Closed ringods closed 2 months ago
validateResourceOfType
is implemented using this internal helper:
In generated Node.js provider SDKs, it looks like there is a difference in values for __pulumiType
for Provider resources vs. regular custom resources. Providers have just have the name of the provider __pulumiType = 'azure'
whereas custom resources have a full type token __pulumiType = 'azure:storage/blob:Blob'
.
/** @internal */
public static readonly __pulumiType = 'azure';
/**
* Returns true if the given object is an instance of Provider. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
public static isInstance(obj: any): obj is Provider {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === "pulumi:providers:" + Provider.__pulumiType;
}
/** @internal */
public static readonly __pulumiType = 'azure:storage/blob:Blob';
/**
* Returns true if the given object is an instance of Blob. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
public static isInstance(obj: any): obj is Blob {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Blob.__pulumiType;
}
I'd have to double check to see if it's always been like that, but the likely fix would be to adjust the internal isTypeOf
helper to strip the pulumi:providers:
prefix from the type if it has that prefix.
@ringods, actually, I can't repro this. I tried to repro with Azure classic program and policy pack, and the policy using validateResourceOfType(azure.Provider
runs for me. I also added an integration test in https://github.com/pulumi/pulumi-policy/pull/324 which is passing.
I see your Pulumi program is using @pulumi/azure
5.60.0. What version of @pulumi/azure
is the policy pack using?
@justinvp I instantiated a new policy pack from template azure-classic-typescript
and got this as the azure classic provider:
"@pulumi/azure": "^4.0.0",
A number of the policy templates haven't had their dependencies updated in years. 😮
When I update @pulumi/azure
to exactly 5.0.0, it still fails, but when bumping to 5.60.0 it works. So the type check is probably updated somewhere along the v5 releases.
This should be fixed with https://github.com/pulumi/templates-policy/pull/27.
Cannot close issue:
Please fix these problems and try again.
What happened?
For a customer case, I tried writing a policy that enforces the
subscriptionId
to be set on the Azure provider. I can make this work if I write a custom validation fucntion which checksargs.type === 'pulumi:providers:azure'
manually.Using
validateResourceOfType(azure.Provicer, ... )
doesn't seem to work. In the example below, only the fileargs-my.json
gets written, notargs-typed.json
.Example
Output of
pulumi about
Additional context
Test this with this small Azure Classic app:
Running with the local policy pack:
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).