Skip to content
/ gcp-pac Public

GCP Policy as Code (gcp-pac) for your Pulumi typescript apps

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

losisin/gcp-pac

BranchesTags

Repository files navigation

gcp-pac

CI Static Badge npm NPM total downloads

This NPM package offers a growing collection of policies specifically tailored for Pulumi TypeScript applications on Google Cloud Platform (GCP). Created to simplify Policy As Code implementation, these policies cater to various operational needs encountered in day-to-day cloud infrastructure management.

Explore an expanding set of policies designed to enhance security, ensure compliance, and optimize efficiency within your Pulumi TypeScript workflows on GCP.

Installation

npm install gcp-pac --save-dev

Usage

pulumi preview --policy-pack ./node_modules/gcp-pac

Will output something like this:

Loading policy packs...

     Type                     Name                  Plan       Info
     pulumi:pulumi:Stack      my-stack             
 ~   └─ gcp:cloudrun:Service  default               update     [diff: ~metadata,template]

Policies:
    ⚠️ gcp-pac@v1.0.0 (local: node_modules/gcp-pac)
        - [advisory]  cloudrun-disallow-public-ingress  (gcp:cloudrun/service:Service: default)
          Check that CloudRun services do not have public ingress set to 'all'.
          CloudRun services should not have public ingress set to 'all'. Use a load balancer instead.

Override enforcementLevel to mandatory to fail the preview if the policy is not met. First, create a json file for specific ploicies:

{
  "cloudrun-disallow-public-ingress": "mandatory"
}

or, for all policies:

{
  "all": "mandatory"
}

Then, run the following command:

pulumi preview --policy-pack ./node_modules/gcp-pac --policy-pack-config policy.json

which will fail the preview if any policy is not met:

Loading policy packs...

     Type                     Name                  Plan       Info
     pulumi:pulumi:Stack      my-stack             1 error
 ~   └─ gcp:cloudrun:Service  default               update     [diff: ~metadata,template]

Policies:
    ❌ gcp-pac@v1.0.0 (local: node_modules/gcp-pac)
        - [mandatory]  cloudrun-disallow-public-ingress  (gcp:cloudrun/service:Service: default)
          Check that CloudRun services do not have public ingress set to 'all'.
          CloudRun services should not have public ingress set to 'all'. Use a load balancer instead.

Diagnostics:
  pulumi:pulumi:Stack (my-stack):
    error: preview failed

For more information, see Enforcement Leve from Pulumi documentation.

Issues, Features, Feedback

Your input matters. Feel free to open issues for bugs, feature requests, or any feedback you may have. Check if a similar issue exists before creating a new one, and please use clear titles and explanations to help understand your point better. Your thoughts help me improve this project!

How to Contribute

🌟 Thank you for considering contributing to my project! Your efforts are incredibly valuable. To get started:

  1. Fork the repository.
  2. Create your feature branch: git checkout -b feature/YourFeature
  3. Commit your changes: git commit -am 'Add: YourFeature'
  4. Push to the branch: git push origin feature/YourFeature
  5. Submit a pull request! 🚀

About

GCP Policy as Code (gcp-pac) for your Pulumi typescript apps

Topics

npm typescript gcp pulumi policy-as-code pulumi-typescript

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 32

v1.9.15 Latest
Sep 18, 2024
+ 31 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages