maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Initial support for configuring policies (#4015)

Browse source
This commit is contained in:
Justin Van Patten 2020-03-08 14:11:55 -07:00 committed by GitHub
parent 81b6afa3c7
commit 80f6c61310
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 3120 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -26,6 +26,9 @@ CHANGELOG
- Fix type annotations for `Output.all` and `Output.concat` in Python SDK.
[#4016](https://github.com/pulumi/pulumi/pull/4016)
- Add support for configuring policies.
[#4015](https://github.com/pulumi/pulumi/pull/4015)
## 1.11.1 (2020-02-26)
- Fix a regression for CustomTimeouts in Python SDK.
[#3964](https://github.com/pulumi/pulumi/pull/3964)

12
cmd/preview.go
View file

@ -37,6 +37,7 @@ func newPreviewCmd() *cobra.Command {
// Flags for engine.UpdateOptions.
var jsonDisplay bool
var policyPackPaths []string
var policyPackConfigPaths []string
var diffDisplay bool
var eventLogPath string
var parallel int
@ -88,13 +89,17 @@ func newPreviewCmd() *cobra.Command {
Debug: debug,
}
if err := validatePolicyPackConfig(policyPackPaths, policyPackConfigPaths); err != nil {
return result.FromError(err)
}
s, err := requireStack(stack, true, displayOpts, true /*setCurrent*/)
if err != nil {
return result.FromError(err)
}
// Save any config values passed via flags.
if err := parseAndSaveConfigArray(s, configArray, configPath); err != nil {
if err = parseAndSaveConfigArray(s, configArray, configPath); err != nil {
return result.FromError(err)
}
@ -135,7 +140,7 @@ func newPreviewCmd() *cobra.Command {
opts := backend.UpdateOptions{
Engine: engine.UpdateOptions{
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths),
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths, policyPackConfigPaths),
Parallel: parallel,
Debug: debug,
Refresh: refresh,
@ -210,6 +215,9 @@ func newPreviewCmd() *cobra.Command {
cmd.PersistentFlags().StringSliceVar(
&policyPackPaths, "policy-pack", []string{},
"[PREVIEW] Run one or more policy packs as part of this update")
cmd.PersistentFlags().StringSliceVar(
&policyPackConfigPaths, "policy-pack-config", []string{},
`[PREVIEW] Path to JSON file containing the config for the policy pack of the corresponding "--policy-pack" flag`)
cmd.PersistentFlags().BoolVar(
&diffDisplay, "diff", false,
"Display operation as a rich diff showing the overall change")

29
cmd/up.go
View file

@ -55,6 +55,7 @@ func newUpCmd() *cobra.Command {
// Flags for engine.UpdateOptions.
var policyPackPaths []string
var policyPackConfigPaths []string
var diffDisplay bool
var eventLogPath string
var parallel int
@ -120,7 +121,7 @@ func newUpCmd() *cobra.Command {
}
opts.Engine = engine.UpdateOptions{
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths),
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths, policyPackConfigPaths),
Parallel: parallel,
Debug: debug,
Refresh: refresh,
@ -281,7 +282,7 @@ func newUpCmd() *cobra.Command {
}
opts.Engine = engine.UpdateOptions{
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths),
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths, policyPackConfigPaths),
Parallel: parallel,
Debug: debug,
Refresh: refresh,
@ -341,6 +342,10 @@ func newUpCmd() *cobra.Command {
return result.FromError(err)
}
if err = validatePolicyPackConfig(policyPackPaths, policyPackConfigPaths); err != nil {
return result.FromError(err)
}
var displayType = display.DisplayProgress
if diffDisplay {
displayType = display.DisplayDiff
@ -413,6 +418,9 @@ func newUpCmd() *cobra.Command {
cmd.PersistentFlags().StringSliceVar(
&policyPackPaths, "policy-pack", []string{},
"[PREVIEW] Run one or more policy packs as part of this update")
cmd.PersistentFlags().StringSliceVar(
&policyPackConfigPaths, "policy-pack-config", []string{},
`[PREVIEW] Path to JSON file containing the config for the policy pack of the corresponding "--policy-pack" flag`)
cmd.PersistentFlags().BoolVar(
&diffDisplay, "diff", false,
"Display operation as a rich diff showing the overall change")
@ -454,6 +462,23 @@ func newUpCmd() *cobra.Command {
return cmd
}
// validatePolicyPackConfig validates the `--policy-pack-config` and `--policy-pack` flags. These two flags are
// order-dependent, e.g., the first `--policy-pack-config` flag value corresponds to the first `--policy-pack`
// flag value, and so on for the second, third, etc. An error is returned if `--policy-pack-config` is specified
// and there isn't a `--policy-pack-config` for every `--policy-pack` that was set.
func validatePolicyPackConfig(policyPackPaths []string, policyPackConfigPaths []string) error {
if len(policyPackConfigPaths) > 0 {
if len(policyPackPaths) == 0 {
return errors.New(`"--policy-pack-config" must be specified with "--policy-pack"`)
}
if len(policyPackConfigPaths) != len(policyPackPaths) {
return errors.New(
`the number of "--policy-pack-config" flags must match the number of "--policy-pack" flags`)
}
}
return nil
}
// handleConfig handles prompting for config values (as needed) and saving config.
func handleConfig(
s backend.Stack,

87
cmd/up_test.go Normal file
View file

@ -0,0 +1,87 @@
// Copyright 2016-2020, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"fmt"
"testing"
"github.com/stretchr/testify/assert"
)
func TestValidatePolicyPackConfig(t *testing.T) {
var tests = []struct {
PolicyPackPaths []string
PolicyPackConfigPaths []string
ExpectError bool
}{
{
PolicyPackPaths: nil,
PolicyPackConfigPaths: nil,
ExpectError: false,
},
{
PolicyPackPaths: []string{},
PolicyPackConfigPaths: []string{},
ExpectError: false,
},
{
PolicyPackPaths: []string{"foo"},
PolicyPackConfigPaths: []string{},
ExpectError: false,
},
{
PolicyPackPaths: []string{"foo", "bar"},
PolicyPackConfigPaths: []string{},
ExpectError: false,
},
{
PolicyPackPaths: []string{"foo"},
PolicyPackConfigPaths: []string{"foo"},
ExpectError: false,
},
{
PolicyPackPaths: []string{"foo", "bar"},
PolicyPackConfigPaths: []string{"foo", "bar"},
ExpectError: false,
},
{
PolicyPackPaths: []string{"foo", "bar"},
PolicyPackConfigPaths: []string{"foo"},
ExpectError: true,
},
{
PolicyPackPaths: []string{},
PolicyPackConfigPaths: []string{"foo"},
ExpectError: true,
},
{
PolicyPackPaths: []string{"foo"},
PolicyPackConfigPaths: []string{"foo", "bar"},
ExpectError: true,
},
}
for _, test := range tests {
t.Run(fmt.Sprintf("%v", test), func(t *testing.T) {
err := validatePolicyPackConfig(test.PolicyPackPaths, test.PolicyPackConfigPaths)
if test.ExpectError {
assert.Error(t, err)
} else {
assert.NoError(t, err)
}
})
}
}

10
cmd/watch.go
View file

@ -38,6 +38,7 @@ func newWatchCmd() *cobra.Command {
// Flags for engine.UpdateOptions.
var policyPackPaths []string
var policyPackConfigPaths []string
var parallel int
var refresh bool
var showConfig bool
@ -76,6 +77,10 @@ func newWatchCmd() *cobra.Command {
Debug: debug,
}
if err := validatePolicyPackConfig(policyPackPaths, policyPackConfigPaths); err != nil {
return result.FromError(err)
}
s, err := requireStack(stack, true, opts.Display, true /*setCurrent*/)
if err != nil {
return result.FromError(err)
@ -107,7 +112,7 @@ func newWatchCmd() *cobra.Command {
}
opts.Engine = engine.UpdateOptions{
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths),
LocalPolicyPacks: engine.MakeLocalPolicyPacks(policyPackPaths, policyPackConfigPaths),
Parallel: parallel,
Debug: debug,
Refresh: refresh,
@ -162,6 +167,9 @@ func newWatchCmd() *cobra.Command {
cmd.PersistentFlags().StringSliceVar(
&policyPackPaths, "policy-pack", []string{},
"[PREVIEW] Run one or more policy packs as part of each update")
cmd.PersistentFlags().StringSliceVar(
&policyPackConfigPaths, "policy-pack-config", []string{},
`[PREVIEW] Path to JSON file containing the config for the policy pack of the corresponding "--policy-pack" flag`)
cmd.PersistentFlags().IntVarP(
&parallel, "parallel", "p", defaultParallel,
"Allow P resource operations to run in parallel at once (1 for no parallelism). Defaults to unbounded.")

1
go.mod
View file

@ -54,6 +54,7 @@ require (
github.com/texttheater/golang-levenshtein v0.0.0-20180516184445-d188e65d659e
github.com/uber/jaeger-client-go v2.15.0+incompatible
github.com/uber/jaeger-lib v1.5.0 // indirect
github.com/xeipuuv/gojsonschema v1.2.0
gocloud.dev v0.18.0
gocloud.dev/secrets/hashivault v0.18.0
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5

6
go.sum
View file

@ -347,6 +347,12 @@ github.com/uber/jaeger-lib v1.5.0/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/Aaua
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
github.com/xanzy/ssh-agent v0.2.0 h1:Adglfbi5p9Z0BmK2oKU9nTG+zKfniSfnaMYB+ULd+Ro=
github.com/xanzy/ssh-agent v0.2.0/go.mod h1:0NyE30eGUDliuLEHJgYte/zncp2zdTStcOnWhgSqHD8=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/zclconf/go-cty v1.2.0 h1:sPHsy7ADcIZQP3vILvTjrh74ZA175TFP5vqiNK1UmlI=
github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0=

9
pkg/apitype/policy.go
View file

@ -127,6 +127,15 @@ const (
Disabled EnforcementLevel = "disabled"
)
// IsValid returns true if the EnforcementLevel is a valid value.
func (el EnforcementLevel) IsValid() bool {
switch el {
case Advisory, Mandatory, Disabled:
return true
}
return false
}
// GetPolicyPackResponse is the response to get a specific Policy Pack's
// metadata and policies.
type GetPolicyPackResponse struct {

40
pkg/backend/httpstate/client/client.go
View file

@ -552,11 +552,28 @@ func (pc *Client) PublishPolicyPack(ctx context.Context, orgName string,
return "", err
}
policies := make([]apitype.Policy, len(analyzerInfo.Policies))
for i, policy := range analyzerInfo.Policies {
configSchema, err := convertPolicyConfigSchema(policy.ConfigSchema)
if err != nil {
return "", err
}
policies[i] = apitype.Policy{
Name: policy.Name,
DisplayName: policy.DisplayName,
Description: policy.Description,
EnforcementLevel: policy.EnforcementLevel,
Message: policy.Message,
ConfigSchema: configSchema,
}
}
req := apitype.CreatePolicyPackRequest{
Name: analyzerInfo.Name,
DisplayName: analyzerInfo.DisplayName,
VersionTag: analyzerInfo.Version,
Policies: analyzerInfo.Policies,
Policies: policies,
}
// Print a publishing message. We have to handle the case where an older version of pulumi/policy
@ -608,6 +625,27 @@ func (pc *Client) PublishPolicyPack(ctx context.Context, orgName string,
return version, nil
}
// convertPolicyConfigSchema converts a policy's schema from the analyzer to the apitype.
func convertPolicyConfigSchema(schema *plugin.AnalyzerPolicyConfigSchema) (*apitype.PolicyConfigSchema, error) {
if schema == nil {
return nil, nil
}
properties := map[string]*json.RawMessage{}
for k, v := range schema.Properties {
bytes, err := json.Marshal(v)
if err != nil {
return nil, err
}
raw := json.RawMessage(bytes)
properties[k] = &raw
}
return &apitype.PolicyConfigSchema{
Type: apitype.Object,
Properties: properties,
Required: schema.Required,
}, nil
}
// validatePolicyPackVersion validates the version of a Policy Pack. The version may be empty,
// as it is likely an older version of pulumi/policy that does not gather the version.
func validatePolicyPackVersion(s string) error {

3
pkg/backend/httpstate/policypack.go
View file

@ -3,6 +3,7 @@ package httpstate
import (
"bytes"
"context"
"encoding/json"
"fmt"
"io/ioutil"
"os"
@ -76,6 +77,8 @@ func (rp *cloudRequiredPolicy) Install(ctx context.Context) (string, error) {
return policyPackPath, installRequiredPolicy(policyPackPath, policyPackTarball)
}
func (rp *cloudRequiredPolicy) Config() map[string]*json.RawMessage { return rp.RequiredPolicy.Config }
func newCloudBackendPolicyPackReference(
cloudConsoleURL, orgName string, name tokens.QName) *cloudBackendPolicyPackReference {

97
pkg/engine/update.go
View file

@ -16,8 +16,10 @@ package engine
import (
"context"
"encoding/json"
"fmt"
"path/filepath"
"sort"
"strings"
"sync"
"time"
@ -26,6 +28,7 @@ import (
"github.com/pkg/errors"
"github.com/pulumi/pulumi/pkg/diag"
"github.com/pulumi/pulumi/pkg/resource"
resourceanalyzer "github.com/pulumi/pulumi/pkg/resource/analyzer"
"github.com/pulumi/pulumi/pkg/resource/deploy"
"github.com/pulumi/pulumi/pkg/resource/plugin"
"github.com/pulumi/pulumi/pkg/tokens"
@ -43,6 +46,8 @@ type RequiredPolicy interface {
Version() string
// Install will install the PolicyPack locally, returning the path it was installed to.
Install(ctx context.Context) (string, error)
// Config returns the PolicyPack's configuration.
Config() map[string]*json.RawMessage
}
// LocalPolicyPack represents a set of local Policy Packs to apply during an update.
@ -51,16 +56,27 @@ type LocalPolicyPack struct {
Name string
// Path of the local Policy Pack.
Path string
// Path of the local Policy Pack's JSON config file.
Config string
}
// MakeLocalPolicyPacks is a helper function for converting the list of local Policy
// Pack paths to list of LocalPolicyPack. The name of the Local Policy Pack is not set
// since we must load up the Policy Pack plugin to determine its name.
func MakeLocalPolicyPacks(localPaths []string) []LocalPolicyPack {
func MakeLocalPolicyPacks(localPaths []string, configPaths []string) []LocalPolicyPack {
// If we have any configPaths, we should have already validated that the length of
// the localPaths and configPaths are the same.
contract.Assert(len(configPaths) == 0 || len(configPaths) == len(localPaths))
r := make([]LocalPolicyPack, len(localPaths))
for i, p := range localPaths {
var config string
if len(configPaths) > 0 {
config = configPaths[i]
}
r[i] = LocalPolicyPack{
Path: p,
Path: p,
Config: config,
}
}
return r
@ -219,8 +235,17 @@ func installPlugins(
return allPlugins, defaultProviderVersions, nil
}
func installAndLoadPolicyPlugins(plugctx *plugin.Context, policies []RequiredPolicy, localPolicyPacks []LocalPolicyPack,
opts *plugin.PolicyAnalyzerOptions) error {
func installAndLoadPolicyPlugins(plugctx *plugin.Context, d diag.Sink, policies []RequiredPolicy,
localPolicyPacks []LocalPolicyPack, opts *plugin.PolicyAnalyzerOptions) error {
var allValidationErrors []string
appendValidationErrors := func(policyPackName, policyPackVersion string, validationErrors []string) {
for _, validationError := range validationErrors {
allValidationErrors = append(allValidationErrors,
fmt.Sprintf("validating policy config: %s %s %s",
policyPackName, policyPackVersion, validationError))
}
}
// Install and load required policy packs.
for _, policy := range policies {
@ -229,10 +254,35 @@ func installAndLoadPolicyPlugins(plugctx *plugin.Context, policies []RequiredPol
return err
}
_, err = plugctx.Host.PolicyAnalyzer(tokens.QName(policy.Name()), policyPath, opts)
analyzer, err := plugctx.Host.PolicyAnalyzer(tokens.QName(policy.Name()), policyPath, opts)
if err != nil {
return err
}
analyzerInfo, err := analyzer.GetAnalyzerInfo()
if err != nil {
return err
}
// Parse the config, reconcile & validate it, and pass it to the policy pack.
if !analyzerInfo.SupportsConfig {
if len(policy.Config()) > 0 {
logging.V(7).Infof("policy pack %q does not support config; skipping configure", analyzerInfo.Name)
}
continue
}
configFromAPI, err := resourceanalyzer.ParsePolicyPackConfigFromAPI(policy.Config())
if err != nil {
return err
}
config, validationErrors, err := resourceanalyzer.ReconcilePolicyPackConfig(analyzerInfo.Policies, configFromAPI)
if err != nil {
return errors.Wrapf(err, "reconciling config for %q", analyzerInfo.Name)
}
appendValidationErrors(analyzerInfo.Name, analyzerInfo.Version, validationErrors)
if err = analyzer.Configure(config); err != nil {
return errors.Wrapf(err, "configuring policy pack %q", analyzerInfo.Name)
}
}
// Load local policy packs.
@ -246,7 +296,7 @@ func installAndLoadPolicyPlugins(plugctx *plugin.Context, policies []RequiredPol
if err != nil {
return err
} else if analyzer == nil {
return errors.Errorf("analyzer could not be loaded from path %q", pack.Path)
return errors.Errorf("policy analyzer could not be loaded from path %q", pack.Path)
}
// Update the Policy Pack names now that we have loaded the plugins and can access the name.
@ -255,7 +305,40 @@ func installAndLoadPolicyPlugins(plugctx *plugin.Context, policies []RequiredPol
return err
}
localPolicyPacks[i].Name = analyzerInfo.Name
// Load config, reconcile & validate it, and pass it to the policy pack.
if !analyzerInfo.SupportsConfig {
if pack.Config != "" {
return errors.Errorf("policy pack %q at %q does not support config", analyzerInfo.Name, pack.Path)
}
continue
}
var configFromFile map[string]plugin.AnalyzerPolicyConfig
if pack.Config != "" {
configFromFile, err = resourceanalyzer.LoadPolicyPackConfigFromFile(pack.Config)
if err != nil {
return err
}
}
config, validationErrors, err := resourceanalyzer.ReconcilePolicyPackConfig(analyzerInfo.Policies, configFromFile)
if err != nil {
return errors.Wrapf(err, "reconciling policy config for %q at %q", analyzerInfo.Name, pack.Path)
}
appendValidationErrors(analyzerInfo.Name, analyzerInfo.Version, validationErrors)
if err = analyzer.Configure(config); err != nil {
return errors.Wrapf(err, "configuring policy pack %q at %q", analyzerInfo.Name, pack.Path)
}
}
// Report any policy config validation errors and return an error.
if len(allValidationErrors) > 0 {
sort.Strings(allValidationErrors)
for _, validationError := range allValidationErrors {
plugctx.Diag.Errorf(diag.Message("", validationError))
}
return errors.New("validating policy config")
}
return nil
}
@ -296,7 +379,7 @@ func newUpdateSource(
Config: config,
DryRun: dryRun,
}
if err := installAndLoadPolicyPlugins(plugctx, opts.RequiredPolicies, opts.LocalPolicyPacks,
if err := installAndLoadPolicyPlugins(plugctx, opts.Diag, opts.RequiredPolicies, opts.LocalPolicyPacks,
&analyzerOpts); err != nil {
return nil, err
}

