René's URL Explorer Experiment


Title: [FEATURE] External Policy/Configuration Loading with `${include()}` Function · Issue #57 · stackql/stackql-deploy · GitHub

Open Graph Title: [FEATURE] External Policy/Configuration Loading with `${include()}` Function · Issue #57 · stackql/stackql-deploy

X Title: [FEATURE] External Policy/Configuration Loading with `${include()}` Function · Issue #57 · stackql/stackql-deploy

Description: Feature Description Implement a function-style syntax for loading policies, IAM roles, and other complex JSON/YAML configurations from external files in stackql-deploy, similar to Terraform's file loading capabilities. Current Behavior C...

Open Graph Description: Feature Description Implement a function-style syntax for loading policies, IAM roles, and other complex JSON/YAML configurations from external files in stackql-deploy, similar to Terraform's file ...

X Description: Feature Description Implement a function-style syntax for loading policies, IAM roles, and other complex JSON/YAML configurations from external files in stackql-deploy, similar to Terraform's f...

Opengraph URL: https://github.com/stackql/stackql-deploy/issues/57

X: @github

direct link

Domain: github.com


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[FEATURE] External Policy/Configuration Loading with `${include()}` Function","articleBody":"## Feature Description\nImplement a function-style syntax for loading policies, IAM roles, and other complex JSON/YAML configurations from external files in `stackql-deploy`, similar to Terraform's file loading capabilities.\n\n## Current Behavior\nCurrently, all policies, IAM role definitions, and other complex JSON configurations must be embedded directly within the `stackql-deploy` manifest file, making manifests verbose and difficult to maintain, especially for complex policy documents.\n\n## Desired Behavior\nAllow users to reference external JSON/YAML files for policies and complex configurations using a function-style syntax:\n\n```yaml\n- name: policy_document\n  value: \"${include('policies/s3_bucket_policy.json')}\"\n```\nThe `${include()}` function would:\n1. Load content from the specified JSON or YAML file\n2. Parse the file content into a native object structure\n3. Support variable substitution for template variables within the loaded file\n4. Replace the function call with the loaded and processed content\n\n## File Format Requirements\n- Support both JSON (.json) and YAML (.yaml, .yml) file formats\n- Automatically detect format based on file extension\n- Validate file syntax during loading\n- Support nested includes (files including other files, with cycle detection)\n\n## Use Cases\n- IAM role policies (like the cross_account_role in the manifest)\n- S3 bucket policies\n- Assume role policy documents\n- Storage configurations\n- Any complex nested JSON structure\n\n## Implementation Details\n1. Implement a new `include()` function in the stackql-deploy template processing engine (at the `resource.props` level)\n2. Add file path resolution relative to the manifest file location\n3. Support environment-specific overrides (e.g., `policy.dev.json` vs `policy.prod.json`)\n4. Process template variables inside the loaded files\n5. Implement error handling for missing or invalid files\n\n## Example\nConsider a complex IAM policy currently embedded in the manifest:\n\n**Current approach (policy embedded in manifest):**\n```yaml\n- name: aws/iam/cross_account_role\n  file: aws/iam/iam_role.iql\n  props:\n    - name: assume_role_policy_document\n      value:\n        Version: \"2012-10-17\"\n        Statement:\n          - Sid: \"\"\n            Effect: \"Allow\"\n            Principal:\n              AWS: \"arn:aws:iam::{{ databricks_aws_account_id }}:root\"\n            Action: \"sts:AssumeRole\"\n            Condition:\n              StringEquals:\n                sts:ExternalId: \"{{ databricks_account_id }}\"\n    - name: policies\n      value:\n        - PolicyDocument:\n            Statement:\n              - Sid: Stmt1403287045000\n                Effect: Allow\n                Action:\n                  - \"ec2:AllocateAddress\"\n                  - \"ec2:AssociateDhcpOptions\"\n                  # ... many more actions ...\n                Resource:\n                  - \"*\"\n            Version: '2012-10-17'\n          PolicyName: \"{{ stack_name }}-{{ stack_env }}-policy\"\n```\n\n**Proposed approach with external files:**\n```yaml\n- name: aws/iam/cross_account_role\n  file: aws/iam/iam_role.iql\n  props:\n    - name: assume_role_policy_document\n      value: \"${include('policies/assume_role_policy.json')}\"\n    - name: policies\n      value:\n        - PolicyDocument: \"${include('policies/ec2_policy.json')}\"\n          PolicyName: \"{{ stack_name }}-{{ stack_env }}-policy\"\n```\n\n**External file: `policies/assume_role_policy.json`:**\n```json\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"AWS\": \"arn:aws:iam::{{ databricks_aws_account_id }}:root\"\n      },\n      \"Action\": \"sts:AssumeRole\",\n      \"Condition\": {\n        \"StringEquals\": {\n          \"sts:ExternalId\": \"{{ databricks_account_id }}\"\n        }\n      }\n    }\n  ]\n}\n```\n\n**External file: `policies/ec2_policy.json`:**\n```json\n{\n  \"Statement\": [\n    {\n      \"Sid\": \"Stmt1403287045000\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ec2:AllocateAddress\",\n        \"ec2:AssociateDhcpOptions\",\n        \"ec2:AssociateIamInstanceProfile\"\n        // ... more actions ...\n      ],\n      \"Resource\": [\"*\"]\n    }\n  ],\n  \"Version\": \"2012-10-17\"\n}\n```\n\n## Template Variable Processing\nTemplate variables (using the `{{ variable_name }}` syntax) in external files would be processed just like they are in the main manifest file, allowing for dynamic configuration:\n\n**Example with template variables in external file:**\n```json\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"AWS\": \"arn:aws:iam::{{ databricks_aws_account_id }}:root\"\n      },\n      \"Action\": \"sts:AssumeRole\",\n      \"Condition\": {\n        \"StringEquals\": {\n          \"sts:ExternalId\": \"{{ databricks_account_id }}\"\n        }\n      }\n    }\n  ]\n}\n```\n## Benefits\n- Cleaner, more maintainable manifest files\n- Easier version control of individual policies\n- Ability to reuse common policies across multiple stacks\n- Better separation of concerns in the infrastructure code\n- Familiar function-style syntax similar to other IaC tools\n\n## Additional Considerations\n- Path resolution: Relative to manifest file or working directory?\n- Error handling for missing or invalid files\n- Support for partial includes (specific sections of a file)\n- Documentation for best practices in organizing policy files","author":{"url":"https://github.com/jeffreyaven","@type":"Person","name":"jeffreyaven"},"datePublished":"2025-07-22T00:41:05.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/57/stackql-deploy/issues/57"}

