search

pulumi / pulumi-policy-aws

A policy pack of rules to enforce AWS best practices for security, reliability, cost, and more!
https://www.pulumi.com
Apache License 2.0
34 stars 6 forks source link

Add some security rules #21

Closed chrsmith closed 4 years ago

chrsmith commented 4 years ago

Adds the security rules from #2, but cleaned up to use the current SDK and testing idioms. I added unit tests for all of the rules, but no integration tests.

Note that the tests use a library for mocking out the AWS SDK calls made during the rule's execution. It makes the tests a little verbose, but it seems to work pretty well.

justinvp commented 4 years ago

@chrsmith, I'll push a commit to this PR that updates it to the latest API

chrsmith commented 4 years ago

@justinvp , @ekrengel PTAL. I rebased with the latest bits from master.

The breaking API changes were good, since as it turns out some of these needed to be of ty pe StackValidationPolicy. This means I had to create some new test helper methods, and do some refactoring.

So now /tests/util.ts exports:

assertHasStackViolation and assertHasResourceViolation. Both of which calls the unexpected assertHasViolation under the hood.