Add possibility for link in Policy message

[xarses]

We've been playing around with the new policy workflow from #1317

When the Policy comments it gives a message about the execution stats and prints the contents of the name stanza from config (in this case Standard Policies)

This comes from

policy:
  policy_sets:
    - name: Standard Policies
      path: /app/policy
      source: local

The problem here, is that there is little information presented to the PR author about what these may mean. Under the current implementation these are shipped with atlantis, and could be quite far from the repository.

Proposal: Add a field that formats as a URL on the PR comment so that Policy creators can link to more information about the test messages

In the meantime, I've simply added a go style path to the name in the hope that our users can get pointed in the right direction

[nishkrishnan]

can you not achieve this by just having the link explicitly in the message that gets output from your policy?

[nishkrishnan]

Or are you referring to something outside of the code formatted block

[msarvar]

I might be wrong here, but I think the intent is to have the link as part of the policy definition. Contest only displays message if policy fails, when it passes it just says that policy check passed. So the customers can read what policies where ran and what they're for regardless if the policy check passes.

[xarses]

My intent is to have a clickable link somewhere in the message block that enables a user to:

• find out more about these policy checks in general
• find out more about specific failure messages

As it stands now, I embedded a non-clickable link into the name of the policy document in the hopes that users are astute enough to realize it will have more information about any failures they may run into

[nishkrishnan]

Right, I think long term we've discussed making comment templates a lot more customizable by service operators to allow for these sorts of things. I'm hesitant to add support for custom messaging for gh comments in the repo config because it opens a can of worms in terms of more feature requests associated with it and more code complexity and maintenance for a hacky solution.

Would like to do this right.

[nishkrishnan]

I'd lean to keeping this issue around: #1026

and solving for this there.

[xarses]

I'm not against merging the two, but I'm not looking to customize the template per-say. I was thinking that in this case, I'd like to have the data for policy_sets to include a url or something field, that would get rendered with the evaluated policy. I was also thinking that the policy_sets' name would actually be rendered outside the codeblock to help support this information as its probable that we will soon have a policy_set that is owned by the security or compliance team that will have its own information.

That all said, it would still be a move in the right direction to customize the block to point to the overall documentation