293
pkg/resource/analyzer/config.go Normal file
View file

@ -0,0 +1,293 @@
// Copyright 2016-2020, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package analyzer
import (
"encoding/json"
"fmt"
"io/ioutil"
"strings"
"github.com/pkg/errors"
"github.com/pulumi/pulumi/pkg/apitype"
"github.com/pulumi/pulumi/pkg/resource/plugin"
"github.com/pulumi/pulumi/pkg/util/contract"
"github.com/xeipuuv/gojsonschema"
)
// LoadPolicyPackConfigFromFile loads the JSON config from a file.
func LoadPolicyPackConfigFromFile(file string) (map[string]plugin.AnalyzerPolicyConfig, error) {
b, err := ioutil.ReadFile(file)
if err != nil {
return nil, err
}
return parsePolicyPackConfig(b)
}
// ParsePolicyPackConfigFromAPI parses the config returned from the service.
func ParsePolicyPackConfigFromAPI(config map[string]*json.RawMessage) (map[string]plugin.AnalyzerPolicyConfig, error) {
result := map[string]plugin.AnalyzerPolicyConfig{}
for k, v := range config {
if v == nil {
continue
}
var enforcementLevel apitype.EnforcementLevel
var properties map[string]interface{}
props := make(map[string]interface{})
if err := json.Unmarshal(*v, &props); err != nil {
return nil, err
}
el, err := extractEnforcementLevel(props)
if err != nil {
return nil, errors.Wrapf(err, "parsing enforcement level for %q", k)
}
enforcementLevel = el
if len(props) > 0 {
properties = props
}
// Don't bother including empty configs.
if enforcementLevel == "" && len(properties) == 0 {
continue
}
result[k] = plugin.AnalyzerPolicyConfig{
EnforcementLevel: enforcementLevel,
Properties: properties,
}
}
return result, nil
}
func parsePolicyPackConfig(b []byte) (map[string]plugin.AnalyzerPolicyConfig, error) {
result := make(map[string]plugin.AnalyzerPolicyConfig)
// Gracefully allow empty content.
if strings.TrimSpace(string(b)) == "" {
return nil, nil
}
config := make(map[string]interface{})
if err := json.Unmarshal(b, &config); err != nil {
return nil, err
}
for k, v := range config {
var enforcementLevel apitype.EnforcementLevel
var properties map[string]interface{}
switch val := v.(type) {
case string:
el := apitype.EnforcementLevel(val)
if !el.IsValid() {
return nil, errors.Errorf(
"parsing enforcement level for %q: %q is not a valid enforcement level", k, val)
}
enforcementLevel = el
case map[string]interface{}:
el, err := extractEnforcementLevel(val)
if err != nil {
return nil, errors.Wrapf(err, "parsing enforcement level for %q", k)
}
enforcementLevel = el
if len(val) > 0 {
properties = val
}
default:
return nil, errors.Errorf("parsing %q: %v is not a valid value; must be a string or object", k, v)
}
// Don't bother including empty configs.
if enforcementLevel == "" && len(properties) == 0 {
continue
}
result[k] = plugin.AnalyzerPolicyConfig{
EnforcementLevel: enforcementLevel,
Properties: properties,
}
}
return result, nil
}
// extractEnforcementLevel looks for "enforcementLevel" in the map, and if so, validates that it is a valid value, and
// if so, deletes it from the map and returns it.
func extractEnforcementLevel(props map[string]interface{}) (apitype.EnforcementLevel, error) {
contract.Assertf(props != nil, "props != nil")
var enforcementLevel apitype.EnforcementLevel
if unknown, ok := props["enforcementLevel"]; ok {
enforcementLevelStr, isStr := unknown.(string)
if !isStr {
return "", errors.Errorf("%v is not a valid enforcement level; must be a string", unknown)
}
el := apitype.EnforcementLevel(enforcementLevelStr)
if !el.IsValid() {
return "", errors.Errorf("%q is not a valid enforcement level", enforcementLevelStr)
}
enforcementLevel = el
// Remove enforcementLevel from the map.
delete(props, "enforcementLevel")
}
return enforcementLevel, nil
}
// ValidatePolicyPackConfig validates the policy pack's configuration.
func validatePolicyPackConfig(
policies []plugin.AnalyzerPolicyInfo, config map[string]plugin.AnalyzerPolicyConfig) ([]string, error) {
contract.Assertf(config != nil, "contract != nil")
var errors []string
for _, policy := range policies {
if policy.ConfigSchema == nil {
continue
}
var props map[string]interface{}
if c, ok := config[policy.Name]; ok {
props = c.Properties
}
if props == nil {
props = make(map[string]interface{})
}
validationErrors, err := validatePolicyConfig(*policy.ConfigSchema, props)
if err != nil {
return nil, err
}
for _, validationError := range validationErrors {
errors = append(errors, fmt.Sprintf("%s: %s", policy.Name, validationError))
}
}
return errors, nil
}
// validatePolicyConfig validates an individual policy's configuration.
func validatePolicyConfig(schema plugin.AnalyzerPolicyConfigSchema, config map[string]interface{}) ([]string, error) {
var errors []string
schemaLoader := gojsonschema.NewGoLoader(convertSchema(schema))
documentLoader := gojsonschema.NewGoLoader(config)
result, err := gojsonschema.Validate(schemaLoader, documentLoader)
if err != nil {
return nil, err
}
if !result.Valid() {
for _, err := range result.Errors() {
// Root errors are prefixed with "(root):" (e.g. "(root): foo is required"),
// but that's just noise for our purposes, so we trim it from the message.
msg := strings.TrimPrefix(err.String(), "(root): ")
errors = append(errors, msg)
}
}
return errors, nil
}
func convertSchema(schema plugin.AnalyzerPolicyConfigSchema) plugin.JSONSchema {
result := plugin.JSONSchema{}
result["type"] = "object"
if len(schema.Properties) > 0 {
result["properties"] = schema.Properties
}
if len(schema.Required) > 0 {
result["required"] = schema.Required
}
return result
}
// createConfigWithDefaults returns a new map filled-in with defaults from the policy metadata.
func createConfigWithDefaults(policies []plugin.AnalyzerPolicyInfo) map[string]plugin.AnalyzerPolicyConfig {
result := make(map[string]plugin.AnalyzerPolicyConfig)
// Prepare the resulting config with all defaults from the policy metadata.
for _, policy := range policies {
var props map[string]interface{}
// Set default values from the schema.
if policy.ConfigSchema != nil {
for k, v := range policy.ConfigSchema.Properties {
if val, ok := v["default"]; ok {
if props == nil {
props = make(map[string]interface{})
}
props[k] = val
}
}
}
result[policy.Name] = plugin.AnalyzerPolicyConfig{
EnforcementLevel: policy.EnforcementLevel,
Properties: props,
}
}
return result
}
// ReconcilePolicyPackConfig takes metadata about each policy containing default values and config schema, and
// reconciles this with the given config to produce a new config that has all default values filled-in and then sets
// configured values.
func ReconcilePolicyPackConfig(policies []plugin.AnalyzerPolicyInfo,
config map[string]plugin.AnalyzerPolicyConfig) (map[string]plugin.AnalyzerPolicyConfig, []string, error) {
// Prepare the resulting config with all defaults from the policy metadata.
result := createConfigWithDefaults(policies)
contract.Assertf(result != nil, "result != nil")
// Next, if the given config has "all" and an enforcement level, set it for all
// policies.
if config != nil {
if all, hasAll := config["all"]; hasAll && all.EnforcementLevel.IsValid() {
for k, v := range result {
result[k] = plugin.AnalyzerPolicyConfig{
EnforcementLevel: all.EnforcementLevel,
Properties: v.Properties,
}
}
}
}
// Next, loop through the given config, and set values.
for policy, givenConfig := range config {
var enforcementLevel apitype.EnforcementLevel
var properties map[string]interface{}
if resultConfig, hasResultConfig := result[policy]; hasResultConfig {
enforcementLevel = resultConfig.EnforcementLevel
properties = resultConfig.Properties
}
if givenConfig.EnforcementLevel.IsValid() {
enforcementLevel = givenConfig.EnforcementLevel
}
if len(givenConfig.Properties) > 0 && properties == nil {
properties = make(map[string]interface{})
}
for k, v := range givenConfig.Properties {
properties[k] = v
}
result[policy] = plugin.AnalyzerPolicyConfig{
EnforcementLevel: enforcementLevel,
Properties: properties,
}
}
// Validate the resulting config.
validationErrors, err := validatePolicyPackConfig(policies, result)
if err != nil {
return nil, nil, err
}
if len(validationErrors) > 0 {
return nil, validationErrors, nil
}
return result, nil, nil
}

1066
pkg/resource/analyzer/config_test.go Normal file
View file

File diff suppressed because it is too large Load diff

46
pkg/resource/plugin/analyzer.go
View file

@ -41,6 +41,8 @@ type Analyzer interface {
GetAnalyzerInfo() (AnalyzerInfo, error)
// GetPluginInfo returns this plugin's information.
GetPluginInfo() (workspace.PluginInfo, error)
// Configure configures the analyzer, passing configuration properties for each policy.
Configure(policyConfig map[string]AnalyzerPolicyConfig) error
}
// AnalyzerResource mirrors a resource that is passed to `Analyze`.
@ -94,8 +96,48 @@ type AnalyzeDiagnostic struct {
// AnalyzerInfo provides metadata about a PolicyPack inside an analyzer.
type AnalyzerInfo struct {
Name string
DisplayName string
Version string
SupportsConfig bool
Policies []AnalyzerPolicyInfo
}
// AnalyzerPolicyInfo defines the metadata for an individual Policy within a Policy Pack.
type AnalyzerPolicyInfo struct {
// Unique URL-safe name for the policy. This is unique to a specific version
// of a Policy Pack.
Name string
DisplayName string
Version string
Policies []apitype.Policy
// Description is used to provide more context about the purpose of the policy.
Description string
EnforcementLevel apitype.EnforcementLevel
// Message is the message that will be displayed to end users when they violate
// this policy.
Message string
// ConfigSchema is optional config schema for the policy.
ConfigSchema *AnalyzerPolicyConfigSchema
}
// JSONSchema represents a JSON schema.
type JSONSchema map[string]interface{}
// AnalyzerPolicyConfigSchema provides metadata about a policy's configuration.
type AnalyzerPolicyConfigSchema struct {
// Map of config property names to JSON schema.
Properties map[string]JSONSchema
// Required config properties
Required []string
}
// AnalyzerPolicyConfig is the configuration for a policy.
type AnalyzerPolicyConfig struct {
// Configured enforcement level for the policy.
EnforcementLevel apitype.EnforcementLevel
// Configured properties of the policy.
Properties map[string]interface{}
}

