Add basic analyzer support
This change introduces the basic requirements for analyzers, as per
pulumi/coconut#119. In particular, an analyzer can implement either,
or both, of the RPC methods, Analyze and AnalyzeResource. The former
is meant to check an overall deployment (e.g., to ensure it has been
signed off on) and the latter is to check individual resources (e.g.,
to ensure properties of them are correct, such as checking style,
security, etc. rules). These run simultaneous to overall checking.
Analyzers are loaded as plugins just like providers are. The difference
is mainly in their naming ("analyzer-" prefix, rather than "resource-"),
and the RPC methods that they support.
This isn't 100% functional since we need a way to specify at the CLI
that a particular analyzer should be run, in addition to a way of
recording which analyzers certain projects should use in their manifests.
2017-03-11 08:49:17 +01:00
|
|
|
// Copyright 2016 Pulumi, Inc. All rights reserved.
|
|
|
|
|
|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
import "google/protobuf/struct.proto";
|
|
|
|
|
|
|
|
package cocorpc;
|
|
|
|
|
2017-03-11 19:07:34 +01:00
|
|
|
// Analyzer is a pluggable service that checks entire projects/stacks/snapshots, and/or individual resources,
|
Add basic analyzer support
This change introduces the basic requirements for analyzers, as per
pulumi/coconut#119. In particular, an analyzer can implement either,
or both, of the RPC methods, Analyze and AnalyzeResource. The former
is meant to check an overall deployment (e.g., to ensure it has been
signed off on) and the latter is to check individual resources (e.g.,
to ensure properties of them are correct, such as checking style,
security, etc. rules). These run simultaneous to overall checking.
Analyzers are loaded as plugins just like providers are. The difference
is mainly in their naming ("analyzer-" prefix, rather than "resource-"),
and the RPC methods that they support.
This isn't 100% functional since we need a way to specify at the CLI
that a particular analyzer should be run, in addition to a way of
recording which analyzers certain projects should use in their manifests.
2017-03-11 08:49:17 +01:00
|
|
|
// for arbitrary issues. These might be style, policy, correctness, security, or performance related.
|
2017-03-11 19:07:34 +01:00
|
|
|
service Analyzer {
|
Add basic analyzer support
This change introduces the basic requirements for analyzers, as per
pulumi/coconut#119. In particular, an analyzer can implement either,
or both, of the RPC methods, Analyze and AnalyzeResource. The former
is meant to check an overall deployment (e.g., to ensure it has been
signed off on) and the latter is to check individual resources (e.g.,
to ensure properties of them are correct, such as checking style,
security, etc. rules). These run simultaneous to overall checking.
Analyzers are loaded as plugins just like providers are. The difference
is mainly in their naming ("analyzer-" prefix, rather than "resource-"),
and the RPC methods that they support.
This isn't 100% functional since we need a way to specify at the CLI
that a particular analyzer should be run, in addition to a way of
recording which analyzers certain projects should use in their manifests.
2017-03-11 08:49:17 +01:00
|
|
|
// Analyze analyzes an entire project/stack/snapshot, and returns any errors that it finds.
|
|
|
|
rpc Analyze(AnalyzeRequest) returns (AnalyzeResponse) {}
|
|
|
|
// AnalyzeResource analyzes a single resource object, and returns any errors that it finds.
|
|
|
|
rpc AnalyzeResource(AnalyzeResourceRequest) returns (AnalyzeResourceResponse) {}
|
|
|
|
}
|
|
|
|
|
|
|
|
message AnalyzeRequest {
|
|
|
|
string pkg = 1; // the fully resolved package URL being deployed.
|
|
|
|
}
|
|
|
|
|
|
|
|
message AnalyzeResponse {
|
|
|
|
repeated AnalyzeFailure failures = 1; // the failures (or empty if none).
|
|
|
|
}
|
|
|
|
|
|
|
|
message AnalyzeFailure {
|
|
|
|
string reason = 1; // the reason that the analyzer rejected the request.
|
|
|
|
}
|
|
|
|
|
|
|
|
message AnalyzeResourceRequest {
|
|
|
|
string type = 1; // the type token of the resource.
|
|
|
|
google.protobuf.Struct properties = 2; // the full properties to use for validation.
|
|
|
|
}
|
|
|
|
|
|
|
|
message AnalyzeResourceResponse {
|
|
|
|
repeated AnalyzeResourceFailure failures = 1; // the failures (or empty if none).
|
|
|
|
}
|
|
|
|
|
|
|
|
message AnalyzeResourceFailure {
|
|
|
|
string property = 1; // the property that the analyzer rejected (or "" if general).
|
|
|
|
string reason = 2; // the reason that the analyzer rejected the request.
|
|
|
|
}
|
|
|
|
|