New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@pulumi/policy

Package Overview
Dependencies
Maintainers
2
Versions
138
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pulumi/policy - npm Package Versions

1
14

0.5.0

Diff
pulumi-bot
 published 0.5.0 •

Changelog

Source

0.5.0 (2020-04-01)

  • Expose options, parent, dependencies, and provider config (https://github.com/pulumi/pulumi-policy/pull/184).

  • Fix issue that prevented async policies from failing as expected when using validateResourceOfType or validateStackResourcesOfType (https://github.com/pulumi/pulumi-policy/pull/202).

  • Added a top-level optional enforcementLevel on PolicyPackArgs and made enforcementLevel on Policy optional. This allows setting the enforcement level at the Policy Pack level which will apply to all policies. Individual policies can set their own enforcementLevel to override the value specified for the Policy Pack. If no enforcement level is specified for either the Policy Pack or Policy, "advisory" is used. (https://github.com/pulumi/pulumi-policy/issues/192).

  • Add support for configuring policies. Policies can now declare their config schema by setting the config property, and access config values via args.getConfig<T>() (https://github.com/pulumi/pulumi-policy/pull/207).

    Example:

    {
    name: "certificate-expiration",
    description: "Checks whether a certificate has expired.",
    configSchema: {
        properties: {
            expiration: {
                type: "integer",
                default: 14,
            },
        },
    },
    validateResource: (args, reportViolation) => {
        const { expiration } = args.getConfig<{ expiration: number }>();

        // ...
    }),
}

  • Add support for writing policies in Python :tada: (https://github.com/pulumi/pulumi-policy/pull/212).

    Example:

    def s3_no_public_read(args: ResourceValidationArgs, report_violation: ReportViolation):
    if args.resource_type == "aws:s3/bucket:Bucket" and "acl" in args.props:
        acl = args.props["acl"]
        if acl == "public-read" or acl == "public-read-write":
            report_violation("You cannot set public-read or public-read-write on an S3 bucket.")

PolicyPack(
    name="aws-policy-pack",
    enforcement_level=EnforcementLevel.MANDATORY,
    policies=[
        ResourceValidationPolicy(
            name="s3-no-public-read",
            description="Prohibits setting the publicRead or publicReadWrite permission on AWS S3 buckets.",
            validate=s3_no_public_read,
        ),
    ],
)

0.4.1-dev.1585771207

Diff
pulumi-bot
 published 0.4.1-dev.1585771207 •

0.4.1-dev.1585605506

Diff
pulumi-bot
 published 0.4.1-dev.1585605506 •

0.4.1-dev.1585265246

Diff
pulumi-bot
 published 0.4.1-dev.1585265246 •

0.4.1-dev.1585234657

Diff
pulumi-bot
 published 0.4.1-dev.1585234657 •

0.4.1-dev.1584753492

Diff
pulumi-bot
 published 0.4.1-dev.1584753492 •

0.4.1-dev.1584625475

Diff
pulumi-bot
 published 0.4.1-dev.1584625475 •

0.4.1-dev.1583707943

Diff
pulumi-bot
 published 0.4.1-dev.1583707943 •

0.4.1-dev.1583168615

Diff
pulumi-bot
 published 0.4.1-dev.1583168615 •

0.4.1-dev.1583164309

Diff
pulumi-bot
 published 0.4.1-dev.1583164309 •
1
14
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc