from pulumi_policy import (
EnforcementLevel,
PolicyPack,
ReportViolation,
ResourceValidationArgs,
ResourceValidationPolicy,
)
def storage_container_no_public_read_validator(args: ResourceValidationArgs, report_violation: ReportViolation):
if args.resource_type == "azure:storage/container:Container" and "containerAccessType" in args.props:
access_type = args.props["containerAccessType"]
if access_type == "blob" or access_type == "container":
report_violation(
"Azure Storage Container must not have blob or container access set. " +
"Read more about read access here: " +
"https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources")
storage_container_no_public_read = ResourceValidationPolicy(
name="storage-container-no-public-read",
description="Prohibits setting the public permission on Azure Storage Blob Containers.",
validate=storage_container_no_public_read_validator,
)
CLI
Version 3.112.0
Go Version go1.22.1
Go Compiler gc
Plugins
NAME VERSION
azure-native 2.47.1
pulumi_policy 1.11.0
python unknown
Host
OS Microsoft Windows 11 Pro
Version 10.0.22621 Build 22621
Arch x86_64
This project is written in python: executable='C:\Users\manage\PycharmProjects\ilx-azure-enterprisearch-policy\venv\Scripts\python.exe' version='3.12.0'
Current Stack: ilionxDvanRemortel/ilx-azure-enterprisearch-policy/dev
Dependencies:
NAME VERSION
pip 24.1
pulumi_azure_native 2.47.1
pulumi_policy 1.11.0
setuptools 70.1.1
wheel 0.43.0
Pulumi locates its logs in C:\Users\manage\AppData\Local\Temp by default
Additional context
pulumi up --stack dev -d
Type Name Plan Info
pulumi:pulumi:Stack ilx-azure-enterprisearch-policy-dev debug: registering resource: ty=pulumi:pulumi:Stack, name=ilx-azure-enterpr
(the end, no more info, process keeps running)
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
What happened?
Trying to use this example gives 0 output, just a hanging after "pulumi up": https://github.com/pulumi/examples/tree/master/policy-packs/azure-python
Running Pulumi v3.112.0 pulumi_policy 1.11.0
Debug output/code below
Example
from pulumi_policy import ( EnforcementLevel, PolicyPack, ReportViolation, ResourceValidationArgs, ResourceValidationPolicy, )
def storage_container_no_public_read_validator(args: ResourceValidationArgs, report_violation: ReportViolation): if args.resource_type == "azure:storage/container:Container" and "containerAccessType" in args.props: access_type = args.props["containerAccessType"] if access_type == "blob" or access_type == "container": report_violation( "Azure Storage Container must not have blob or container access set. " + "Read more about read access here: " + "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources")
storage_container_no_public_read = ResourceValidationPolicy( name="storage-container-no-public-read", description="Prohibits setting the public permission on Azure Storage Blob Containers.", validate=storage_container_no_public_read_validator, )
Create the PolicyPack
PolicyPack( name="ILXazure-policy-pack", enforcement_level=EnforcementLevel.MANDATORY, policies=[ storage_container_no_public_read, ] )
Output of
pulumi about
CLI
Version 3.112.0 Go Version go1.22.1 Go Compiler gc
Plugins NAME VERSION azure-native 2.47.1 pulumi_policy 1.11.0 python unknown
Host
OS Microsoft Windows 11 Pro Version 10.0.22621 Build 22621 Arch x86_64
This project is written in python: executable='C:\Users\manage\PycharmProjects\ilx-azure-enterprisearch-policy\venv\Scripts\python.exe' version='3.12.0'
Current Stack: ilionxDvanRemortel/ilx-azure-enterprisearch-policy/dev
Found no resources associated with dev
Found no pending operations associated with dev
Backend
Name pulumi.com URL https://app.pulumi.com/ilionxDvanRemortel User ilionxDvanRemortel Organizations ilionxDvanRemortel Token type personal
Dependencies: NAME VERSION pip 24.1 pulumi_azure_native 2.47.1 pulumi_policy 1.11.0 setuptools 70.1.1 wheel 0.43.0
Pulumi locates its logs in C:\Users\manage\AppData\Local\Temp by default
Additional context
pulumi up --stack dev -d
(the end, no more info, process keeps running)
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).