Migrating out of the Legacy Space»
After the introduction of Spaces most of your resources will end up in the
legacy space. This space is there to provide backward-compatibility with your existing setup, and it's the only place Access policies still work.
To get the most out of Spacelift, you'll want to move out of the
legacy space into other spaces. For each entity, you can do that by going into the entity's settings and choosing a new space for it. However, you'll have to keep a few things in mind.
First, moving entities can't break any relationships between them. For example, if you have a policy attached to a stack, you can't move the policy to a space where it won't be accessible to the stack.
Second, you have to move entities one by one, which means that moving stacks with their attachments (policies, contexts, worker pools, etc.) needs to be done in multiple steps.
- Create your new space as a child of the
rootspace with inheritance enabled.
- Move all the attachable entities (policies, contexts, worker pools, etc.) from the
legacyspace to the
rootspace. This way they're accessible from both the
legacyspace and your new space.
- Move the stacks to your new space.
- Move the attachable entities to your new space.
Additionally, when you're ready to stop using access policies in the
legacy space, you can start providing users a level of access to the
legacy space using the space_admin, space_write, and space_read directives of the Login policy. The moment the Login policy specifies any of these for a user for the
legacy space, Access policies will stop being evaluated for this user.