feat: add policy pack support for Pulumi stacks
This commit is contained in:
parent
34bd98e3f3
commit
c7b0daab22
@ -1,6 +1,6 @@
|
|||||||
ARG RUNTIME_VERSION="3.8"
|
ARG RUNTIME_VERSION="3.8"
|
||||||
ARG DISTRO_VERSION="3.15"
|
ARG DISTRO_VERSION="3.15"
|
||||||
ARG PULUMI_VERSION="3.34.0"
|
ARG PULUMI_VERSION="3.35.0"
|
||||||
|
|
||||||
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
|
||||||
ARG PULUMI_VERSION
|
ARG PULUMI_VERSION
|
||||||
|
|||||||
@ -723,7 +723,8 @@ class Stack(object):
|
|||||||
"""Creates a stack"""
|
"""Creates a stack"""
|
||||||
|
|
||||||
if self.mode == "pulumi":
|
if self.mode == "pulumi":
|
||||||
pulumi_init(self, create=True).up(on_output=self._log_pulumi)
|
kwargs = self._set_pulumi_args()
|
||||||
|
pulumi_init(self, create=True).up(**kwargs)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
# Prepare parameters
|
# Prepare parameters
|
||||||
@ -850,7 +851,8 @@ class Stack(object):
|
|||||||
def preview(self):
|
def preview(self):
|
||||||
"""Preview a Pulumi stack up operation"""
|
"""Preview a Pulumi stack up operation"""
|
||||||
|
|
||||||
pulumi_init(self, create=True).preview(on_output=self._log_pulumi)
|
kwargs = self._set_pulumi_args()
|
||||||
|
pulumi_init(self, create=True).preview(**kwargs)
|
||||||
|
|
||||||
return
|
return
|
||||||
|
|
||||||
@ -864,7 +866,9 @@ class Stack(object):
|
|||||||
for r in self._pulumi_code.RESOURCES:
|
for r in self._pulumi_code.RESOURCES:
|
||||||
r_id = r["id"]
|
r_id = r["id"]
|
||||||
if not r_id:
|
if not r_id:
|
||||||
r_id = input("Please enter ID for {} ({}):".format(r["name"], r["type"]))
|
r_id = input(
|
||||||
|
"Please enter ID for {} ({}):".format(r["name"], r["type"])
|
||||||
|
)
|
||||||
|
|
||||||
logger.info("Importing {} ({}) as {}".format(r_id, r["type"], r["name"]))
|
logger.info("Importing {} ({}) as {}".format(r_id, r["type"], r["name"]))
|
||||||
|
|
||||||
@ -1148,3 +1152,28 @@ class Stack(object):
|
|||||||
)
|
)
|
||||||
if text and not text.isspace():
|
if text and not text.isspace():
|
||||||
logger.info(" ".join([self.region, self.stackname, text]))
|
logger.info(" ".join([self.region, self.stackname, text]))
|
||||||
|
|
||||||
|
def _set_pulumi_args(self, kwargs={}):
|
||||||
|
kwargs["on_output"] = self._log_pulumi
|
||||||
|
kwargs["policy_packs"] = []
|
||||||
|
kwargs["policy_pack_configs"] = []
|
||||||
|
|
||||||
|
# Try to find policies in each artifact location
|
||||||
|
if "policies" in self.pulumi:
|
||||||
|
for policy in self.pulumi["policies"]:
|
||||||
|
found = False
|
||||||
|
for artifacts_path in self.ctx["artifact_paths"]:
|
||||||
|
path = "{}/pulumi/policies/{}".format(artifacts_path.resolve(), policy)
|
||||||
|
if os.path.exists(path):
|
||||||
|
kwargs["policy_packs"].append(path)
|
||||||
|
found = True
|
||||||
|
if not found:
|
||||||
|
logger.error(f"Could not find policy implementation for {policy}!")
|
||||||
|
raise FileNotFoundError
|
||||||
|
|
||||||
|
try:
|
||||||
|
kwargs["policy_pack_configs"] = self.pulumi["policy_configs"]
|
||||||
|
except KeyError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return kwargs
|
||||||
|
|||||||
@ -4,9 +4,10 @@ Jinja2>=3.0.0
|
|||||||
click
|
click
|
||||||
pyminifier
|
pyminifier
|
||||||
cfn-lint>=0.34
|
cfn-lint>=0.34
|
||||||
pulumi
|
pulumi>=3.35.0
|
||||||
pulumi-aws
|
pulumi-aws>5.0.0
|
||||||
pulumi-aws-native
|
pulumi-aws-native
|
||||||
|
pulumi-policy
|
||||||
# apprise
|
# apprise
|
||||||
|
|
||||||
# flake8
|
# flake8
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user