1. Docs
  2. Reference
  3. REST API Docs
  4. Stack Policy

Stack Policy

    Stack Policy APIs allow you to retrieve information about policy groups and policy packs associated with a Pulumi stack. Policies define governance rules that are enforced during stack updates.

    Get Stack Policy Groups

    GET /api/stacks/{orgName}/{projectName}/{stackName}/policygroups

    Returns the list of policy groups that include the specified stack. Policy groups define which policy packs are enforced on a set of stacks. The response includes each group’s name, the stacks it applies to, and the policy packs configured within it.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The project name
    • stackName string path required
      The stack name

    Responses

    200 OK
    Schema: AppListPolicyGroupsResponse
    • policyGroups array[AppPolicyGroupSummary] required
      List of policy groups
    • name string required
      The unique name of the policy group.
    • isOrgDefault boolean required
      Whether this is the organization’s default policy group, applied to all stacks not in another group.
    • numStacks integer required
      Number of stacks assigned to this policy group.
    • numAccounts integer optional
      Number of cloud accounts assigned to this policy group.
    • entityType enum required
      The type of entity this policy group targets (e.g. stacks, accounts).
      Values: stacks, accounts
    • mode enum required
      The enforcement mode of the policy group.
      Values: audit, preventative
    • numEnabledPolicyPacks integer required
      Number of policy packs currently enabled in this group.

    Get Stack Policy Packs

    GET /api/stacks/{orgName}/{projectName}/{stackName}/policypacks

    Returns the policy packs currently enforced on the specified stack through its policy group memberships. The optional ‘mode’ query parameter filters results by enforcement mode: ‘audit’ (violations are logged but allowed) or ‘preventative’ (violations block the update). Returns 400 if the mode parameter is invalid.

    Request Parameters

    • orgName string path required
      The organization name
    • projectName string path required
      The project name
    • stackName string path required
      The stack name
    • mode string query optional
      Filter by policy group enforcement mode (‘audit’ or ‘preventative’)

    Responses

    200 OK
    Schema: AppGetStackPolicyPacksResponse
    • requiredPolicies array[AppRequiredPolicy] optional
      RequiredPolicies is a list of required Policy Packs to run during the update.
    • name string required
      The name (unique and URL-safe) of the required Policy Pack.
    • version integer required
      The version of the required Policy Pack.
    • versionTag string required
      The version tag of the required Policy Pack.
    • displayName string required
      The pretty name of the required Policy Pack.
    • packLocation string optional
      Where the Policy Pack can be downloaded from.
    • config map[string]object optional
      The configuration that is to be passed to the Policy Pack. This is map a of policies mapped to their configuration. Each individual configuration must comply with the JSON schema for each Policy within the Policy Pack.
    • environments array[string] optional
      References to ESC environments whose resolved values the CLI should inject into the policy pack process.
    Errors: 400 Invalid mode parameter value