Chris' Corner - March 2023

Introduction

The development within the env0 platform is fantastic, one of the many reasons I love working here. The features come thick and fast and this is the motivation behind this monthly blog, to highlight the latest features and showcase Chris’ favorites.

If you want to keep up to date with the features as they are released, follow the changelog.

So far in 2023, we’ve released the following features:

• Azure DevOps Integration - Full integration with the Azure DevOps VCS.
• Plugins - Native plugin integration for open-source software such as OPA, TFlint, Checkov, etc.
• Private Module Registry - Folder-Based Modules - Folder-based module registry for easy and secure access.
• Project Level Custom Workflows - The ability to set governance and compliance checks at a project level.
• Log Forwarding to Google Cloud Logging
• Workflow Enhancements - Variable segregation between environments within Workflows.
• Environment Locking - Admin ability to lock environments to stop updates or destroys.
• Remote Plans - Run a Terraform plan locally on your machine against the env0 application for speed of development.
• Deployment Comments - Add comments to each environment to aid in collaboration.
• Custom TTL Policy - Now customize TTL timelines within an Organisation and Project.
• New Integrations - Plugins and Sumo Logic

This month's highlighted feature will be Project Level Custom Flows. 

What’s the problem?

env0 originally had the custom flow feature restricted to per environment. This meant any time you wanted multiple environments to run through plugin checks with agents such as OPA, TFlint, CheckOV, etc you would have to present the code in each environment folder.

Not only is this time-consuming, but it means any updates to the plugin checks may not be pushed to all relevant environments creating logistical or security concerns.

We listened to our customers and prioritized the highlighted feature to remove these pain points with Custom Flows defined for all environments within a Project.

How does env0 solve the problem?

We now have the ability to set plugin checks at the Project level, which then applies to all environments within that project. This can be extremely useful in several scenarios, a key one to mention is having an application project or sub-project. All application deployments will then be subjected to the relevant checks defined by the user and/or the business.

The documentation to set up the project-level custom flows can be found here:

https://docs.env0.com/docs/project-level-custom-flow

It’s also relevant to mention that env0 has two methods of integrating third-party tools. Either writing a script that is consumed at the custom flow level or using our native plugin feature.

New Feature

This can be easily enabled by navigating to the Project Settings within the chosen Project. Select the POLICIES tab and press configure under the Custom Flow section.

Select the VCS, in this example, I’m using GitHub. Populate the Repository, Branch, and Custom Flow File Path. Take note that the path doesn’t end at a directory, but the specific .yml or .yaml file.

Once you applied the configuration, ensure you enable the check box, Apply custom flow to all environments in the project.

This will make sure any new deployments in the Project will be subject to this check.

If you’re a little lost, don’t worry, follow along with the video below that integrates an OPA check into our Application Projects.

Code

<code>
version: 2
deploy:
 steps:
   terraformPlan:
     after:
       - name: Generate plan output
         run: terraform show -json .tf-plan > tf-plan.json
       - name: Running OPA check
         use: https://github.com/env0/env0-opa-plugin
         inputs:
           path: ${ENV0_ROOT_DIR}/integrations/opa/rego
           flags: --input tf-plan.json --fail-defined --format=raw
           query: data.terraform.validation.violations[msg]
</code>

‍

Thanks for reading! If you have any questions you can reach out to Chris on LinkedIn, or schedule a demo with the Sales Engineering Team.