Allow remote source and project/workflow level configuration for PolicySet

[dwilliams782]

Looking at the example in the docs:

policies:
  owners:
    users:
      - nishkrishnan
  policy_sets:
    - name: null_resource_warning
      path: <CODE_DIRECTORY>/policies/null_resource_warning
      source: local

A few things occur to me:

1. Having to specify a policy_set per rule is a bit of a pain, this would be much better to point at a directory and consume all rego files within it
2. We store our rego files in a separate git repo, so having remote options for source would be useful
3. I don't want to have to enable this immediately for every project that uses this instance of atlantis, I think we should be able to configure policy checks either at a project or a workflow level.

[msarvar]

Having to specify a policy_set per rule is a bit of a pain, this would be much better to point at a directory and consume all rego files within it

This is already supported, in the docs null_resource_warning is a folder. Example is just 1 rule but there is nothing preventing you to specify your policy_sets as

  - name: all_policies
      path: <CODE_DIRECTORY>/policies/
      source: local

^ will run everything in that folder, even if you have sub folders it will recursively run your rules.

We store our rego files in a separate git repo, so having remote options for source would be useful

This is something that needs to be implemented, just haven't had time.

I don't want to have to enable this immediately for every project that uses this instance of atlantis, I think we should be able to configure policy checks either at a project or a workflow level.

You can completely override the policy_check step in the workflow level. The same way you can replace atlantis' default plan, and apply workflow stages.

Something like this:

workflows:
  no_policy_checks:
    policy_check:
          steps:
          - run: echo "This workflow doesn't support policy checks"