204
pkg/resource/plugin/analyzer_plugin.go
View file

@ -18,10 +18,13 @@ import (
"encoding/json"
"fmt"
"os"
"reflect"
"sort"
"strings"
"github.com/blang/semver"
pbempty "github.com/golang/protobuf/ptypes/empty"
structpb "github.com/golang/protobuf/ptypes/struct"
"github.com/pkg/errors"
"google.golang.org/grpc/codes"
@ -259,27 +262,50 @@ func (a *analyzer) GetAnalyzerInfo() (AnalyzerInfo, error) {
return AnalyzerInfo{}, rpcError
}
policies := []apitype.Policy{}
for _, p := range resp.GetPolicies() {
rpcPolicies := resp.GetPolicies()
policies := make([]AnalyzerPolicyInfo, len(rpcPolicies))
for i, p := range rpcPolicies {
enforcementLevel, err := convertEnforcementLevel(p.EnforcementLevel)
if err != nil {
return AnalyzerInfo{}, err
}
policies = append(policies, apitype.Policy{
var schema *AnalyzerPolicyConfigSchema
if resp.GetSupportsConfig() {
schema = convertConfigSchema(p.GetConfigSchema())
// Inject `enforcementLevel` into the schema.
if schema == nil {
schema = &AnalyzerPolicyConfigSchema{}
}
if schema.Properties == nil {
schema.Properties = map[string]JSONSchema{}
}
schema.Properties["enforcementLevel"] = JSONSchema{
"type": "string",
"enum": []string{"advisory", "mandatory", "disabled"},
}
}
policies[i] = AnalyzerPolicyInfo{
Name: p.GetName(),
DisplayName: p.GetDisplayName(),
Description: p.GetDescription(),
EnforcementLevel: enforcementLevel,
Message: p.GetMessage(),
})
ConfigSchema: schema,
}
}
sort.Slice(policies, func(i, j int) bool {
return policies[i].Name < policies[j].Name
})
return AnalyzerInfo{
Name: resp.GetName(),
DisplayName: resp.GetDisplayName(),
Version: resp.GetVersion(),
Policies: policies,
Name: resp.GetName(),
DisplayName: resp.GetDisplayName(),
Version: resp.GetVersion(),
SupportsConfig: resp.GetSupportsConfig(),
Policies: policies,
}, nil
}
@ -311,6 +337,38 @@ func (a *analyzer) GetPluginInfo() (workspace.PluginInfo, error) {
}, nil
}
func (a *analyzer) Configure(policyConfig map[string]AnalyzerPolicyConfig) error {
label := fmt.Sprintf("%s.Configure(...)", a.label())
logging.V(7).Infof("%s executing", label)
if len(policyConfig) == 0 {
logging.V(7).Infof("%s returning early, no config specified", label)
return nil
}
c := make(map[string]*pulumirpc.PolicyConfig)
for k, v := range policyConfig {
if !v.EnforcementLevel.IsValid() {
return errors.Errorf("invalid enforcement level %q", v.EnforcementLevel)
}
c[k] = &pulumirpc.PolicyConfig{
EnforcementLevel: marshalEnforcementLevel(v.EnforcementLevel),
Properties: marshalMap(v.Properties),
}
}
_, err := a.client.Configure(a.ctx.Request(), &pulumirpc.ConfigureAnalyzerRequest{
PolicyConfig: c,
})
if err != nil {
rpcError := rpcerror.Convert(err)
logging.V(7).Infof("%s failed: err=%v", label, rpcError)
return rpcError
}
return nil
}
// Close tears down the underlying plugin RPC connection and process.
func (a *analyzer) Close() error {
return a.plug.Close()
@ -361,6 +419,117 @@ func marshalProvider(provider *AnalyzerProviderResource) (*pulumirpc.AnalyzerPro
}, nil
}
func marshalEnforcementLevel(el apitype.EnforcementLevel) pulumirpc.EnforcementLevel {
switch el {
case apitype.Advisory:
return pulumirpc.EnforcementLevel_ADVISORY
case apitype.Mandatory:
return pulumirpc.EnforcementLevel_MANDATORY
case apitype.Disabled:
return pulumirpc.EnforcementLevel_DISABLED
}
contract.Failf("Unrecognized enforcement level %s", el)
return 0
}
func marshalMap(m map[string]interface{}) *structpb.Struct {
fields := make(map[string]*structpb.Value)
for k, v := range m {
val := marshalMapValue(v)
if val != nil {
fields[k] = val
}
}
return &structpb.Struct{
Fields: fields,
}
}
func marshalMapValue(v interface{}) *structpb.Value {
if v == nil {
return &structpb.Value{
Kind: &structpb.Value_NullValue{
NullValue: structpb.NullValue_NULL_VALUE,
},
}
}
switch val := v.(type) {
case bool:
return &structpb.Value{
Kind: &structpb.Value_BoolValue{
BoolValue: val,
},
}
case float64:
return &structpb.Value{
Kind: &structpb.Value_NumberValue{
NumberValue: val,
},
}
case string:
return &structpb.Value{
Kind: &structpb.Value_StringValue{
StringValue: val,
},
}
case []interface{}:
arr := make([]*structpb.Value, len(val))
for i, e := range val {
arr[i] = marshalMapValue(e)
}
return &structpb.Value{
Kind: &structpb.Value_ListValue{
ListValue: &structpb.ListValue{Values: arr},
},
}
case map[string]interface{}:
return &structpb.Value{
Kind: &structpb.Value_StructValue{
StructValue: marshalMap(val),
},
}
}
contract.Failf("Unrecognized value: %v (type=%v)", v, reflect.TypeOf(v))
return nil
}
func unmarshalMap(s *structpb.Struct) map[string]interface{} {
if s == nil {
return nil
}
result := make(map[string]interface{})
for k, v := range s.Fields {
result[k] = unmarshalMapValue(v)
}
return result
}
func unmarshalMapValue(v *structpb.Value) interface{} {
switch val := v.Kind.(type) {
case *structpb.Value_NullValue:
return nil
case *structpb.Value_BoolValue:
return val.BoolValue
case *structpb.Value_NumberValue:
return val.NumberValue
case *structpb.Value_StringValue:
return val.StringValue
case *structpb.Value_ListValue:
arr := make([]interface{}, len(val.ListValue.Values))
for i, e := range val.ListValue.Values {
arr[i] = unmarshalMapValue(e)
}
return arr
case *structpb.Value_StructValue:
return unmarshalMap(val.StructValue)
}
contract.Failf("Unrecognized kind: %v (type=%v)", v.Kind, reflect.TypeOf(v.Kind))
return nil
}
func convertURNs(urns []resource.URN) []string {
result := make([]string, len(urns))
for idx := range urns {
@ -375,12 +544,31 @@ func convertEnforcementLevel(el pulumirpc.EnforcementLevel) (apitype.Enforcement
return apitype.Advisory, nil
case pulumirpc.EnforcementLevel_MANDATORY:
return apitype.Mandatory, nil
case pulumirpc.EnforcementLevel_DISABLED:
return apitype.Disabled, nil
default:
return "", fmt.Errorf("Invalid enforcement level %d", el)
}
}
func convertConfigSchema(schema *pulumirpc.PolicyConfigSchema) *AnalyzerPolicyConfigSchema {
if schema == nil {
return nil
}
props := make(map[string]JSONSchema)
for k, v := range unmarshalMap(schema.GetProperties()) {
s := v.(map[string]interface{})
props[k] = JSONSchema(s)
}
return &AnalyzerPolicyConfigSchema{
Properties: props,
Required: schema.GetRequired(),
}
}
func convertDiagnostics(protoDiagnostics []*pulumirpc.AnalyzeDiagnostic) ([]AnalyzeDiagnostic, error) {
diagnostics := make([]AnalyzeDiagnostic, len(protoDiagnostics))
for idx := range protoDiagnostics {

23
sdk/nodejs/proto/analyzer_grpc_pb.js
View file

@ -77,6 +77,17 @@ function deserialize_pulumirpc_AnalyzerInfo(buffer_arg) {
return analyzer_pb.AnalyzerInfo.deserializeBinary(new Uint8Array(buffer_arg));
}
function serialize_pulumirpc_ConfigureAnalyzerRequest(arg) {
if (!(arg instanceof analyzer_pb.ConfigureAnalyzerRequest)) {
throw new Error('Expected argument of type pulumirpc.ConfigureAnalyzerRequest');
}
return Buffer.from(arg.serializeBinary());
}
function deserialize_pulumirpc_ConfigureAnalyzerRequest(buffer_arg) {
return analyzer_pb.ConfigureAnalyzerRequest.deserializeBinary(new Uint8Array(buffer_arg));
}
function serialize_pulumirpc_PluginInfo(arg) {
if (!(arg instanceof plugin_pb.PluginInfo)) {
throw new Error('Expected argument of type pulumirpc.PluginInfo');
@ -145,6 +156,18 @@ getPluginInfo: {
responseSerialize: serialize_pulumirpc_PluginInfo,
responseDeserialize: deserialize_pulumirpc_PluginInfo,
},
// Configure configures the analyzer, passing configuration properties for each policy.
configure: {
path: '/pulumirpc.Analyzer/Configure',
requestStream: false,
responseStream: false,
requestType: analyzer_pb.ConfigureAnalyzerRequest,
responseType: google_protobuf_empty_pb.Empty,
requestSerialize: serialize_pulumirpc_ConfigureAnalyzerRequest,
requestDeserialize: deserialize_pulumirpc_ConfigureAnalyzerRequest,
responseSerialize: serialize_google_protobuf_Empty,
responseDeserialize: deserialize_google_protobuf_Empty,
},
};
exports.AnalyzerClient = grpc.makeGenericClientConstructor(AnalyzerService);

