This change introduces the basic requirements for analyzers, as per pulumi/coconut#119. In particular, an analyzer can implement either, or both, of the RPC methods, Analyze and AnalyzeResource. The former is meant to check an overall deployment (e.g., to ensure it has been signed off on) and the latter is to check individual resources (e.g., to ensure properties of them are correct, such as checking style, security, etc. rules). These run simultaneous to overall checking. Analyzers are loaded as plugins just like providers are. The difference is mainly in their naming ("analyzer-" prefix, rather than "resource-"), and the RPC methods that they support. This isn't 100% functional since we need a way to specify at the CLI that a particular analyzer should be run, in addition to a way of recording which analyzers certain projects should use in their manifests.
44 lines
1.5 KiB
Protocol Buffer
44 lines
1.5 KiB
Protocol Buffer
// Copyright 2016 Pulumi, Inc. All rights reserved.
|
|
|
|
syntax = "proto3";
|
|
|
|
import "google/protobuf/struct.proto";
|
|
|
|
package cocorpc;
|
|
|
|
// ResourceAnalyzer is a pluggable service that checks entire projects/stacks/snapshots, and/or individual resources,
|
|
// for arbitrary issues. These might be style, policy, correctness, security, or performance related.
|
|
service ResourceAnalyzer {
|
|
// Analyze analyzes an entire project/stack/snapshot, and returns any errors that it finds.
|
|
rpc Analyze(AnalyzeRequest) returns (AnalyzeResponse) {}
|
|
// AnalyzeResource analyzes a single resource object, and returns any errors that it finds.
|
|
rpc AnalyzeResource(AnalyzeResourceRequest) returns (AnalyzeResourceResponse) {}
|
|
}
|
|
|
|
message AnalyzeRequest {
|
|
string pkg = 1; // the fully resolved package URL being deployed.
|
|
}
|
|
|
|
message AnalyzeResponse {
|
|
repeated AnalyzeFailure failures = 1; // the failures (or empty if none).
|
|
}
|
|
|
|
message AnalyzeFailure {
|
|
string reason = 1; // the reason that the analyzer rejected the request.
|
|
}
|
|
|
|
message AnalyzeResourceRequest {
|
|
string type = 1; // the type token of the resource.
|
|
google.protobuf.Struct properties = 2; // the full properties to use for validation.
|
|
}
|
|
|
|
message AnalyzeResourceResponse {
|
|
repeated AnalyzeResourceFailure failures = 1; // the failures (or empty if none).
|
|
}
|
|
|
|
message AnalyzeResourceFailure {
|
|
string property = 1; // the property that the analyzer rejected (or "" if general).
|
|
string reason = 2; // the reason that the analyzer rejected the request.
|
|
}
|
|
|