Add metadata for access & notification policies

access/engineering-team-access.yml

@@ -0,0 +1,10 @@
+name: Engineering team access
+source: engineering-team-access.rego
+type: access
+description: |
+  This example access policy gives everyone in the "Engineering" GitHub team
+  read access to the stack.
+labels:
+  - access
+  - teams
+  - read

access/label-based-team-access.yml

@@ -0,0 +1,10 @@
+name: Label based team access
+source: label-based-team-access.rego
+type: access
+description: |
+  This policy allow you to tag a repo with a "access:<level>:<team>" label to
+  grant access to Stacks via labels.
+labels:
+  - access
+  - label based
+  - teams

access/protect-administrative-stacks..yml

@@ -0,0 +1,13 @@
+name: Protect administrative stacks
+source: protect-administrative-stacks.rego
+type: access
+description: |
+  Administrative stacks are powerful - getting write access to one is almost
+  as good as being an admin - you can define and attach contexts and policies.
+  So let's deny write access to them entirely. This works since access policies
+  are not evaluated for admin users.
+labels:
+  - access
+  - administrative
+  - stacks
+  - protection

access/slack-channel-access.yml

@@ -0,0 +1,16 @@
+# todo: write a yml file for this policy
+name: Slack channel access
+source: slack-channel-access.rego
+type: access
+description: |
+  Assuming you have the Slack integration setup, you could
+  attach this policy to a given stack, and this would provide
+  the Slack Channel "dev-notifications" access to your Spacelift
+  stack's data.
+  NOTE: If you are looking to scope access to individual Slack channels
+  you should consider using the channel id, rather than the name, as names can change.
+labels:
+  - access
+  - slack
+  - channels
+  - teams

access/who-when-where-access-restrictions.yml

@@ -0,0 +1,13 @@
+name: Who, when, where access restrictions
+source: who-when-where-access-restrictions.rego
+type: access
+description: |
+  This policy allows you to restrict access to your stacks based on the user, time of day, and the IP address.
+  This is useful for restricting access to your stacks to only certain users, or only during certain times of the day, or only from certain IP addresses.
+
+labels:
+  - access
+  - restrictions
+  - ips
+  - business hours
+  - after hours

notification/drift-detection-with-changes.yml

@@ -0,0 +1,10 @@
+name: Drift Detection with Changes
+source: drift-detection-with-changes.rego
+type: notification
+description: |
+  This policy is used send a notification to Slack when drift is detected in the infrastructure.
+labels:
+  - notification
+  - drift detection
+  - changes
+  - slack

notification/notification-failure.yml

@@ -0,0 +1,10 @@
+name: Notification Failure
+source: notification-failure.rego
+type: notification
+description: |
+  This policy is used send a notification to Slack when a run fails.
+labels:
+  - notification
+  - failure
+  - slack
+  - run

notification/slack-channels-with-labels.yml

@@ -0,0 +1,12 @@
+name: Slack Channels with Labels
+source: slack-channels-with-labels.rego
+type: notification
+description: |
+  This policy allows to route notifications to Slack channels based on labels specified on a stack.
+labels:
+  - notification
+  - slack
+  - channels
+  - labels
+  - stack
+  - routing