675
sdk/nodejs/proto/analyzer_pb.js
View file

@ -28,7 +28,10 @@ goog.exportSymbol('proto.pulumirpc.AnalyzerProviderResource', null, global);
goog.exportSymbol('proto.pulumirpc.AnalyzerResource', null, global);
goog.exportSymbol('proto.pulumirpc.AnalyzerResourceOptions', null, global);
goog.exportSymbol('proto.pulumirpc.AnalyzerResourceOptions.CustomTimeouts', null, global);
goog.exportSymbol('proto.pulumirpc.ConfigureAnalyzerRequest', null, global);
goog.exportSymbol('proto.pulumirpc.EnforcementLevel', null, global);
goog.exportSymbol('proto.pulumirpc.PolicyConfig', null, global);
goog.exportSymbol('proto.pulumirpc.PolicyConfigSchema', null, global);
goog.exportSymbol('proto.pulumirpc.PolicyInfo', null, global);
/**
* Generated by JsPbCodeGenerator.
@ -261,6 +264,69 @@ if (goog.DEBUG && !COMPILED) {
*/
proto.pulumirpc.PolicyInfo.displayName = 'proto.pulumirpc.PolicyInfo';
}
/**
* Generated by JsPbCodeGenerator.
* @param {Array=} opt_data Optional initial data array, typically from a
* server response, or constructed directly in Javascript. The array is used
* in place and becomes part of the constructed object. It is not cloned.
* If no data is provided, the constructed object will be empty, but still
* valid.
* @extends {jspb.Message}
* @constructor
*/
proto.pulumirpc.PolicyConfigSchema = function(opt_data) {
jspb.Message.initialize(this, opt_data, 0, -1, proto.pulumirpc.PolicyConfigSchema.repeatedFields_, null);
};
goog.inherits(proto.pulumirpc.PolicyConfigSchema, jspb.Message);
if (goog.DEBUG && !COMPILED) {
/**
* @public
* @override
*/
proto.pulumirpc.PolicyConfigSchema.displayName = 'proto.pulumirpc.PolicyConfigSchema';
}
/**
* Generated by JsPbCodeGenerator.
* @param {Array=} opt_data Optional initial data array, typically from a
* server response, or constructed directly in Javascript. The array is used
* in place and becomes part of the constructed object. It is not cloned.
* If no data is provided, the constructed object will be empty, but still
* valid.
* @extends {jspb.Message}
* @constructor
*/
proto.pulumirpc.PolicyConfig = function(opt_data) {
jspb.Message.initialize(this, opt_data, 0, -1, null, null);
};
goog.inherits(proto.pulumirpc.PolicyConfig, jspb.Message);
if (goog.DEBUG && !COMPILED) {
/**
* @public
* @override
*/
proto.pulumirpc.PolicyConfig.displayName = 'proto.pulumirpc.PolicyConfig';
}
/**
* Generated by JsPbCodeGenerator.
* @param {Array=} opt_data Optional initial data array, typically from a
* server response, or constructed directly in Javascript. The array is used
* in place and becomes part of the constructed object. It is not cloned.
* If no data is provided, the constructed object will be empty, but still
* valid.
* @extends {jspb.Message}
* @constructor
*/
proto.pulumirpc.ConfigureAnalyzerRequest = function(opt_data) {
jspb.Message.initialize(this, opt_data, 0, -1, null, null);
};
goog.inherits(proto.pulumirpc.ConfigureAnalyzerRequest, jspb.Message);
if (goog.DEBUG && !COMPILED) {
/**
* @public
* @override
*/
proto.pulumirpc.ConfigureAnalyzerRequest.displayName = 'proto.pulumirpc.ConfigureAnalyzerRequest';
}
@ -2777,7 +2843,8 @@ proto.pulumirpc.AnalyzerInfo.toObject = function(includeInstance, msg) {
displayname: jspb.Message.getFieldWithDefault(msg, 2, ""),
policiesList: jspb.Message.toObjectList(msg.getPoliciesList(),
proto.pulumirpc.PolicyInfo.toObject, includeInstance),
version: jspb.Message.getFieldWithDefault(msg, 4, "")
version: jspb.Message.getFieldWithDefault(msg, 4, ""),
supportsconfig: jspb.Message.getBooleanFieldWithDefault(msg, 5, false)
};
if (includeInstance) {
@ -2831,6 +2898,10 @@ proto.pulumirpc.AnalyzerInfo.deserializeBinaryFromReader = function(msg, reader)
var value = /** @type {string} */ (reader.readString());
msg.setVersion(value);
break;
case 5:
var value = /** @type {boolean} */ (reader.readBool());
msg.setSupportsconfig(value);
break;
default:
reader.skipField();
break;
@ -2889,6 +2960,13 @@ proto.pulumirpc.AnalyzerInfo.serializeBinaryToWriter = function(message, writer)
f
);
}
f = message.getSupportsconfig();
if (f) {
writer.writeBool(
5,
f
);
}
};
@ -2984,6 +3062,24 @@ proto.pulumirpc.AnalyzerInfo.prototype.setVersion = function(value) {
};
/**
* optional bool supportsConfig = 5;
* @return {boolean}
*/
proto.pulumirpc.AnalyzerInfo.prototype.getSupportsconfig = function() {
return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 5, false));
};
/**
* @param {boolean} value
* @return {!proto.pulumirpc.AnalyzerInfo} returns this
*/
proto.pulumirpc.AnalyzerInfo.prototype.setSupportsconfig = function(value) {
return jspb.Message.setProto3BooleanField(this, 5, value);
};
@ -3020,7 +3116,8 @@ proto.pulumirpc.PolicyInfo.toObject = function(includeInstance, msg) {
displayname: jspb.Message.getFieldWithDefault(msg, 2, ""),
description: jspb.Message.getFieldWithDefault(msg, 3, ""),
message: jspb.Message.getFieldWithDefault(msg, 4, ""),
enforcementlevel: jspb.Message.getFieldWithDefault(msg, 5, 0)
enforcementlevel: jspb.Message.getFieldWithDefault(msg, 5, 0),
configschema: (f = msg.getConfigschema()) && proto.pulumirpc.PolicyConfigSchema.toObject(includeInstance, f)
};
if (includeInstance) {
@ -3077,6 +3174,11 @@ proto.pulumirpc.PolicyInfo.deserializeBinaryFromReader = function(msg, reader) {
var value = /** @type {!proto.pulumirpc.EnforcementLevel} */ (reader.readEnum());
msg.setEnforcementlevel(value);
break;
case 6:
var value = new proto.pulumirpc.PolicyConfigSchema;
reader.readMessage(value,proto.pulumirpc.PolicyConfigSchema.deserializeBinaryFromReader);
msg.setConfigschema(value);
break;
default:
reader.skipField();
break;
@ -3141,6 +3243,14 @@ proto.pulumirpc.PolicyInfo.serializeBinaryToWriter = function(message, writer) {
f
);
}
f = message.getConfigschema();
if (f != null) {
writer.writeMessage(
6,
f,
proto.pulumirpc.PolicyConfigSchema.serializeBinaryToWriter
);
}
};
@ -3234,12 +3344,571 @@ proto.pulumirpc.PolicyInfo.prototype.setEnforcementlevel = function(value) {
};
/**
* optional PolicyConfigSchema configSchema = 6;
* @return {?proto.pulumirpc.PolicyConfigSchema}
*/
proto.pulumirpc.PolicyInfo.prototype.getConfigschema = function() {
return /** @type{?proto.pulumirpc.PolicyConfigSchema} */ (
jspb.Message.getWrapperField(this, proto.pulumirpc.PolicyConfigSchema, 6));
};
/**
* @param {?proto.pulumirpc.PolicyConfigSchema|undefined} value
* @return {!proto.pulumirpc.PolicyInfo} returns this
*/
proto.pulumirpc.PolicyInfo.prototype.setConfigschema = function(value) {
return jspb.Message.setWrapperField(this, 6, value);
};
/**
* Clears the message field making it undefined.
* @return {!proto.pulumirpc.PolicyInfo} returns this
*/
proto.pulumirpc.PolicyInfo.prototype.clearConfigschema = function() {
return this.setConfigschema(undefined);
};
/**
* Returns whether this field is set.
* @return {boolean}
*/
proto.pulumirpc.PolicyInfo.prototype.hasConfigschema = function() {
return jspb.Message.getField(this, 6) != null;
};
/**
* List of repeated fields within this message type.
* @private {!Array<number>}
* @const
*/
proto.pulumirpc.PolicyConfigSchema.repeatedFields_ = [2];
if (jspb.Message.GENERATE_TO_OBJECT) {
/**
* Creates an object representation of this proto.
* Field names that are reserved in JavaScript and will be renamed to pb_name.
* Optional fields that are not set will be set to undefined.
* To access a reserved field use, foo.pb_<name>, eg, foo.pb_default.
* For the list of reserved names please see:
* net/proto2/compiler/js/internal/generator.cc#kKeyword.
* @param {boolean=} opt_includeInstance Deprecated. whether to include the
* JSPB instance for transitional soy proto support:
* http://goto/soy-param-migration
* @return {!Object}
*/
proto.pulumirpc.PolicyConfigSchema.prototype.toObject = function(opt_includeInstance) {
return proto.pulumirpc.PolicyConfigSchema.toObject(opt_includeInstance, this);
};
/**
* Static version of the {@see toObject} method.
* @param {boolean|undefined} includeInstance Deprecated. Whether to include
* the JSPB instance for transitional soy proto support:
* http://goto/soy-param-migration
* @param {!proto.pulumirpc.PolicyConfigSchema} msg The msg instance to transform.
* @return {!Object}
* @suppress {unusedLocalVariables} f is only used for nested messages
*/
proto.pulumirpc.PolicyConfigSchema.toObject = function(includeInstance, msg) {
var f, obj = {
properties: (f = msg.getProperties()) && google_protobuf_struct_pb.Struct.toObject(includeInstance, f),
requiredList: (f = jspb.Message.getRepeatedField(msg, 2)) == null ? undefined : f
};
if (includeInstance) {
obj.$jspbMessageInstance = msg;
}
return obj;
};
}
/**
* Deserializes binary data (in protobuf wire format).
* @param {jspb.ByteSource} bytes The bytes to deserialize.
* @return {!proto.pulumirpc.PolicyConfigSchema}
*/
proto.pulumirpc.PolicyConfigSchema.deserializeBinary = function(bytes) {
var reader = new jspb.BinaryReader(bytes);
var msg = new proto.pulumirpc.PolicyConfigSchema;
return proto.pulumirpc.PolicyConfigSchema.deserializeBinaryFromReader(msg, reader);
};
/**
* Deserializes binary data (in protobuf wire format) from the
* given reader into the given message object.
* @param {!proto.pulumirpc.PolicyConfigSchema} msg The message object to deserialize into.
* @param {!jspb.BinaryReader} reader The BinaryReader to use.
* @return {!proto.pulumirpc.PolicyConfigSchema}
*/
proto.pulumirpc.PolicyConfigSchema.deserializeBinaryFromReader = function(msg, reader) {
while (reader.nextField()) {
if (reader.isEndGroup()) {
break;
}
var field = reader.getFieldNumber();
switch (field) {
case 1:
var value = new google_protobuf_struct_pb.Struct;
reader.readMessage(value,google_protobuf_struct_pb.Struct.deserializeBinaryFromReader);
msg.setProperties(value);
break;
case 2:
var value = /** @type {string} */ (reader.readString());
msg.addRequired(value);
break;
default:
reader.skipField();
break;
}
}
return msg;
};
/**
* Serializes the message to binary data (in protobuf wire format).
* @return {!Uint8Array}
*/
proto.pulumirpc.PolicyConfigSchema.prototype.serializeBinary = function() {
var writer = new jspb.BinaryWriter();
proto.pulumirpc.PolicyConfigSchema.serializeBinaryToWriter(this, writer);
return writer.getResultBuffer();
};
/**
* Serializes the given message to binary data (in protobuf wire
* format), writing to the given BinaryWriter.
* @param {!proto.pulumirpc.PolicyConfigSchema} message
* @param {!jspb.BinaryWriter} writer
* @suppress {unusedLocalVariables} f is only used for nested messages
*/
proto.pulumirpc.PolicyConfigSchema.serializeBinaryToWriter = function(message, writer) {
var f = undefined;
f = message.getProperties();
if (f != null) {
writer.writeMessage(
1,
f,
google_protobuf_struct_pb.Struct.serializeBinaryToWriter
);
}
f = message.getRequiredList();
if (f.length > 0) {
writer.writeRepeatedString(
2,
f
);
}
};
/**
* optional google.protobuf.Struct properties = 1;
* @return {?proto.google.protobuf.Struct}
*/
proto.pulumirpc.PolicyConfigSchema.prototype.getProperties = function() {
return /** @type{?proto.google.protobuf.Struct} */ (
jspb.Message.getWrapperField(this, google_protobuf_struct_pb.Struct, 1));
};
/**
* @param {?proto.google.protobuf.Struct|undefined} value
* @return {!proto.pulumirpc.PolicyConfigSchema} returns this
*/
proto.pulumirpc.PolicyConfigSchema.prototype.setProperties = function(value) {
return jspb.Message.setWrapperField(this, 1, value);
};
/**
* Clears the message field making it undefined.
* @return {!proto.pulumirpc.PolicyConfigSchema} returns this
*/
proto.pulumirpc.PolicyConfigSchema.prototype.clearProperties = function() {
return this.setProperties(undefined);
};
/**
* Returns whether this field is set.
* @return {boolean}
*/
proto.pulumirpc.PolicyConfigSchema.prototype.hasProperties = function() {
return jspb.Message.getField(this, 1) != null;
};
/**
* repeated string required = 2;
* @return {!Array<string>}
*/
proto.pulumirpc.PolicyConfigSchema.prototype.getRequiredList = function() {
return /** @type {!Array<string>} */ (jspb.Message.getRepeatedField(this, 2));
};
/**
* @param {!Array<string>} value
* @return {!proto.pulumirpc.PolicyConfigSchema} returns this
*/
proto.pulumirpc.PolicyConfigSchema.prototype.setRequiredList = function(value) {
return jspb.Message.setField(this, 2, value || []);
};
/**
* @param {string} value
* @param {number=} opt_index
* @return {!proto.pulumirpc.PolicyConfigSchema} returns this
*/
proto.pulumirpc.PolicyConfigSchema.prototype.addRequired = function(value, opt_index) {
return jspb.Message.addToRepeatedField(this, 2, value, opt_index);
};
/**
* Clears the list making it empty but non-null.
* @return {!proto.pulumirpc.PolicyConfigSchema} returns this
*/
proto.pulumirpc.PolicyConfigSchema.prototype.clearRequiredList = function() {
return this.setRequiredList([]);
};
if (jspb.Message.GENERATE_TO_OBJECT) {
/**
* Creates an object representation of this proto.
* Field names that are reserved in JavaScript and will be renamed to pb_name.
* Optional fields that are not set will be set to undefined.
* To access a reserved field use, foo.pb_<name>, eg, foo.pb_default.
* For the list of reserved names please see:
* net/proto2/compiler/js/internal/generator.cc#kKeyword.
* @param {boolean=} opt_includeInstance Deprecated. whether to include the
* JSPB instance for transitional soy proto support:
* http://goto/soy-param-migration
* @return {!Object}
*/
proto.pulumirpc.PolicyConfig.prototype.toObject = function(opt_includeInstance) {
return proto.pulumirpc.PolicyConfig.toObject(opt_includeInstance, this);
};
/**
* Static version of the {@see toObject} method.
* @param {boolean|undefined} includeInstance Deprecated. Whether to include
* the JSPB instance for transitional soy proto support:
* http://goto/soy-param-migration
* @param {!proto.pulumirpc.PolicyConfig} msg The msg instance to transform.
* @return {!Object}
* @suppress {unusedLocalVariables} f is only used for nested messages
*/
proto.pulumirpc.PolicyConfig.toObject = function(includeInstance, msg) {
var f, obj = {
enforcementlevel: jspb.Message.getFieldWithDefault(msg, 1, 0),
properties: (f = msg.getProperties()) && google_protobuf_struct_pb.Struct.toObject(includeInstance, f)
};
if (includeInstance) {
obj.$jspbMessageInstance = msg;
}
return obj;
};
}
/**
* Deserializes binary data (in protobuf wire format).
* @param {jspb.ByteSource} bytes The bytes to deserialize.
* @return {!proto.pulumirpc.PolicyConfig}
*/
proto.pulumirpc.PolicyConfig.deserializeBinary = function(bytes) {
var reader = new jspb.BinaryReader(bytes);
var msg = new proto.pulumirpc.PolicyConfig;
return proto.pulumirpc.PolicyConfig.deserializeBinaryFromReader(msg, reader);
};
/**
* Deserializes binary data (in protobuf wire format) from the
* given reader into the given message object.
* @param {!proto.pulumirpc.PolicyConfig} msg The message object to deserialize into.
* @param {!jspb.BinaryReader} reader The BinaryReader to use.
* @return {!proto.pulumirpc.PolicyConfig}
*/
proto.pulumirpc.PolicyConfig.deserializeBinaryFromReader = function(msg, reader) {
while (reader.nextField()) {
if (reader.isEndGroup()) {
break;
}
var field = reader.getFieldNumber();
switch (field) {
case 1:
var value = /** @type {!proto.pulumirpc.EnforcementLevel} */ (reader.readEnum());
msg.setEnforcementlevel(value);
break;
case 2:
var value = new google_protobuf_struct_pb.Struct;
reader.readMessage(value,google_protobuf_struct_pb.Struct.deserializeBinaryFromReader);
msg.setProperties(value);
break;
default:
reader.skipField();
break;
}
}
return msg;
};
/**
* Serializes the message to binary data (in protobuf wire format).
* @return {!Uint8Array}
*/
proto.pulumirpc.PolicyConfig.prototype.serializeBinary = function() {
var writer = new jspb.BinaryWriter();
proto.pulumirpc.PolicyConfig.serializeBinaryToWriter(this, writer);
return writer.getResultBuffer();
};
/**
* Serializes the given message to binary data (in protobuf wire
* format), writing to the given BinaryWriter.
* @param {!proto.pulumirpc.PolicyConfig} message
* @param {!jspb.BinaryWriter} writer
* @suppress {unusedLocalVariables} f is only used for nested messages
*/
proto.pulumirpc.PolicyConfig.serializeBinaryToWriter = function(message, writer) {
var f = undefined;
f = message.getEnforcementlevel();
if (f !== 0.0) {
writer.writeEnum(
1,
f
);
}
f = message.getProperties();
if (f != null) {
writer.writeMessage(
2,
f,
google_protobuf_struct_pb.Struct.serializeBinaryToWriter
);
}
};
/**
* optional EnforcementLevel enforcementLevel = 1;
* @return {!proto.pulumirpc.EnforcementLevel}
*/
proto.pulumirpc.PolicyConfig.prototype.getEnforcementlevel = function() {
return /** @type {!proto.pulumirpc.EnforcementLevel} */ (jspb.Message.getFieldWithDefault(this, 1, 0));
};
/**
* @param {!proto.pulumirpc.EnforcementLevel} value
* @return {!proto.pulumirpc.PolicyConfig} returns this
*/
proto.pulumirpc.PolicyConfig.prototype.setEnforcementlevel = function(value) {
return jspb.Message.setProto3EnumField(this, 1, value);
};
/**
* optional google.protobuf.Struct properties = 2;
* @return {?proto.google.protobuf.Struct}
*/
proto.pulumirpc.PolicyConfig.prototype.getProperties = function() {
return /** @type{?proto.google.protobuf.Struct} */ (
jspb.Message.getWrapperField(this, google_protobuf_struct_pb.Struct, 2));
};
/**
* @param {?proto.google.protobuf.Struct|undefined} value
* @return {!proto.pulumirpc.PolicyConfig} returns this
*/
proto.pulumirpc.PolicyConfig.prototype.setProperties = function(value) {
return jspb.Message.setWrapperField(this, 2, value);
};
/**
* Clears the message field making it undefined.
* @return {!proto.pulumirpc.PolicyConfig} returns this
*/
proto.pulumirpc.PolicyConfig.prototype.clearProperties = function() {
return this.setProperties(undefined);
};
/**
* Returns whether this field is set.
* @return {boolean}
*/
proto.pulumirpc.PolicyConfig.prototype.hasProperties = function() {
return jspb.Message.getField(this, 2) != null;
};
if (jspb.Message.GENERATE_TO_OBJECT) {
/**
* Creates an object representation of this proto.
* Field names that are reserved in JavaScript and will be renamed to pb_name.
* Optional fields that are not set will be set to undefined.
* To access a reserved field use, foo.pb_<name>, eg, foo.pb_default.
* For the list of reserved names please see:
* net/proto2/compiler/js/internal/generator.cc#kKeyword.
* @param {boolean=} opt_includeInstance Deprecated. whether to include the
* JSPB instance for transitional soy proto support:
* http://goto/soy-param-migration
* @return {!Object}
*/
proto.pulumirpc.ConfigureAnalyzerRequest.prototype.toObject = function(opt_includeInstance) {
return proto.pulumirpc.ConfigureAnalyzerRequest.toObject(opt_includeInstance, this);
};
/**
* Static version of the {@see toObject} method.
* @param {boolean|undefined} includeInstance Deprecated. Whether to include
* the JSPB instance for transitional soy proto support:
* http://goto/soy-param-migration
* @param {!proto.pulumirpc.ConfigureAnalyzerRequest} msg The msg instance to transform.
* @return {!Object}
* @suppress {unusedLocalVariables} f is only used for nested messages
*/
proto.pulumirpc.ConfigureAnalyzerRequest.toObject = function(includeInstance, msg) {
var f, obj = {
policyconfigMap: (f = msg.getPolicyconfigMap()) ? f.toObject(includeInstance, proto.pulumirpc.PolicyConfig.toObject) : []
};
if (includeInstance) {
obj.$jspbMessageInstance = msg;
}
return obj;
};
}
/**
* Deserializes binary data (in protobuf wire format).
* @param {jspb.ByteSource} bytes The bytes to deserialize.
* @return {!proto.pulumirpc.ConfigureAnalyzerRequest}
*/
proto.pulumirpc.ConfigureAnalyzerRequest.deserializeBinary = function(bytes) {
var reader = new jspb.BinaryReader(bytes);
var msg = new proto.pulumirpc.ConfigureAnalyzerRequest;
return proto.pulumirpc.ConfigureAnalyzerRequest.deserializeBinaryFromReader(msg, reader);
};
/**
* Deserializes binary data (in protobuf wire format) from the
* given reader into the given message object.
* @param {!proto.pulumirpc.ConfigureAnalyzerRequest} msg The message object to deserialize into.
* @param {!jspb.BinaryReader} reader The BinaryReader to use.
* @return {!proto.pulumirpc.ConfigureAnalyzerRequest}
*/
proto.pulumirpc.ConfigureAnalyzerRequest.deserializeBinaryFromReader = function(msg, reader) {
while (reader.nextField()) {
if (reader.isEndGroup()) {
break;
}
var field = reader.getFieldNumber();
switch (field) {
case 1:
var value = msg.getPolicyconfigMap();
reader.readMessage(value, function(message, reader) {
jspb.Map.deserializeBinary(message, reader, jspb.BinaryReader.prototype.readString, jspb.BinaryReader.prototype.readMessage, proto.pulumirpc.PolicyConfig.deserializeBinaryFromReader, "", new proto.pulumirpc.PolicyConfig());
});
break;
default:
reader.skipField();
break;
}
}
return msg;
};
/**
* Serializes the message to binary data (in protobuf wire format).
* @return {!Uint8Array}
*/
proto.pulumirpc.ConfigureAnalyzerRequest.prototype.serializeBinary = function() {
var writer = new jspb.BinaryWriter();
proto.pulumirpc.ConfigureAnalyzerRequest.serializeBinaryToWriter(this, writer);
return writer.getResultBuffer();
};
/**
* Serializes the given message to binary data (in protobuf wire
* format), writing to the given BinaryWriter.
* @param {!proto.pulumirpc.ConfigureAnalyzerRequest} message
* @param {!jspb.BinaryWriter} writer
* @suppress {unusedLocalVariables} f is only used for nested messages
*/
proto.pulumirpc.ConfigureAnalyzerRequest.serializeBinaryToWriter = function(message, writer) {
var f = undefined;
f = message.getPolicyconfigMap(true);
if (f && f.getLength() > 0) {
f.serializeBinary(1, writer, jspb.BinaryWriter.prototype.writeString, jspb.BinaryWriter.prototype.writeMessage, proto.pulumirpc.PolicyConfig.serializeBinaryToWriter);
}
};
/**
* map<string, PolicyConfig> policyConfig = 1;
* @param {boolean=} opt_noLazyCreate Do not create the map if
* empty, instead returning `undefined`
* @return {!jspb.Map<string,!proto.pulumirpc.PolicyConfig>}
*/
proto.pulumirpc.ConfigureAnalyzerRequest.prototype.getPolicyconfigMap = function(opt_noLazyCreate) {
return /** @type {!jspb.Map<string,!proto.pulumirpc.PolicyConfig>} */ (
jspb.Message.getMapField(this, 1, opt_noLazyCreate,
proto.pulumirpc.PolicyConfig));
};
/**
* Clears values from the map. The map will be non-null.
* @return {!proto.pulumirpc.ConfigureAnalyzerRequest} returns this
*/
proto.pulumirpc.ConfigureAnalyzerRequest.prototype.clearPolicyconfigMap = function() {
this.getPolicyconfigMap().clear();
return this;};
/**
* @enum {number}
*/
proto.pulumirpc.EnforcementLevel = {
ADVISORY: 0,
MANDATORY: 1
MANDATORY: 1,
DISABLED: 2
};
goog.object.extend(exports, proto.pulumirpc);

