search

pulumi / pulumi-policy

Pulumi's Policy as Code SDK, CrossGuard. Define infrastructure checks in code to enforce security, compliance, cost, and other practices, enforced at deployment time.
https://www.pulumi.com/docs/guides/crossguard/
Apache License 2.0
31 stars 4 forks source link

Resource Validation for undefined inputs #352

Open damyngz opened 3 weeks ago

damyngz commented 3 weeks ago

Hello!

Issue details

I want to be able to detect undefined inputs for a resource like say, a helm Release resource

{
            name: "helm-release-unfixed-version",
            description: "Prevents Helm Release from having unspecified version.",
            enforcementLevel: "mandatory",
            validateResource: validateResourceOfType(k8s.helm.v3.Release, (resource, args, reportViolation) => {
                if (args.props.version == undefined) {
                    reportViolation("You must fix the version of the helm release.");
                }
            }),
}

This can be traditionally achieved via a stackTransformation like so: 

pulumi.runtime.registerStackTransformation((resource) => {
        if (resource.type === "kubernetes:helm.sh/v3:Release") {
            if (resource.props.version === undefined) { throw new pulumi.RunError(`helm version if unfixed for release: ${resource.name}`) }
        } return undefined
    })

but I would prefer to do it via policy validation if possible so i dont have to litter the stack with transformations.

Affected area/feature

tgummerer commented 2 weeks ago

Thanks for the suggestion! That seems like a reasonable enhancement request to me.