Pulumi's Policy as Code SDK, CrossGuard. Define infrastructure checks in code to enforce security, compliance, cost, and other practices, enforced at deployment time.
If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Issue details
I want to be able to detect undefined inputs for a resource like say, a helm Release resource
{
name: "helm-release-unfixed-version",
description: "Prevents Helm Release from having unspecified version.",
enforcementLevel: "mandatory",
validateResource: validateResourceOfType(k8s.helm.v3.Release, (resource, args, reportViolation) => {
if (args.props.version == undefined) {
reportViolation("You must fix the version of the helm release.");
}
}),
}
This can be traditionally achieved via a stackTransformation like so:
pulumi.runtime.registerStackTransformation((resource) => {
if (resource.type === "kubernetes:helm.sh/v3:Release") {
if (resource.props.version === undefined) { throw new pulumi.RunError(`helm version if unfixed for release: ${resource.name}`) }
} return undefined
})
but I would prefer to do it via policy validation if possible so i dont have to litter the stack with transformations.
Hello!
Issue details
I want to be able to detect undefined inputs for a resource like say, a helm Release resource
This can be traditionally achieved via a stackTransformation like so:
but I would prefer to do it via policy validation if possible so i dont have to litter the stack with transformations.
Affected area/feature