34
sdk/proto/analyzer.proto
View file

@ -36,6 +36,8 @@ service Analyzer {
rpc GetAnalyzerInfo(google.protobuf.Empty) returns (AnalyzerInfo) {}
// GetPluginInfo returns generic information about this plugin, like its version.
rpc GetPluginInfo(google.protobuf.Empty) returns (PluginInfo) {}
// Configure configures the analyzer, passing configuration properties for each policy.
rpc Configure(ConfigureAnalyzerRequest) returns (google.protobuf.Empty) {}
}
message AnalyzeRequest {
@ -105,6 +107,7 @@ message AnalyzeResponse {
enum EnforcementLevel {
ADVISORY = 0; // Displayed to users, but does not block deployment.
MANDATORY = 1; // Stops deployment, cannot be overridden.
DISABLED = 2; // Disabled policies do not run during a deployment.
}
message AnalyzeDiagnostic {
@ -124,13 +127,32 @@ message AnalyzerInfo {
string displayName = 2; // Pretty name for the PolicyPack.
repeated PolicyInfo policies = 3; // Metadata about policies contained in PolicyPack.
string version = 4; // Version of the Policy Pack.
bool supportsConfig = 5; // Whether the Policy Pack supports config.
}
// PolicyInfo provides metadata about an individual Policy within a Policy Pack.
// PolicyInfo provides metadata about a policy within a Policy Pack.
message PolicyInfo {
string name = 1; // Name of the policy.
string displayName = 2; // Pretty name for the policy.
string description = 3; // Description of policy rule. e.g., "encryption enabled."
string message = 4; // Message to display on policy violation, e.g., remediation steps.
EnforcementLevel enforcementLevel = 5; // Severity of the policy violation.
string name = 1; // Name of the policy.
string displayName = 2; // Pretty name for the policy.
string description = 3; // Description of policy rule. e.g., "encryption enabled."
string message = 4; // Message to display on policy violation, e.g., remediation steps.
EnforcementLevel enforcementLevel = 5; // Severity of the policy violation.
PolicyConfigSchema configSchema = 6; // Config schema for the policy.
}
// PolicyConfigSchema provides the schema for a policy's configuration.
message PolicyConfigSchema {
google.protobuf.Struct properties = 1; // JSON schema for each property.
repeated string required = 2; // Required properties.
}
// PolicyConfig provides configuration for a policy.
message PolicyConfig {
EnforcementLevel enforcementLevel = 1; // Enforcement level of the policy.
google.protobuf.Struct properties = 2; // Configuration properties of the policy.
}
// ConfigureAnalyzerRequest provides configuration information to the analyzer.
message ConfigureAnalyzerRequest {
map<string, PolicyConfig> policyConfig = 1; // Map of policy name to config.
}

