logged but allowed) or ‘preventative’ (violations block the update). Returns 400 if the mode parameter is invalid.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The project name
    • stackName string path required
      The stack name
    • mode string query optional
      Filter by policy group enforcement mode (‘audit’ or ‘preventative’)

    Responses

    200 OK
    Schema: AppGetStackPolicyPacksResponse
    • requiredPolicies array[AppRequiredPolicy] optional
      RequiredPolicies is a list of required Policy Packs to run during the update.
    • name string required
      The name (unique and URL-safe) of the required Policy Pack.
    • version integer required
      The version of the required Policy Pack.
    • versionTag string required
      The version tag of the required Policy Pack.
    • displayName string required
      The pretty name of the required Policy Pack.
    • packLocation string optional
      Where the Policy Pack can be downloaded from.
    • config map[string]object optional
      The configuration that is to be passed to the Policy Pack. This is map a of policies mapped to their configuration. Each individual configuration must comply with the JSON schema for each Policy within the Policy Pack.
    • environments array[string] optional
      References to ESC environments whose resolved values the CLI should inject into the policy pack process.
    Errors: 400 Invalid mode parameter value