feat: add policy pack support for Pulumi stacks

This commit is contained in:
Stefan Reimer 2022-06-23 15:55:37 +02:00
parent 34bd98e3f3
commit c7b0daab22
3 changed files with 36 additions and 6 deletions

View File

@ -1,6 +1,6 @@
ARG RUNTIME_VERSION="3.8" ARG RUNTIME_VERSION="3.8"
ARG DISTRO_VERSION="3.15" ARG DISTRO_VERSION="3.15"
ARG PULUMI_VERSION="3.34.0" ARG PULUMI_VERSION="3.35.0"
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
ARG PULUMI_VERSION ARG PULUMI_VERSION

View File

@ -723,7 +723,8 @@ class Stack(object):
"""Creates a stack""" """Creates a stack"""
if self.mode == "pulumi": if self.mode == "pulumi":
pulumi_init(self, create=True).up(on_output=self._log_pulumi) kwargs = self._set_pulumi_args()
pulumi_init(self, create=True).up(**kwargs)
else: else:
# Prepare parameters # Prepare parameters
@ -850,7 +851,8 @@ class Stack(object):
def preview(self): def preview(self):
"""Preview a Pulumi stack up operation""" """Preview a Pulumi stack up operation"""
pulumi_init(self, create=True).preview(on_output=self._log_pulumi) kwargs = self._set_pulumi_args()
pulumi_init(self, create=True).preview(**kwargs)
return return
@ -864,7 +866,9 @@ class Stack(object):
for r in self._pulumi_code.RESOURCES: for r in self._pulumi_code.RESOURCES:
r_id = r["id"] r_id = r["id"]
if not r_id: if not r_id:
r_id = input("Please enter ID for {} ({}):".format(r["name"], r["type"])) r_id = input(
"Please enter ID for {} ({}):".format(r["name"], r["type"])
)
logger.info("Importing {} ({}) as {}".format(r_id, r["type"], r["name"])) logger.info("Importing {} ({}) as {}".format(r_id, r["type"], r["name"]))
@ -1148,3 +1152,28 @@ class Stack(object):
) )
if text and not text.isspace(): if text and not text.isspace():
logger.info(" ".join([self.region, self.stackname, text])) logger.info(" ".join([self.region, self.stackname, text]))
def _set_pulumi_args(self, kwargs={}):
kwargs["on_output"] = self._log_pulumi
kwargs["policy_packs"] = []
kwargs["policy_pack_configs"] = []
# Try to find policies in each artifact location
if "policies" in self.pulumi:
for policy in self.pulumi["policies"]:
found = False
for artifacts_path in self.ctx["artifact_paths"]:
path = "{}/pulumi/policies/{}".format(artifacts_path.resolve(), policy)
if os.path.exists(path):
kwargs["policy_packs"].append(path)
found = True
if not found:
logger.error(f"Could not find policy implementation for {policy}!")
raise FileNotFoundError
try:
kwargs["policy_pack_configs"] = self.pulumi["policy_configs"]
except KeyError:
pass
return kwargs

View File

@ -4,9 +4,10 @@ Jinja2>=3.0.0
click click
pyminifier pyminifier
cfn-lint>=0.34 cfn-lint>=0.34
pulumi pulumi>=3.35.0
pulumi-aws pulumi-aws>5.0.0
pulumi-aws-native pulumi-aws-native
pulumi-policy
# apprise # apprise
# flake8 # flake8