route-pattern/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controllervoltron_issues_fragments
route-actionissue_layout
fetch-noncev2:92ec2908-e8bd-70c9-fb95-76d8f2c523af
current-catalog-service-hash81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-idB75E:91DE5:88B440:C98D51:6A4E1740
html-safe-nonce5d41e7e1e493b19099517d5cf0f9e3b21922f8913082fc4ef0718a9238343ff1
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCNzVFOjkxREU1Ojg4QjQ0MDpDOThENTE6NkE0RTE3NDAiLCJ2aXNpdG9yX2lkIjoiMjY3NDgxNDc2MDgxNDI1Mzg4OCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmacb6782c9d822999798260d1d35a7a0f1920766534556db5d14bf14d6ea5cafa8e
hovercard-subject-tagissue:3250532998
github-keyboard-shortcutsrepository,issues,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/issues_fragments/issue_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/stackql/stackql-deploy/57/issue_layout
twitter:imagehttps://opengraph.githubassets.com/309835fe9a0c163bb8200f5452fa15e0c5fa666e9ebfb33b5346dfcfd74eac60/stackql/stackql-deploy/issues/57
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/309835fe9a0c163bb8200f5452fa15e0c5fa666e9ebfb33b5346dfcfd74eac60/stackql/stackql-deploy/issues/57
og:image:altFeature Description Implement a function-style syntax for loading policies, IAM roles, and other complex JSON/YAML configurations from external files in stackql-deploy, similar to Terraform's file ...
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernamejeffreyaven
hostnamegithub.com
expected-hostnamegithub.com
None030096ee0db095447bfe77409d33bfac127ca7128299c58deef27c52eaa1b1f0
turbo-cache-controlno-preview
go-importgithub.com/stackql/stackql-deploy git https://github.com/stackql/stackql-deploy.git
octolytics-dimension-user_id95105302
octolytics-dimension-user_loginstackql
octolytics-dimension-repository_id785476010
octolytics-dimension-repository_nwostackql/stackql-deploy
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id785476010
octolytics-dimension-repository_network_root_nwostackql/stackql-deploy
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseea9187571e3edc5f2780f750631138669441ca50
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/stackql/stackql-deploy/issues/57#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fstackql%2Fstackql-deploy%2Fissues%2F57
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fstackql%2Fstackql-deploy%2Fissues%2F57
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=stackql%2Fstackql-deploy
Reloadhttps://github.com/stackql/stackql-deploy/issues/57
Reloadhttps://github.com/stackql/stackql-deploy/issues/57
Reloadhttps://github.com/stackql/stackql-deploy/issues/57
Please reload this pagehttps://github.com/stackql/stackql-deploy/issues/57
stackql https://github.com/stackql
stackql-deployhttps://github.com/stackql/stackql-deploy
Notifications https://github.com/login?return_to=%2Fstackql%2Fstackql-deploy
Fork 1 https://github.com/login?return_to=%2Fstackql%2Fstackql-deploy
Star 4 https://github.com/login?return_to=%2Fstackql%2Fstackql-deploy
Code https://github.com/stackql/stackql-deploy
Issues 5 https://github.com/stackql/stackql-deploy/issues
Pull requests 1 https://github.com/stackql/stackql-deploy/pulls
Actions https://github.com/stackql/stackql-deploy/actions
Projects https://github.com/stackql/stackql-deploy/projects
Security and quality 0 https://github.com/stackql/stackql-deploy/security
Insights https://github.com/stackql/stackql-deploy/pulse
Code https://github.com/stackql/stackql-deploy
Issues https://github.com/stackql/stackql-deploy/issues
Pull requests https://github.com/stackql/stackql-deploy/pulls
Actions https://github.com/stackql/stackql-deploy/actions
Projects https://github.com/stackql/stackql-deploy/projects
Security and quality https://github.com/stackql/stackql-deploy/security
Insights https://github.com/stackql/stackql-deploy/pulse
[FEATURE] External Policy/Configuration Loading with ${include()} Functionhttps://github.com/stackql/stackql-deploy/issues/57#top
enhancementNew feature or requesthttps://github.com/stackql/stackql-deploy/issues?q=state%3Aopen%20label%3A%22enhancement%22
https://github.com/jeffreyaven
jeffreyavenhttps://github.com/jeffreyaven
on Jul 22, 2025https://github.com/stackql/stackql-deploy/issues/57#issue-3250532998
enhancementNew feature or requesthttps://github.com/stackql/stackql-deploy/issues?q=state%3Aopen%20label%3A%22enhancement%22
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.