search

pulumi / pulumi-policy

Pulumi's Policy as Code SDK, CrossGuard. Define infrastructure checks in code to enforce security, compliance, cost, and other practices, enforced at deployment time.
https://www.pulumi.com/docs/guides/crossguard/
Apache License 2.0
34 stars 5 forks source link

resource presence/absence enforcement #299

Open errordeveloper opened 1 year ago

errordeveloper commented 1 year ago

I've been playing around with polcies (currently using TypeScript), and realised that currently one has to use stack policies to enfoce absence or presence of certain types of resources. I would seem quite convenient if there was a way to declare a resource policy that requires absence or presence of a particular resources. At the moment having a resource policy falls short when resources are actually not present, or just cannot be detected (see #298). So it make it possible to evade rules that are defined in policies if one simply deletes a particular resource.

Zaid-Ajaj commented 1 year ago

Hi there @errordeveloper thanks for filing this issue and bringing our attention to this limitation. It makes sense to add this functionality. We will discuss it with the team and decide on a priority for it. Will keep you posted 😄