345
sdk/proto/go/analyzer.pb.go
View file

@ -32,16 +32,19 @@ type EnforcementLevel int32
const (
EnforcementLevel_ADVISORY EnforcementLevel = 0
EnforcementLevel_MANDATORY EnforcementLevel = 1
EnforcementLevel_DISABLED EnforcementLevel = 2
)
var EnforcementLevel_name = map[int32]string{
0: "ADVISORY",
1: "MANDATORY",
2: "DISABLED",
}
var EnforcementLevel_value = map[string]int32{
"ADVISORY": 0,
"MANDATORY": 1,
"DISABLED": 2,
}
func (x EnforcementLevel) String() string {
@ -666,6 +669,7 @@ type AnalyzerInfo struct {
DisplayName string `protobuf:"bytes,2,opt,name=displayName,proto3" json:"displayName,omitempty"`
Policies []*PolicyInfo `protobuf:"bytes,3,rep,name=policies,proto3" json:"policies,omitempty"`
Version string `protobuf:"bytes,4,opt,name=version,proto3" json:"version,omitempty"`
SupportsConfig bool `protobuf:"varint,5,opt,name=supportsConfig,proto3" json:"supportsConfig,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -724,16 +728,24 @@ func (m *AnalyzerInfo) GetVersion() string {
return ""
}
// PolicyInfo provides metadata about an individual Policy within a Policy Pack.
func (m *AnalyzerInfo) GetSupportsConfig() bool {
if m != nil {
return m.SupportsConfig
}
return false
}
// PolicyInfo provides metadata about a policy within a Policy Pack.
type PolicyInfo struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
DisplayName string `protobuf:"bytes,2,opt,name=displayName,proto3" json:"displayName,omitempty"`
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
Message string `protobuf:"bytes,4,opt,name=message,proto3" json:"message,omitempty"`
EnforcementLevel EnforcementLevel `protobuf:"varint,5,opt,name=enforcementLevel,proto3,enum=pulumirpc.EnforcementLevel" json:"enforcementLevel,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
DisplayName string `protobuf:"bytes,2,opt,name=displayName,proto3" json:"displayName,omitempty"`
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
Message string `protobuf:"bytes,4,opt,name=message,proto3" json:"message,omitempty"`
EnforcementLevel EnforcementLevel `protobuf:"varint,5,opt,name=enforcementLevel,proto3,enum=pulumirpc.EnforcementLevel" json:"enforcementLevel,omitempty"`
ConfigSchema *PolicyConfigSchema `protobuf:"bytes,6,opt,name=configSchema,proto3" json:"configSchema,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PolicyInfo) Reset() { *m = PolicyInfo{} }
@ -796,6 +808,149 @@ func (m *PolicyInfo) GetEnforcementLevel() EnforcementLevel {
return EnforcementLevel_ADVISORY
}
func (m *PolicyInfo) GetConfigSchema() *PolicyConfigSchema {
if m != nil {
return m.ConfigSchema
}
return nil
}
// PolicyConfigSchema provides the schema for a policy's configuration.
type PolicyConfigSchema struct {
Properties *_struct.Struct `protobuf:"bytes,1,opt,name=properties,proto3" json:"properties,omitempty"`
Required []string `protobuf:"bytes,2,rep,name=required,proto3" json:"required,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PolicyConfigSchema) Reset() { *m = PolicyConfigSchema{} }
func (m *PolicyConfigSchema) String() string { return proto.CompactTextString(m) }
func (*PolicyConfigSchema) ProtoMessage() {}
func (*PolicyConfigSchema) Descriptor() ([]byte, []int) {
return fileDescriptor_fadbb7eccb91f143, []int{10}
}
func (m *PolicyConfigSchema) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_PolicyConfigSchema.Unmarshal(m, b)
}
func (m *PolicyConfigSchema) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_PolicyConfigSchema.Marshal(b, m, deterministic)
}
func (m *PolicyConfigSchema) XXX_Merge(src proto.Message) {
xxx_messageInfo_PolicyConfigSchema.Merge(m, src)
}
func (m *PolicyConfigSchema) XXX_Size() int {
return xxx_messageInfo_PolicyConfigSchema.Size(m)
}
func (m *PolicyConfigSchema) XXX_DiscardUnknown() {
xxx_messageInfo_PolicyConfigSchema.DiscardUnknown(m)
}
var xxx_messageInfo_PolicyConfigSchema proto.InternalMessageInfo
func (m *PolicyConfigSchema) GetProperties() *_struct.Struct {
if m != nil {
return m.Properties
}
return nil
}
func (m *PolicyConfigSchema) GetRequired() []string {
if m != nil {
return m.Required
}
return nil
}
// PolicyConfig provides configuration for a policy.
type PolicyConfig struct {
EnforcementLevel EnforcementLevel `protobuf:"varint,1,opt,name=enforcementLevel,proto3,enum=pulumirpc.EnforcementLevel" json:"enforcementLevel,omitempty"`
Properties *_struct.Struct `protobuf:"bytes,2,opt,name=properties,proto3" json:"properties,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PolicyConfig) Reset() { *m = PolicyConfig{} }
func (m *PolicyConfig) String() string { return proto.CompactTextString(m) }
func (*PolicyConfig) ProtoMessage() {}
func (*PolicyConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_fadbb7eccb91f143, []int{11}
}
func (m *PolicyConfig) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_PolicyConfig.Unmarshal(m, b)
}
func (m *PolicyConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_PolicyConfig.Marshal(b, m, deterministic)
}
func (m *PolicyConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_PolicyConfig.Merge(m, src)
}
func (m *PolicyConfig) XXX_Size() int {
return xxx_messageInfo_PolicyConfig.Size(m)
}
func (m *PolicyConfig) XXX_DiscardUnknown() {
xxx_messageInfo_PolicyConfig.DiscardUnknown(m)
}
var xxx_messageInfo_PolicyConfig proto.InternalMessageInfo
func (m *PolicyConfig) GetEnforcementLevel() EnforcementLevel {
if m != nil {
return m.EnforcementLevel
}
return EnforcementLevel_ADVISORY
}
func (m *PolicyConfig) GetProperties() *_struct.Struct {
if m != nil {
return m.Properties
}
return nil
}
// ConfigureAnalyzerRequest provides configuration information to the analyzer.
type ConfigureAnalyzerRequest struct {
PolicyConfig map[string]*PolicyConfig `protobuf:"bytes,1,rep,name=policyConfig,proto3" json:"policyConfig,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ConfigureAnalyzerRequest) Reset() { *m = ConfigureAnalyzerRequest{} }
func (m *ConfigureAnalyzerRequest) String() string { return proto.CompactTextString(m) }
func (*ConfigureAnalyzerRequest) ProtoMessage() {}
func (*ConfigureAnalyzerRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_fadbb7eccb91f143, []int{12}
}
func (m *ConfigureAnalyzerRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_ConfigureAnalyzerRequest.Unmarshal(m, b)
}
func (m *ConfigureAnalyzerRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_ConfigureAnalyzerRequest.Marshal(b, m, deterministic)
}
func (m *ConfigureAnalyzerRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ConfigureAnalyzerRequest.Merge(m, src)
}
func (m *ConfigureAnalyzerRequest) XXX_Size() int {
return xxx_messageInfo_ConfigureAnalyzerRequest.Size(m)
}
func (m *ConfigureAnalyzerRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ConfigureAnalyzerRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ConfigureAnalyzerRequest proto.InternalMessageInfo
func (m *ConfigureAnalyzerRequest) GetPolicyConfig() map[string]*PolicyConfig {
if m != nil {
return m.PolicyConfig
}
return nil
}
func init() {
proto.RegisterEnum("pulumirpc.EnforcementLevel", EnforcementLevel_name, EnforcementLevel_value)
proto.RegisterType((*AnalyzeRequest)(nil), "pulumirpc.AnalyzeRequest")
@ -810,71 +965,85 @@ func init() {
proto.RegisterType((*AnalyzeDiagnostic)(nil), "pulumirpc.AnalyzeDiagnostic")
proto.RegisterType((*AnalyzerInfo)(nil), "pulumirpc.AnalyzerInfo")
proto.RegisterType((*PolicyInfo)(nil), "pulumirpc.PolicyInfo")
proto.RegisterType((*PolicyConfigSchema)(nil), "pulumirpc.PolicyConfigSchema")
proto.RegisterType((*PolicyConfig)(nil), "pulumirpc.PolicyConfig")
proto.RegisterType((*ConfigureAnalyzerRequest)(nil), "pulumirpc.ConfigureAnalyzerRequest")
proto.RegisterMapType((map[string]*PolicyConfig)(nil), "pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry")
}
func init() { proto.RegisterFile("analyzer.proto", fileDescriptor_fadbb7eccb91f143) }
var fileDescriptor_fadbb7eccb91f143 = []byte{
// 938 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x56, 0xdd, 0x6e, 0x1b, 0x45,
0x14, 0xce, 0xda, 0x49, 0xbc, 0x3e, 0x4e, 0x5c, 0x77, 0x0a, 0xcd, 0xd6, 0x8d, 0x2a, 0x6b, 0x41,
0x10, 0x21, 0xe4, 0x50, 0x23, 0x44, 0x41, 0xfc, 0xa5, 0x75, 0x14, 0x55, 0x2a, 0x8d, 0x99, 0x54,
0x15, 0xbd, 0x9c, 0xee, 0x1e, 0x9b, 0x55, 0xd6, 0x33, 0xc3, 0xec, 0x6c, 0x24, 0x73, 0xc9, 0x3d,
0x17, 0x3c, 0x00, 0x77, 0x3c, 0x02, 0xef, 0xc0, 0x0b, 0xf0, 0x40, 0x68, 0x66, 0x7f, 0xb2, 0xb6,
0x37, 0xae, 0xd4, 0x1b, 0x2e, 0xb8, 0x9b, 0x73, 0xe6, 0x3b, 0xdf, 0xce, 0x7c, 0xe7, 0x3b, 0x63,
0x43, 0x97, 0x71, 0x16, 0x2f, 0x7e, 0x41, 0x35, 0x94, 0x4a, 0x68, 0x41, 0xda, 0x32, 0x8d, 0xd3,
0x79, 0xa4, 0x64, 0xd0, 0xdf, 0x93, 0x71, 0x3a, 0x8b, 0x78, 0xb6, 0xd1, 0xbf, 0x3f, 0x13, 0x62,
0x16, 0xe3, 0xb1, 0x8d, 0x5e, 0xa7, 0xd3, 0x63, 0x9c, 0x4b, 0xbd, 0xc8, 0x37, 0x0f, 0x57, 0x37,
0x13, 0xad, 0xd2, 0x40, 0x67, 0xbb, 0xfe, 0xaf, 0x0d, 0xe8, 0x9e, 0x64, 0x9f, 0xa1, 0xf8, 0x73,
0x8a, 0x89, 0x26, 0x04, 0xb6, 0xf5, 0x42, 0xa2, 0xe7, 0x0c, 0x9c, 0xa3, 0x36, 0xb5, 0x6b, 0xf2,
0x39, 0x80, 0x54, 0x42, 0xa2, 0xd2, 0x11, 0x26, 0x5e, 0x63, 0xe0, 0x1c, 0x75, 0x46, 0x07, 0xc3,
0x8c, 0x79, 0x58, 0x30, 0x0f, 0x2f, 0x2c, 0x33, 0xad, 0x40, 0x49, 0x0f, 0x9a, 0xa9, 0xe2, 0x5e,
0xd3, 0x72, 0x99, 0xa5, 0xa1, 0xe7, 0x6c, 0x8e, 0xde, 0x76, 0x46, 0x6f, 0xd6, 0xe4, 0x2b, 0x68,
0x09, 0xa9, 0x23, 0xc1, 0x13, 0x6f, 0xc7, 0x72, 0xfb, 0xc3, 0xf2, 0xae, 0xc3, 0xfc, 0x78, 0x8a,
0x62, 0x22, 0x52, 0x15, 0xe0, 0x79, 0x86, 0xa4, 0x45, 0x09, 0xf9, 0x16, 0x5c, 0xa9, 0xc4, 0x55,
0x14, 0xa2, 0xf2, 0x76, 0x6d, 0xf9, 0x7b, 0x35, 0xe5, 0x93, 0x1c, 0x52, 0xd0, 0xd0, 0xb2, 0xc8,
0xff, 0x63, 0x1b, 0x7a, 0xab, 0x5f, 0xf9, 0xff, 0xc9, 0x40, 0xee, 0xc2, 0xae, 0x64, 0x0a, 0xb9,
0xf6, 0x5a, 0xf6, 0x50, 0x79, 0x44, 0x7c, 0xd8, 0x0b, 0x51, 0x22, 0x0f, 0x91, 0x07, 0xe6, 0xde,
0xee, 0xa0, 0x79, 0xd4, 0xa6, 0x4b, 0x39, 0x12, 0xc1, 0x3b, 0xf9, 0x75, 0x17, 0xe3, 0x2a, 0xb6,
0x3d, 0x68, 0x1e, 0x75, 0x46, 0x9f, 0x6d, 0xb8, 0xc7, 0x70, 0x52, 0x53, 0x77, 0xca, 0xb5, 0x5a,
0xd0, 0x5a, 0xca, 0xbe, 0x84, 0x7b, 0x37, 0x96, 0x18, 0xa1, 0x2f, 0x71, 0x91, 0x37, 0xcd, 0x2c,
0xc9, 0xd7, 0xb0, 0x73, 0xc5, 0xe2, 0x14, 0xf3, 0x76, 0x7d, 0x58, 0xaf, 0xc9, 0x1a, 0x1d, 0xcd,
0xaa, 0xbe, 0x6c, 0x3c, 0x72, 0xfc, 0x7f, 0x9a, 0x70, 0x70, 0x83, 0xfc, 0xc4, 0x83, 0x96, 0x69,
0x3c, 0x06, 0xda, 0x7e, 0xd4, 0xa5, 0x45, 0x48, 0xde, 0x87, 0xfd, 0x68, 0xc6, 0x85, 0xc2, 0x27,
0x3f, 0x31, 0x3e, 0xb3, 0x7e, 0x31, 0xba, 0x2d, 0x27, 0xc9, 0x27, 0x70, 0x27, 0xc4, 0x18, 0x35,
0x3e, 0xc6, 0xa9, 0x50, 0x48, 0x51, 0xc6, 0x2c, 0x40, 0xeb, 0x14, 0x97, 0xd6, 0x6d, 0x91, 0x6f,
0xa0, 0x5f, 0x93, 0x1e, 0xe3, 0x34, 0xe2, 0x18, 0x5a, 0x3f, 0xb9, 0x74, 0x03, 0x82, 0x3c, 0x82,
0x03, 0x16, 0x86, 0x91, 0x39, 0x3e, 0x8b, 0x2f, 0x30, 0x50, 0xa8, 0xcf, 0x53, 0x2d, 0x53, 0x6d,
0x5c, 0x67, 0x4e, 0x78, 0xd3, 0xb6, 0xb9, 0x2b, 0x8b, 0x23, 0x96, 0x60, 0xe2, 0xed, 0x5a, 0x64,
0x11, 0x92, 0x57, 0xd0, 0x0d, 0xd2, 0x44, 0x8b, 0xf9, 0x8b, 0x68, 0x8e, 0xc2, 0x50, 0xb5, 0xac,
0xda, 0x0f, 0xdf, 0x6c, 0xe0, 0xe1, 0x93, 0xa5, 0x42, 0xba, 0x42, 0xd4, 0xff, 0x11, 0xba, 0xcb,
0x08, 0xe3, 0xd3, 0x40, 0x21, 0xd3, 0xd9, 0x6c, 0x3a, 0x34, 0x8f, 0x4c, 0x3e, 0x95, 0xa1, 0xc9,
0x37, 0xb2, 0x7c, 0x16, 0x99, 0x7c, 0x26, 0x87, 0x55, 0xd5, 0xa1, 0x79, 0xe4, 0xff, 0xe6, 0x80,
0x77, 0xd3, 0x58, 0xfc, 0x07, 0xe3, 0xef, 0x8f, 0xe0, 0x70, 0x93, 0x23, 0x4d, 0x4d, 0xaa, 0x78,
0xe2, 0x39, 0x56, 0x7b, 0xbb, 0xf6, 0x27, 0x70, 0x27, 0xaf, 0xb9, 0xd0, 0x2c, 0xb8, 0x2c, 0xde,
0xf0, 0x2f, 0xa0, 0xad, 0xf2, 0x9b, 0x64, 0xf8, 0xce, 0xe8, 0xfe, 0x86, 0x56, 0xd0, 0x6b, 0xb4,
0xff, 0x03, 0xdc, 0x2a, 0x7f, 0x10, 0x12, 0x29, 0x78, 0x62, 0x1c, 0xd7, 0x09, 0x23, 0x36, 0xe3,
0x22, 0xd1, 0x51, 0x90, 0xf9, 0xb8, 0x33, 0x3a, 0x5c, 0xe7, 0x1b, 0x97, 0x20, 0x5a, 0x2d, 0xf0,
0xff, 0x6a, 0xc0, 0xed, 0x35, 0x08, 0x79, 0x00, 0x20, 0x45, 0x1c, 0x05, 0x8b, 0xe7, 0x46, 0x88,
