maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
pulumi/sdk/proto/analyzer.proto
Justin Van Patten 6c84b008d8
Send resource URN and name to analyzer (#3554) 
More information we want to make available to policy packs.
2019-11-21 21:01:15 +00:00

98 lines
4.6 KiB
Protocol Buffer
Raw Blame History

// Copyright 2016-2018, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
import "plugin.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";
package pulumirpc;
// Analyzer provides a pluggable interface for checking resource definitions against some number of
// resource policies. It is intentionally open-ended, allowing for implementations that check
// everything from raw resource definitions to entire projects/stacks/snapshots for arbitrary
// issues -- style, policy, correctness, security, and so on.
service Analyzer {
// Analyze analyzes a single resource object, and returns any errors that it finds.
// Called with the "inputs" to the resource, before it is updated.
rpc Analyze(AnalyzeRequest) returns (AnalyzeResponse) {}
// AnalyzeStack analyzes all resources within a stack, at the end of a successful
// preview or update. The provided resources are the "outputs", after any mutations
// have taken place.
rpc AnalyzeStack(AnalyzeStackRequest) returns (AnalyzeResponse) {}
// GetAnalyzerInfo returns metadata about the analyzer (e.g., list of policies contained).
rpc GetAnalyzerInfo(google.protobuf.Empty) returns (AnalyzerInfo) {}
// GetPluginInfo returns generic information about this plugin, like its version.
rpc GetPluginInfo(google.protobuf.Empty) returns (PluginInfo) {}
}
message AnalyzeRequest {
string type = 1; // the type token of the resource.
google.protobuf.Struct properties = 2; // the full properties to use for validation.
string urn = 3;
string name = 4;
}
// Resource defines the view of a Pulumi-managed resource as sent to Analyzers. The properties
// of the resource are specific to the type of analysis being performed. See the Analyzer
// service definition for more information.
message AnalyzerResource {
string type = 1; // the type token of the resource.
google.protobuf.Struct properties = 2; // the full properties to use for validation.
string urn = 3; // the URN of the resource.
string name = 4;
}
message AnalyzeStackRequest {
repeated AnalyzerResource resources = 1;
}
message AnalyzeResponse {
repeated AnalyzeDiagnostic diagnostics = 2; // information about policy violations.
}
// EnforcementLevel indicates the severity of a policy violation.
enum EnforcementLevel {
ADVISORY = 0; // Displayed to users, but does not block deployment.
MANDATORY = 1; // Stops deployment, cannot be overridden.
}
message AnalyzeDiagnostic {
string policyName = 1; // Name of the violated policy.
string policyPackName = 2; // Name of the policy pack the policy is in.
string policyPackVersion = 3; // Version of the policy pack.
string description = 4; // Description of policy rule. e.g., "encryption enabled."
string message = 5; // Message to display on policy violation, e.g., remediation steps.
repeated string tags = 6; // Keywords/terms to associate with a policy, e.g., "cost".
EnforcementLevel enforcementLevel = 7; // Severity of the policy violation.
string urn = 8; // URN of the resource that violates the policy.
}
// AnalyzerInfo provides metadata about a PolicyPack inside an analyzer.
message AnalyzerInfo {
string name = 1; // Name of the PolicyPack.
string displayName = 2; // Pretty name for the PolicyPack.
repeated PolicyInfo policies = 3; // Metadata about policies contained in PolicyPack.
}
// PolicyInfo provides metadata about an individual Policy within a Policy Pack.
message PolicyInfo {
string name = 1; // Name of the policy.
string displayName = 2; // Pretty name for the policy.
string description = 3; // Description of policy rule. e.g., "encryption enabled."
string message = 4; // Message to display on policy violation, e.g., remediation steps.
EnforcementLevel enforcementLevel = 5; // Severity of the policy violation.
}
Reference in a new issue View git blame Copy permalink