From c7b0daab2243edb0d1446a7500c1a2a3066f2423 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Thu, 23 Jun 2022 15:55:37 +0200
Subject: [PATCH] feat: add policy pack support for Pulumi stacks

---
 Dockerfile           |  2 +-
 cloudbender/stack.py | 35 ++++++++++++++++++++++++++++++++---
 requirements.txt     |  5 +++--
 3 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7749ea8..001f14b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 ARG RUNTIME_VERSION="3.8"
 ARG DISTRO_VERSION="3.15"
-ARG PULUMI_VERSION="3.34.0"
+ARG PULUMI_VERSION="3.35.0"
 
 FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
 ARG PULUMI_VERSION
diff --git a/cloudbender/stack.py b/cloudbender/stack.py
index 06ed35b..009e72b 100644
--- a/cloudbender/stack.py
+++ b/cloudbender/stack.py
@@ -723,7 +723,8 @@ class Stack(object):
         """Creates a stack"""
 
         if self.mode == "pulumi":
-            pulumi_init(self, create=True).up(on_output=self._log_pulumi)
+            kwargs = self._set_pulumi_args()
+            pulumi_init(self, create=True).up(**kwargs)
 
         else:
             # Prepare parameters
@@ -850,7 +851,8 @@ class Stack(object):
     def preview(self):
         """Preview a Pulumi stack up operation"""
 
-        pulumi_init(self, create=True).preview(on_output=self._log_pulumi)
+        kwargs = self._set_pulumi_args()
+        pulumi_init(self, create=True).preview(**kwargs)
 
         return
 
@@ -864,7 +866,9 @@ class Stack(object):
         for r in self._pulumi_code.RESOURCES:
             r_id = r["id"]
             if not r_id:
-                r_id = input("Please enter ID for {} ({}):".format(r["name"], r["type"]))
+                r_id = input(
+                    "Please enter ID for {} ({}):".format(r["name"], r["type"])
+                )
 
             logger.info("Importing {} ({}) as {}".format(r_id, r["type"], r["name"]))
 
@@ -1148,3 +1152,28 @@ class Stack(object):
         )
         if text and not text.isspace():
             logger.info(" ".join([self.region, self.stackname, text]))
+
+    def _set_pulumi_args(self, kwargs={}):
+        kwargs["on_output"] = self._log_pulumi
+        kwargs["policy_packs"] = []
+        kwargs["policy_pack_configs"] = []
+
+        # Try to find policies in each artifact location
+        if "policies" in self.pulumi:
+            for policy in self.pulumi["policies"]:
+                found = False
+                for artifacts_path in self.ctx["artifact_paths"]:
+                    path = "{}/pulumi/policies/{}".format(artifacts_path.resolve(), policy)
+                    if os.path.exists(path):
+                        kwargs["policy_packs"].append(path)
+                        found = True
+                if not found:
+                    logger.error(f"Could not find policy implementation for {policy}!")
+                    raise FileNotFoundError
+
+        try:
+            kwargs["policy_pack_configs"] = self.pulumi["policy_configs"]
+        except KeyError:
+            pass
+
+        return kwargs
diff --git a/requirements.txt b/requirements.txt
index 5bf2e3e..9776892 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,9 +4,10 @@ Jinja2>=3.0.0
 click
 pyminifier
 cfn-lint>=0.34
-pulumi
-pulumi-aws
+pulumi>=3.35.0
+pulumi-aws>5.0.0
 pulumi-aws-native
+pulumi-policy
 # apprise
 
 # flake8