0x4c, 0xe7, 0x4a, 0x86, 0x7c, 0x00, 0xdd, 0x2c, 0x9a, 0xb0, 0xe0, 0xd2, 0x62, 0x1a, 0x16, 0xb3,
0x92, 0x25, 0x1f, 0xc3, 0xed, 0xeb, 0xcc, 0x4b, 0x54, 0x49, 0x24, 0x0a, 0xa9, 0xd7, 0x37, 0xc8,
0x00, 0x3a, 0x21, 0x26, 0x81, 0x8a, 0xac, 0xfb, 0x72, 0xfd, 0xab, 0x29, 0xe3, 0xf2, 0x39, 0x26,
0x09, 0x9b, 0xa1, 0x7d, 0x85, 0xdb, 0xb4, 0x08, 0xad, 0x27, 0xd8, 0xac, 0x30, 0xbf, 0x5d, 0x93,
0x33, 0xe8, 0x21, 0x9f, 0x0a, 0x15, 0xe0, 0x1c, 0xb9, 0x7e, 0x86, 0x57, 0x18, 0x5b, 0xef, 0x77,
0x97, 0x04, 0x3f, 0x5d, 0x81, 0xd0, 0xb5, 0xa2, 0xc2, 0x23, 0x6e, 0xe9, 0x11, 0xff, 0x77, 0x07,
0xf6, 0x8a, 0x4e, 0x3d, 0xe5, 0x53, 0x51, 0x9a, 0xc6, 0xa9, 0xfc, 0x66, 0x98, 0xfb, 0x44, 0x89,
0x8c, 0xd9, 0xa2, 0x22, 0x51, 0x35, 0x45, 0x1e, 0x82, 0x6b, 0x65, 0x30, 0x9e, 0x6d, 0xda, 0xd6,
0xbd, 0x5b, 0x39, 0xd9, 0xc4, 0x2a, 0x64, 0xe8, 0x69, 0x09, 0x33, 0x12, 0x5c, 0xe5, 0x42, 0x66,
0x02, 0x15, 0xa1, 0xff, 0xb7, 0x03, 0x70, 0x5d, 0xf2, 0x96, 0x27, 0x5a, 0xe9, 0x41, 0x73, 0x63,
0x0f, 0xb6, 0x97, 0x7b, 0x50, 0xa7, 0xf7, 0xce, 0x5b, 0xe8, 0xfd, 0xd1, 0x31, 0xf4, 0x56, 0x51,
0x64, 0x0f, 0xdc, 0x93, 0xf1, 0xcb, 0xa7, 0x17, 0xe7, 0xf4, 0x55, 0x6f, 0x8b, 0xec, 0x43, 0xfb,
0xfb, 0x93, 0xe7, 0xe3, 0x93, 0x17, 0x26, 0x74, 0x46, 0x7f, 0x36, 0xc0, 0x2d, 0xda, 0x41, 0x1e,
0x43, 0x2b, 0x5f, 0x93, 0x7b, 0xeb, 0x83, 0x90, 0x8f, 0x61, 0xbf, 0x5f, 0xb7, 0x95, 0x0d, 0x95,
0xbf, 0x45, 0x9e, 0x95, 0xed, 0xb5, 0xb3, 0x4b, 0x1e, 0xac, 0xa3, 0xab, 0x43, 0xfd, 0x06, 0xb6,
0x31, 0xdc, 0x3a, 0x43, 0xbd, 0xe4, 0x97, 0xbb, 0x6b, 0x6f, 0xd3, 0xa9, 0xf9, 0x63, 0xd8, 0x3f,
0xa8, 0x79, 0x0a, 0x4c, 0x81, 0xbf, 0x45, 0xbe, 0x83, 0xfd, 0x33, 0xd4, 0x13, 0xfb, 0xef, 0x72,
0x23, 0xc7, 0x92, 0x87, 0x4a, 0xb8, 0xbf, 0xf5, 0x7a, 0xd7, 0x02, 0x3f, 0xfd, 0x37, 0x00, 0x00,
0xff, 0xff, 0xad, 0x65, 0xec, 0xfa, 0xbe, 0x0a, 0x00, 0x00,
// 1099 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x57, 0xdd, 0x6e, 0x1b, 0x45,
0x14, 0xce, 0xda, 0xf9, 0xb1, 0x8f, 0x1d, 0xd7, 0x99, 0x42, 0xb3, 0xdd, 0x86, 0x2a, 0xda, 0x22,
0x88, 0x10, 0xb8, 0xd4, 0x08, 0x51, 0x10, 0x05, 0x9c, 0x38, 0x8a, 0x82, 0x42, 0x63, 0xc6, 0x55,
0xd5, 0x5c, 0x6e, 0x77, 0x8f, 0xdd, 0x55, 0xd6, 0xbb, 0xd3, 0xd9, 0xd9, 0x48, 0xe6, 0x92, 0x4b,
0x24, 0x24, 0x5e, 0x80, 0xb7, 0xe0, 0x86, 0xa7, 0xe0, 0x86, 0x07, 0xe1, 0x11, 0xd0, 0xcc, 0xfe,
0x64, 0xd7, 0xbb, 0x76, 0xab, 0xdc, 0x70, 0xc1, 0xdd, 0x9c, 0x33, 0xdf, 0x39, 0x3b, 0xe7, 0x3b,
0x9f, 0xcf, 0x8c, 0xa1, 0x63, 0xf9, 0x96, 0x37, 0xff, 0x09, 0x79, 0x8f, 0xf1, 0x40, 0x04, 0xa4,
0xc9, 0x22, 0x2f, 0x9a, 0xb9, 0x9c, 0xd9, 0x46, 0x9b, 0x79, 0xd1, 0xd4, 0xf5, 0xe3, 0x0d, 0xe3,
0xde, 0x34, 0x08, 0xa6, 0x1e, 0x3e, 0x54, 0xd6, 0xcb, 0x68, 0xf2, 0x10, 0x67, 0x4c, 0xcc, 0x93,
0xcd, 0xbd, 0xc5, 0xcd, 0x50, 0xf0, 0xc8, 0x16, 0xf1, 0xae, 0xf9, 0x73, 0x0d, 0x3a, 0x83, 0xf8,
0x33, 0x14, 0x5f, 0x47, 0x18, 0x0a, 0x42, 0x60, 0x5d, 0xcc, 0x19, 0xea, 0xda, 0xbe, 0x76, 0xd0,
0xa4, 0x6a, 0x4d, 0xbe, 0x00, 0x60, 0x3c, 0x60, 0xc8, 0x85, 0x8b, 0xa1, 0x5e, 0xdb, 0xd7, 0x0e,
0x5a, 0xfd, 0xdd, 0x5e, 0x9c, 0xb9, 0x97, 0x66, 0xee, 0x8d, 0x55, 0x66, 0x9a, 0x83, 0x92, 0x2e,
0xd4, 0x23, 0xee, 0xeb, 0x75, 0x95, 0x4b, 0x2e, 0x65, 0x7a, 0xdf, 0x9a, 0xa1, 0xbe, 0x1e, 0xa7,
0x97, 0x6b, 0xf2, 0x35, 0x6c, 0x05, 0x4c, 0xb8, 0x81, 0x1f, 0xea, 0x1b, 0x2a, 0xb7, 0xd9, 0xcb,
0x6a, 0xed, 0x25, 0xc7, 0xe3, 0x14, 0xc3, 0x20, 0xe2, 0x36, 0x9e, 0xc7, 0x48, 0x9a, 0x86, 0x90,
0x6f, 0xa1, 0xc1, 0x78, 0x70, 0xe5, 0x3a, 0xc8, 0xf5, 0x4d, 0x15, 0xfe, 0xa0, 0x22, 0x7c, 0x94,
0x40, 0xd2, 0x34, 0x34, 0x0b, 0x32, 0x7f, 0x5f, 0x87, 0xee, 0xe2, 0x57, 0xfe, 0x7f, 0x34, 0x90,
0x3b, 0xb0, 0xc9, 0x2c, 0x8e, 0xbe, 0xd0, 0xb7, 0xd4, 0xa1, 0x12, 0x8b, 0x98, 0xd0, 0x76, 0x90,
0xa1, 0xef, 0xa0, 0x6f, 0xcb, 0xba, 0x1b, 0xfb, 0xf5, 0x83, 0x26, 0x2d, 0xf8, 0x88, 0x0b, 0xef,
0x24, 0xe5, 0xce, 0x87, 0x79, 0x6c, 0x73, 0xbf, 0x7e, 0xd0, 0xea, 0x7f, 0xbe, 0xa2, 0x8e, 0xde,
0xa8, 0x22, 0xee, 0xd8, 0x17, 0x7c, 0x4e, 0x2b, 0x53, 0x1a, 0x0c, 0xee, 0x2e, 0x0d, 0x91, 0x44,
0x5f, 0xe2, 0x3c, 0x69, 0x9a, 0x5c, 0x92, 0x27, 0xb0, 0x71, 0x65, 0x79, 0x11, 0x26, 0xed, 0xfa,
0xb0, 0x9a, 0x93, 0x52, 0x3a, 0x1a, 0x47, 0x7d, 0x55, 0x7b, 0xac, 0x99, 0x7f, 0xd7, 0x61, 0x77,
0x09, 0xfd, 0x44, 0x87, 0x2d, 0xd9, 0x78, 0xb4, 0x85, 0xfa, 0x68, 0x83, 0xa6, 0x26, 0x79, 0x1f,
0xb6, 0xdd, 0xa9, 0x1f, 0x70, 0x3c, 0x7a, 0x65, 0xf9, 0x53, 0xa5, 0x17, 0xc9, 0x5b, 0xd1, 0x49,
0x3e, 0x85, 0xdb, 0x0e, 0x7a, 0x28, 0xf0, 0x10, 0x27, 0x01, 0x47, 0x8a, 0xcc, 0xb3, 0x6c, 0x54,
0x4a, 0x69, 0xd0, 0xaa, 0x2d, 0xf2, 0x0d, 0x18, 0x15, 0xee, 0x21, 0x4e, 0x5c, 0x1f, 0x1d, 0xa5,
0xa7, 0x06, 0x5d, 0x81, 0x20, 0x8f, 0x61, 0xd7, 0x72, 0x1c, 0x57, 0x1e, 0xdf, 0xf2, 0xc6, 0x68,
0x73, 0x14, 0xe7, 0x91, 0x60, 0x91, 0x90, 0xaa, 0x93, 0x27, 0x5c, 0xb6, 0x2d, 0x6b, 0xb5, 0x3c,
0xd7, 0x0a, 0x31, 0xd4, 0x37, 0x15, 0x32, 0x35, 0xc9, 0x05, 0x74, 0xec, 0x28, 0x14, 0xc1, 0xec,
0x99, 0x3b, 0xc3, 0x40, 0xa6, 0xda, 0x52, 0x6c, 0x3f, 0x7a, 0xb3, 0x80, 0x7b, 0x47, 0x85, 0x40,
0xba, 0x90, 0xc8, 0x78, 0x01, 0x9d, 0x22, 0x42, 0xea, 0xd4, 0xe6, 0x68, 0x89, 0xf8, 0xb7, 0xa9,
0xd1, 0xc4, 0x92, 0xfe, 0x88, 0x39, 0xd2, 0x5f, 0x8b, 0xfd, 0xb1, 0x25, 0xfd, 0x31, 0x1d, 0x8a,
0x55, 0x8d, 0x26, 0x96, 0xf9, 0xab, 0x06, 0xfa, 0xb2, 0x9f, 0xc5, 0x7f, 0xf0, 0xf3, 0x37, 0xfb,
0xb0, 0xb7, 0x4a, 0x91, 0x32, 0x26, 0xe2, 0x7e, 0xa8, 0x6b, 0x8a, 0x7b, 0xb5, 0x36, 0x47, 0x70,
0x3b, 0x89, 0x19, 0x0b, 0xcb, 0xbe, 0x4c, 0x67, 0xf8, 0x97, 0xd0, 0xe4, 0x49, 0x25, 0x31, 0xbe,
0xd5, 0xbf, 0xb7, 0xa2, 0x15, 0xf4, 0x1a, 0x6d, 0xfe, 0x08, 0xb7, 0xb2, 0x0b, 0x21, 0x64, 0x81,
0x1f, 0x4a, 0xc5, 0xb5, 0x1c, 0xd7, 0x9a, 0xfa, 0x41, 0x28, 0x5c, 0x3b, 0xd6, 0x71, 0xab, 0xbf,
0x57, 0xce, 0x37, 0xcc, 0x40, 0x34, 0x1f, 0x60, 0xfe, 0x51, 0x83, 0x9d, 0x12, 0x84, 0xdc, 0x07,
0x60, 0x81, 0xe7, 0xda, 0xf3, 0xa7, 0x92, 0x88, 0x98, 0xe7, 0x9c, 0x87, 0x7c, 0x00, 0x9d, 0xd8,
0x1a, 0x59, 0xf6, 0xa5, 0xc2, 0xd4, 0x14, 0x66, 0xc1, 0x4b, 0x3e, 0x86, 0x9d, 0x6b, 0xcf, 0x73,
0xe4, 0xa1, 0x1b, 0xa4, 0x54, 0x97, 0x37, 0xc8, 0x3e, 0xb4, 0x1c, 0x0c, 0x6d, 0xee, 0x2a, 0xf5,
0x25, 0xfc, 0xe7, 0x5d, 0x52, 0xe5, 0x33, 0x0c, 0x43, 0x6b, 0x8a, 0x6a, 0x0a, 0x37, 0x69, 0x6a,
0x2a, 0x4d, 0x58, 0xd3, 0x54, 0xfc, 0x6a, 0x4d, 0x4e, 0xa0, 0x8b, 0xfe, 0x24, 0xe0, 0x36, 0xce,
0xd0, 0x17, 0x67, 0x78, 0x85, 0x9e, 0xd2, 0x7e, 0xa7, 0x40, 0xf8, 0xf1, 0x02, 0x84, 0x96, 0x82,
0x52, 0x8d, 0x34, 0x32, 0x8d, 0x98, 0x7f, 0x6a, 0xd0, 0x4e, 0x3b, 0x75, 0xea, 0x4f, 0x82, 0x4c,
0x34, 0x5a, 0xee, 0xce, 0x90, 0xf5, 0xb8, 0x21, 0xf3, 0xac, 0x79, 0x8e, 0xa2, 0xbc, 0x8b, 0x3c,
0x82, 0x86, 0xa2, 0x41, 0x6a, 0xb6, 0xae, 0x5a, 0xf7, 0x6e, 0xee, 0x64, 0x23, 0xc5, 0x90, 0x4c,
0x4f, 0x33, 0x98, 0xa4, 0xe0, 0x2a, 0x21, 0x32, 0x26, 0x28, 0x35, 0x65, 0x53, 0xc2, 0x88, 0xb1,
0x80, 0x8b, 0xf0, 0x28, 0xf0, 0x27, 0xee, 0x54, 0x71, 0xd4, 0xa0, 0x0b, 0x5e, 0xf3, 0x97, 0x1a,
0xc0, 0x75, 0xea, 0x1b, 0x9e, 0x7c, 0xa1, 0x57, 0xf5, 0x95, 0xbd, 0x5a, 0x2f, 0xf6, 0xaa, 0xaa,
0x2f, 0x1b, 0x37, 0xe9, 0xcb, 0x00, 0xda, 0xb6, 0xaa, 0x69, 0x6c, 0xbf, 0xc2, 0x99, 0x95, 0x5c,
0xad, 0xef, 0x95, 0x28, 0x3c, 0xca, 0x81, 0x68, 0x21, 0xc4, 0x74, 0x81, 0x94, 0x31, 0x0b, 0xd3,
0x44, 0x7b, 0xfb, 0x69, 0x62, 0x40, 0x83, 0xe3, 0xeb, 0xc8, 0xe5, 0xe8, 0x24, 0x77, 0x4a, 0x66,
0x9b, 0xbf, 0x69, 0xd0, 0xce, 0x7f, 0xab, 0x92, 0x07, 0xed, 0x26, 0x3c, 0xdc, 0x74, 0xf8, 0x99,
0x7f, 0x69, 0xa0, 0xc7, 0x87, 0x89, 0x38, 0x5e, 0x4f, 0x9e, 0x78, 0x50, 0x5d, 0x40, 0x9b, 0xe5,
0x8e, 0x9b, 0xcc, 0xaa, 0xfc, 0x7b, 0x61, 0x59, 0x68, 0x81, 0xf6, 0xf8, 0xbd, 0x50, 0x48, 0x65,
0xbc, 0x80, 0x9d, 0x12, 0xa4, 0xe2, 0x7d, 0xf0, 0x49, 0xf1, 0x7d, 0xb0, 0xbb, 0xa4, 0xb1, 0xb9,
0xf7, 0xc0, 0x47, 0x4f, 0xa0, 0xbb, 0x48, 0x18, 0x69, 0x43, 0x63, 0x30, 0x7c, 0x7e, 0x3a, 0x3e,
0xa7, 0x17, 0xdd, 0x35, 0xb2, 0x0d, 0xcd, 0x1f, 0x06, 0x4f, 0x87, 0x83, 0x67, 0xd2, 0xd4, 0xe4,
0xe6, 0xf0, 0x74, 0x3c, 0x38, 0x3c, 0x3b, 0x1e, 0x76, 0x6b, 0xfd, 0x7f, 0x6a, 0xd0, 0x48, 0x8b,
0x21, 0x87, 0xb0, 0x95, 0xac, 0xc9, 0xdd, 0xf2, 0x44, 0x4d, 0x6a, 0x35, 0x8c, 0xaa, 0xad, 0x78,
0x3a, 0x9b, 0x6b, 0xe4, 0x2c, 0x9b, 0x13, 0xea, 0x12, 0x20, 0xf7, 0xcb, 0xe8, 0xfc, 0xed, 0xf0,
0x86, 0x6c, 0x43, 0xb8, 0x75, 0x82, 0xa2, 0x30, 0x78, 0xee, 0x94, 0xfa, 0x7c, 0x2c, 0xff, 0x61,
0x18, 0xbb, 0x15, 0x77, 0x8a, 0x0c, 0x30, 0xd7, 0xc8, 0x77, 0xb0, 0x7d, 0x82, 0x62, 0xa4, 0xfe,
0xa6, 0xac, 0xcc, 0x51, 0x18, 0x46, 0x19, 0xdc, 0x5c, 0x23, 0xdf, 0x43, 0x33, 0xeb, 0x3d, 0x79,
0xf0, 0x16, 0x8a, 0x30, 0x96, 0x7c, 0xc2, 0x5c, 0x7b, 0xb9, 0xa9, 0x3c, 0x9f, 0xfd, 0x1b, 0x00,
0x00, 0xff, 0xff, 0xee, 0xfd, 0x35, 0x0d, 0x53, 0x0d, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
@ -900,6 +1069,8 @@ type AnalyzerClient interface {
GetAnalyzerInfo(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*AnalyzerInfo, error)
// GetPluginInfo returns generic information about this plugin, like its version.
GetPluginInfo(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*PluginInfo, error)
// Configure configures the analyzer, passing configuration properties for each policy.
Configure(ctx context.Context, in *ConfigureAnalyzerRequest, opts ...grpc.CallOption) (*empty.Empty, error)
}
type analyzerClient struct {
@ -946,6 +1117,15 @@ func (c *analyzerClient) GetPluginInfo(ctx context.Context, in *empty.Empty, opt
return out, nil
}
func (c *analyzerClient) Configure(ctx context.Context, in *ConfigureAnalyzerRequest, opts ...grpc.CallOption) (*empty.Empty, error) {
out := new(empty.Empty)
err := c.cc.Invoke(ctx, "/pulumirpc.Analyzer/Configure", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// AnalyzerServer is the server API for Analyzer service.
type AnalyzerServer interface {
// Analyze analyzes a single resource object, and returns any errors that it finds.
@ -959,6 +1139,8 @@ type AnalyzerServer interface {
GetAnalyzerInfo(context.Context, *empty.Empty) (*AnalyzerInfo, error)
// GetPluginInfo returns generic information about this plugin, like its version.
GetPluginInfo(context.Context, *empty.Empty) (*PluginInfo, error)
// Configure configures the analyzer, passing configuration properties for each policy.
Configure(context.Context, *ConfigureAnalyzerRequest) (*empty.Empty, error)
}
// UnimplementedAnalyzerServer can be embedded to have forward compatible implementations.
@ -977,6 +1159,9 @@ func (*UnimplementedAnalyzerServer) GetAnalyzerInfo(ctx context.Context, req *em
func (*UnimplementedAnalyzerServer) GetPluginInfo(ctx context.Context, req *empty.Empty) (*PluginInfo, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetPluginInfo not implemented")
}
func (*UnimplementedAnalyzerServer) Configure(ctx context.Context, req *ConfigureAnalyzerRequest) (*empty.Empty, error) {
return nil, status.Errorf(codes.Unimplemented, "method Configure not implemented")
}
func RegisterAnalyzerServer(s *grpc.Server, srv AnalyzerServer) {
s.RegisterService(&_Analyzer_serviceDesc, srv)
@ -1054,6 +1239,24 @@ func _Analyzer_GetPluginInfo_Handler(srv interface{}, ctx context.Context, dec f
return interceptor(ctx, in, info, handler)
}
func _Analyzer_Configure_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ConfigureAnalyzerRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AnalyzerServer).Configure(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/pulumirpc.Analyzer/Configure",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AnalyzerServer).Configure(ctx, req.(*ConfigureAnalyzerRequest))
}
return interceptor(ctx, in, info, handler)
}
var _Analyzer_serviceDesc = grpc.ServiceDesc{
ServiceName: "pulumirpc.Analyzer",
HandlerType: (*AnalyzerServer)(nil),
@ -1074,6 +1277,10 @@ var _Analyzer_serviceDesc = grpc.ServiceDesc{
MethodName: "GetPluginInfo",
Handler: _Analyzer_GetPluginInfo_Handler,
},
{
MethodName: "Configure",
Handler: _Analyzer_Configure_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "analyzer.proto",

230
sdk/python/lib/pulumi/runtime/proto/analyzer_pb2.py
View file

@ -22,7 +22,7 @@ DESCRIPTOR = _descriptor.FileDescriptor(
package='pulumirpc',
syntax='proto3',
serialized_options=None,
serialized_pb=b'\n\x0e\x61nalyzer.proto\x12\tpulumirpc\x1a\x0cplugin.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1cgoogle/protobuf/struct.proto\"\xd2\x01\n\x0e\x41nalyzeRequest\x12\x0c\n\x04type\x18\x01 \x01(\t\x12+\n\nproperties\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x0b\n\x03urn\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\x12\x33\n\x07options\x18\x05 \x01(\x0b\x32\".pulumirpc.AnalyzerResourceOptions\x12\x35\n\x08provider\x18\x06 \x01(\x0b\x32#.pulumirpc.AnalyzerProviderResource\"\xb5\x03\n\x10\x41nalyzerResource\x12\x0c\n\x04type\x18\x01 \x01(\t\x12+\n\nproperties\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x0b\n\x03urn\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\x12\x33\n\x07options\x18\x05 \x01(\x0b\x32\".pulumirpc.AnalyzerResourceOptions\x12\x35\n\x08provider\x18\x06 \x01(\x0b\x32#.pulumirpc.AnalyzerProviderResource\x12\x0e\n\x06parent\x18\x07 \x01(\t\x12\x14\n\x0c\x64\x65pendencies\x18\x08 \x03(\t\x12S\n\x14propertyDependencies\x18\t \x03(\x0b\x32\x35.pulumirpc.AnalyzerResource.PropertyDependenciesEntry\x1a\x64\n\x19PropertyDependenciesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x36\n\x05value\x18\x02 \x01(\x0b\x32\'.pulumirpc.AnalyzerPropertyDependencies:\x02\x38\x01\"\xc1\x02\n\x17\x41nalyzerResourceOptions\x12\x0f\n\x07protect\x18\x01 \x01(\x08\x12\x15\n\rignoreChanges\x18\x02 \x03(\t\x12\x1b\n\x13\x64\x65leteBeforeReplace\x18\x03 \x01(\x08\x12\"\n\x1a\x64\x65leteBeforeReplaceDefined\x18\x04 \x01(\x08\x12\x1f\n\x17\x61\x64\x64itionalSecretOutputs\x18\x05 \x03(\t\x12\x0f\n\x07\x61liases\x18\x06 \x03(\t\x12I\n\x0e\x63ustomTimeouts\x18\x07 \x01(\x0b\x32\x31.pulumirpc.AnalyzerResourceOptions.CustomTimeouts\x1a@\n\x0e\x43ustomTimeouts\x12\x0e\n\x06\x63reate\x18\x01 \x01(\x01\x12\x0e\n\x06update\x18\x02 \x01(\x01\x12\x0e\n\x06\x64\x65lete\x18\x03 \x01(\x01\"p\n\x18\x41nalyzerProviderResource\x12\x0c\n\x04type\x18\x01 \x01(\t\x12+\n\nproperties\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x0b\n\x03urn\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\",\n\x1c\x41nalyzerPropertyDependencies\x12\x0c\n\x04urns\x18\x01 \x03(\t\"E\n\x13\x41nalyzeStackRequest\x12.\n\tresources\x18\x01 \x03(\x0b\x32\x1b.pulumirpc.AnalyzerResource\"D\n\x0f\x41nalyzeResponse\x12\x31\n\x0b\x64iagnostics\x18\x02 \x03(\x0b\x32\x1c.pulumirpc.AnalyzeDiagnostic\"\xd2\x01\n\x11\x41nalyzeDiagnostic\x12\x12\n\npolicyName\x18\x01 \x01(\t\x12\x16\n\x0epolicyPackName\x18\x02 \x01(\t\x12\x19\n\x11policyPackVersion\x18\x03 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x04 \x01(\t\x12\x0f\n\x07message\x18\x05 \x01(\t\x12\x0c\n\x04tags\x18\x06 \x03(\t\x12\x35\n\x10\x65nforcementLevel\x18\x07 \x01(\x0e\x32\x1b.pulumirpc.EnforcementLevel\x12\x0b\n\x03urn\x18\x08 \x01(\t\"k\n\x0c\x41nalyzerInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x13\n\x0b\x64isplayName\x18\x02 \x01(\t\x12\'\n\x08policies\x18\x03 \x03(\x0b\x32\x15.pulumirpc.PolicyInfo\x12\x0f\n\x07version\x18\x04 \x01(\t\"\x8c\x01\n\nPolicyInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x13\n\x0b\x64isplayName\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12\x0f\n\x07message\x18\x04 \x01(\t\x12\x35\n\x10\x65nforcementLevel\x18\x05 \x01(\x0e\x32\x1b.pulumirpc.EnforcementLevel*/\n\x10\x45nforcementLevel\x12\x0c\n\x08\x41\x44VISORY\x10\x00\x12\r\n\tMANDATORY\x10\x01\x32\xa4\x02\n\x08\x41nalyzer\x12\x42\n\x07\x41nalyze\x12\x19.pulumirpc.AnalyzeRequest\x1a\x1a.pulumirpc.AnalyzeResponse\"\x00\x12L\n\x0c\x41nalyzeStack\x12\x1e.pulumirpc.AnalyzeStackRequest\x1a\x1a.pulumirpc.AnalyzeResponse\"\x00\x12\x44\n\x0fGetAnalyzerInfo\x12\x16.google.protobuf.Empty\x1a\x17.pulumirpc.AnalyzerInfo\"\x00\x12@\n\rGetPluginInfo\x12\x16.google.protobuf.Empty\x1a\x15.pulumirpc.PluginInfo\"\x00\x62\x06proto3'
serialized_pb=b'\n\x0e\x61nalyzer.proto\x12\tpulumirpc\x1a\x0cplugin.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1cgoogle/protobuf/struct.proto\"\xd2\x01\n\x0e\x41nalyzeRequest\x12\x0c\n\x04type\x18\x01 \x01(\t\x12+\n\nproperties\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x0b\n\x03urn\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\x12\x33\n\x07options\x18\x05 \x01(\x0b\x32\".pulumirpc.AnalyzerResourceOptions\x12\x35\n\x08provider\x18\x06 \x01(\x0b\x32#.pulumirpc.AnalyzerProviderResource\"\xb5\x03\n\x10\x41nalyzerResource\x12\x0c\n\x04type\x18\x01 \x01(\t\x12+\n\nproperties\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x0b\n\x03urn\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\x12\x33\n\x07options\x18\x05 \x01(\x0b\x32\".pulumirpc.AnalyzerResourceOptions\x12\x35\n\x08provider\x18\x06 \x01(\x0b\x32#.pulumirpc.AnalyzerProviderResource\x12\x0e\n\x06parent\x18\x07 \x01(\t\x12\x14\n\x0c\x64\x65pendencies\x18\x08 \x03(\t\x12S\n\x14propertyDependencies\x18\t \x03(\x0b\x32\x35.pulumirpc.AnalyzerResource.PropertyDependenciesEntry\x1a\x64\n\x19PropertyDependenciesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x36\n\x05value\x18\x02 \x01(\x0b\x32\'.pulumirpc.AnalyzerPropertyDependencies:\x02\x38\x01\"\xc1\x02\n\x17\x41nalyzerResourceOptions\x12\x0f\n\x07protect\x18\x01 \x01(\x08\x12\x15\n\rignoreChanges\x18\x02 \x03(\t\x12\x1b\n\x13\x64\x65leteBeforeReplace\x18\x03 \x01(\x08\x12\"\n\x1a\x64\x65leteBeforeReplaceDefined\x18\x04 \x01(\x08\x12\x1f\n\x17\x61\x64\x64itionalSecretOutputs\x18\x05 \x03(\t\x12\x0f\n\x07\x61liases\x18\x06 \x03(\t\x12I\n\x0e\x63ustomTimeouts\x18\x07 \x01(\x0b\x32\x31.pulumirpc.AnalyzerResourceOptions.CustomTimeouts\x1a@\n\x0e\x43ustomTimeouts\x12\x0e\n\x06\x63reate\x18\x01 \x01(\x01\x12\x0e\n\x06update\x18\x02 \x01(\x01\x12\x0e\n\x06\x64\x65lete\x18\x03 \x01(\x01\"p\n\x18\x41nalyzerProviderResource\x12\x0c\n\x04type\x18\x01 \x01(\t\x12+\n\nproperties\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x0b\n\x03urn\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\",\n\x1c\x41nalyzerPropertyDependencies\x12\x0c\n\x04urns\x18\x01 \x03(\t\"E\n\x13\x41nalyzeStackRequest\x12.\n\tresources\x18\x01 \x03(\x0b\x32\x1b.pulumirpc.AnalyzerResource\"D\n\x0f\x41nalyzeResponse\x12\x31\n\x0b\x64iagnostics\x18\x02 \x03(\x0b\x32\x1c.pulumirpc.AnalyzeDiagnostic\"\xd2\x01\n\x11\x41nalyzeDiagnostic\x12\x12\n\npolicyName\x18\x01 \x01(\t\x12\x16\n\x0epolicyPackName\x18\x02 \x01(\t\x12\x19\n\x11policyPackVersion\x18\x03 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x04 \x01(\t\x12\x0f\n\x07message\x18\x05 \x01(\t\x12\x0c\n\x04tags\x18\x06 \x03(\t\x12\x35\n\x10\x65nforcementLevel\x18\x07 \x01(\x0e\x32\x1b.pulumirpc.EnforcementLevel\x12\x0b\n\x03urn\x18\x08 \x01(\t\"\x83\x01\n\x0c\x41nalyzerInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x13\n\x0b\x64isplayName\x18\x02 \x01(\t\x12\'\n\x08policies\x18\x03 \x03(\x0b\x32\x15.pulumirpc.PolicyInfo\x12\x0f\n\x07version\x18\x04 \x01(\t\x12\x16\n\x0esupportsConfig\x18\x05 \x01(\x08\"\xc1\x01\n\nPolicyInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x13\n\x0b\x64isplayName\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12\x0f\n\x07message\x18\x04 \x01(\t\x12\x35\n\x10\x65nforcementLevel\x18\x05 \x01(\x0e\x32\x1b.pulumirpc.EnforcementLevel\x12\x33\n\x0c\x63onfigSchema\x18\x06 \x01(\x0b\x32\x1d.pulumirpc.PolicyConfigSchema\"S\n\x12PolicyConfigSchema\x12+\n\nproperties\x18\x01 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x10\n\x08required\x18\x02 \x03(\t\"r\n\x0cPolicyConfig\x12\x35\n\x10\x65nforcementLevel\x18\x01 \x01(\x0e\x32\x1b.pulumirpc.EnforcementLevel\x12+\n\nproperties\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct\"\xb5\x01\n\x18\x43onfigureAnalyzerRequest\x12K\n\x0cpolicyConfig\x18\x01 \x03(\x0b\x32\x35.pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry\x1aL\n\x11PolicyConfigEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12&\n\x05value\x18\x02 \x01(\x0b\x32\x17.pulumirpc.PolicyConfig:\x02\x38\x01*=\n\x10\x45nforcementLevel\x12\x0c\n\x08\x41\x44VISORY\x10\x00\x12\r\n\tMANDATORY\x10\x01\x12\x0c\n\x08\x44ISABLED\x10\x02\x32\xf0\x02\n\x08\x41nalyzer\x12\x42\n\x07\x41nalyze\x12\x19.pulumirpc.AnalyzeRequest\x1a\x1a.pulumirpc.AnalyzeResponse\"\x00\x12L\n\x0c\x41nalyzeStack\x12\x1e.pulumirpc.AnalyzeStackRequest\x1a\x1a.pulumirpc.AnalyzeResponse\"\x00\x12\x44\n\x0fGetAnalyzerInfo\x12\x16.google.protobuf.Empty\x1a\x17.pulumirpc.AnalyzerInfo\"\x00\x12@\n\rGetPluginInfo\x12\x16.google.protobuf.Empty\x1a\x15.pulumirpc.PluginInfo\"\x00\x12J\n\tConfigure\x12#.pulumirpc.ConfigureAnalyzerRequest\x1a\x16.google.protobuf.Empty\"\x00\x62\x06proto3'
,
dependencies=[plugin__pb2.DESCRIPTOR,google_dot_protobuf_dot_empty__pb2.DESCRIPTOR,google_dot_protobuf_dot_struct__pb2.DESCRIPTOR,])
@ -40,17 +40,22 @@ _ENFORCEMENTLEVEL = _descriptor.EnumDescriptor(
name='MANDATORY', index=1, number=1,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='DISABLED', index=2, number=2,
serialized_options=None,
type=None),
],
containing_type=None,
serialized_options=None,
serialized_start=1845,
serialized_end=1892,
serialized_start=2308,
serialized_end=2369,
)
_sym_db.RegisterEnumDescriptor(_ENFORCEMENTLEVEL)
EnforcementLevel = enum_type_wrapper.EnumTypeWrapper(_ENFORCEMENTLEVEL)
ADVISORY = 0
MANDATORY = 1
DISABLED = 2
@ -621,6 +626,13 @@ _ANALYZERINFO = _descriptor.Descriptor(
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='supportsConfig', full_name='pulumirpc.AnalyzerInfo.supportsConfig', index=4,
number=5, type=8, cpp_type=7, label=1,
has_default_value=False, default_value=False,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
@ -633,8 +645,8 @@ _ANALYZERINFO = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=1593,
serialized_end=1700,
serialized_start=1594,
serialized_end=1725,
)
@ -680,6 +692,13 @@ _POLICYINFO = _descriptor.Descriptor(
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='configSchema', full_name='pulumirpc.PolicyInfo.configSchema', index=5,
number=6, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
@ -692,8 +711,152 @@ _POLICYINFO = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=1703,
serialized_end=1843,
serialized_start=1728,
serialized_end=1921,
)
_POLICYCONFIGSCHEMA = _descriptor.Descriptor(
name='PolicyConfigSchema',
full_name='pulumirpc.PolicyConfigSchema',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='properties', full_name='pulumirpc.PolicyConfigSchema.properties', index=0,
number=1, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='required', full_name='pulumirpc.PolicyConfigSchema.required', index=1,
number=2, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=1923,
serialized_end=2006,
)
_POLICYCONFIG = _descriptor.Descriptor(
name='PolicyConfig',
full_name='pulumirpc.PolicyConfig',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='enforcementLevel', full_name='pulumirpc.PolicyConfig.enforcementLevel', index=0,
number=1, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='properties', full_name='pulumirpc.PolicyConfig.properties', index=1,
number=2, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=2008,
serialized_end=2122,
)
_CONFIGUREANALYZERREQUEST_POLICYCONFIGENTRY = _descriptor.Descriptor(
name='PolicyConfigEntry',
full_name='pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='key', full_name='pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry.key', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=b"".decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='value', full_name='pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry.value', index=1,
number=2, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=b'8\001',
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=2230,
serialized_end=2306,
)
_CONFIGUREANALYZERREQUEST = _descriptor.Descriptor(
name='ConfigureAnalyzerRequest',
full_name='pulumirpc.ConfigureAnalyzerRequest',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='policyConfig', full_name='pulumirpc.ConfigureAnalyzerRequest.policyConfig', index=0,
number=1, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[_CONFIGUREANALYZERREQUEST_POLICYCONFIGENTRY, ],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=2125,
serialized_end=2306,
)
_ANALYZEREQUEST.fields_by_name['properties'].message_type = google_dot_protobuf_dot_struct__pb2._STRUCT
@ -713,6 +876,13 @@ _ANALYZERESPONSE.fields_by_name['diagnostics'].message_type = _ANALYZEDIAGNOSTIC
_ANALYZEDIAGNOSTIC.fields_by_name['enforcementLevel'].enum_type = _ENFORCEMENTLEVEL
_ANALYZERINFO.fields_by_name['policies'].message_type = _POLICYINFO
_POLICYINFO.fields_by_name['enforcementLevel'].enum_type = _ENFORCEMENTLEVEL
_POLICYINFO.fields_by_name['configSchema'].message_type = _POLICYCONFIGSCHEMA
_POLICYCONFIGSCHEMA.fields_by_name['properties'].message_type = google_dot_protobuf_dot_struct__pb2._STRUCT
_POLICYCONFIG.fields_by_name['enforcementLevel'].enum_type = _ENFORCEMENTLEVEL
_POLICYCONFIG.fields_by_name['properties'].message_type = google_dot_protobuf_dot_struct__pb2._STRUCT
_CONFIGUREANALYZERREQUEST_POLICYCONFIGENTRY.fields_by_name['value'].message_type = _POLICYCONFIG
_CONFIGUREANALYZERREQUEST_POLICYCONFIGENTRY.containing_type = _CONFIGUREANALYZERREQUEST
_CONFIGUREANALYZERREQUEST.fields_by_name['policyConfig'].message_type = _CONFIGUREANALYZERREQUEST_POLICYCONFIGENTRY
DESCRIPTOR.message_types_by_name['AnalyzeRequest'] = _ANALYZEREQUEST
DESCRIPTOR.message_types_by_name['AnalyzerResource'] = _ANALYZERRESOURCE
DESCRIPTOR.message_types_by_name['AnalyzerResourceOptions'] = _ANALYZERRESOURCEOPTIONS
@ -723,6 +893,9 @@ DESCRIPTOR.message_types_by_name['AnalyzeResponse'] = _ANALYZERESPONSE
DESCRIPTOR.message_types_by_name['AnalyzeDiagnostic'] = _ANALYZEDIAGNOSTIC
DESCRIPTOR.message_types_by_name['AnalyzerInfo'] = _ANALYZERINFO
DESCRIPTOR.message_types_by_name['PolicyInfo'] = _POLICYINFO
DESCRIPTOR.message_types_by_name['PolicyConfigSchema'] = _POLICYCONFIGSCHEMA
DESCRIPTOR.message_types_by_name['PolicyConfig'] = _POLICYCONFIG
DESCRIPTOR.message_types_by_name['ConfigureAnalyzerRequest'] = _CONFIGUREANALYZERREQUEST
DESCRIPTOR.enum_types_by_name['EnforcementLevel'] = _ENFORCEMENTLEVEL
_sym_db.RegisterFileDescriptor(DESCRIPTOR)
@ -812,8 +985,38 @@ PolicyInfo = _reflection.GeneratedProtocolMessageType('PolicyInfo', (_message.Me
})
_sym_db.RegisterMessage(PolicyInfo)
PolicyConfigSchema = _reflection.GeneratedProtocolMessageType('PolicyConfigSchema', (_message.Message,), {
'DESCRIPTOR' : _POLICYCONFIGSCHEMA,
'__module__' : 'analyzer_pb2'
# @@protoc_insertion_point(class_scope:pulumirpc.PolicyConfigSchema)
})
_sym_db.RegisterMessage(PolicyConfigSchema)
PolicyConfig = _reflection.GeneratedProtocolMessageType('PolicyConfig', (_message.Message,), {
'DESCRIPTOR' : _POLICYCONFIG,
'__module__' : 'analyzer_pb2'
# @@protoc_insertion_point(class_scope:pulumirpc.PolicyConfig)
})
_sym_db.RegisterMessage(PolicyConfig)
ConfigureAnalyzerRequest = _reflection.GeneratedProtocolMessageType('ConfigureAnalyzerRequest', (_message.Message,), {
'PolicyConfigEntry' : _reflection.GeneratedProtocolMessageType('PolicyConfigEntry', (_message.Message,), {
'DESCRIPTOR' : _CONFIGUREANALYZERREQUEST_POLICYCONFIGENTRY,
'__module__' : 'analyzer_pb2'
# @@protoc_insertion_point(class_scope:pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry)
})
,
'DESCRIPTOR' : _CONFIGUREANALYZERREQUEST,
'__module__' : 'analyzer_pb2'
# @@protoc_insertion_point(class_scope:pulumirpc.ConfigureAnalyzerRequest)
})
_sym_db.RegisterMessage(ConfigureAnalyzerRequest)
_sym_db.RegisterMessage(ConfigureAnalyzerRequest.PolicyConfigEntry)
_ANALYZERRESOURCE_PROPERTYDEPENDENCIESENTRY._options = None
_CONFIGUREANALYZERREQUEST_POLICYCONFIGENTRY._options = None
_ANALYZER = _descriptor.ServiceDescriptor(
name='Analyzer',
@ -821,8 +1024,8 @@ _ANALYZER = _descriptor.ServiceDescriptor(
file=DESCRIPTOR,
index=0,
serialized_options=None,
serialized_start=1895,
serialized_end=2187,
serialized_start=2372,
serialized_end=2740,
methods=[
_descriptor.MethodDescriptor(
name='Analyze',
@ -860,6 +1063,15 @@ _ANALYZER = _descriptor.ServiceDescriptor(
output_type=plugin__pb2._PLUGININFO,
serialized_options=None,
),
_descriptor.MethodDescriptor(
name='Configure',
full_name='pulumirpc.Analyzer.Configure',
index=4,
containing_service=None,
input_type=_CONFIGUREANALYZERREQUEST,
output_type=google_dot_protobuf_dot_empty__pb2._EMPTY,
serialized_options=None,
),
])
_sym_db.RegisterServiceDescriptor(_ANALYZER)

17
sdk/python/lib/pulumi/runtime/proto/analyzer_pb2_grpc.py
View file

@ -39,6 +39,11 @@ class AnalyzerStub(object):
request_serializer=google_dot_protobuf_dot_empty__pb2.Empty.SerializeToString,
response_deserializer=plugin__pb2.PluginInfo.FromString,
)
self.Configure = channel.unary_unary(
'/pulumirpc.Analyzer/Configure',
request_serializer=analyzer__pb2.ConfigureAnalyzerRequest.SerializeToString,
response_deserializer=google_dot_protobuf_dot_empty__pb2.Empty.FromString,
)
class AnalyzerServicer(object):
@ -79,6 +84,13 @@ class AnalyzerServicer(object):
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
def Configure(self, request, context):
"""Configure configures the analyzer, passing configuration properties for each policy.
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
def add_AnalyzerServicer_to_server(servicer, server):
rpc_method_handlers = {
@ -102,6 +114,11 @@ def add_AnalyzerServicer_to_server(servicer, server):
request_deserializer=google_dot_protobuf_dot_empty__pb2.Empty.FromString,
response_serializer=plugin__pb2.PluginInfo.SerializeToString,
),
'Configure': grpc.unary_unary_rpc_method_handler(
servicer.Configure,
request_deserializer=analyzer__pb2.ConfigureAnalyzerRequest.FromString,
response_serializer=google_dot_protobuf_dot_empty__pb2.Empty.SerializeToString,
),
}
generic_handler = grpc.method_handlers_generic_handler(
'pulumirpc.Analyzer', rpc_method_handlers)