gcp-pac

This NPM package offers a growing collection of policies specifically tailored for Pulumi TypeScript applications on Google Cloud Platform (GCP). Created to simplify Policy As Code implementation, these policies cater to various operational needs encountered in day-to-day cloud infrastructure management.

Explore an expanding set of policies designed to enhance security, ensure compliance, and optimize efficiency within your Pulumi TypeScript workflows on GCP.

Installation

npm install gcp-pac --save-dev

Usage

pulumi preview --policy-pack ./node_modules/gcp-pac

Will output something like this:

Loading policy packs...

     Type                     Name                  Plan       Info
     pulumi:pulumi:Stack      my-stack             
 ~   └─ gcp:cloudrun:Service  default               update     [diff: ~metadata,template]

Policies:
    ⚠️ gcp-pac@v1.0.0 (local: node_modules/gcp-pac)
        - [advisory]  cloudrun-disallow-public-ingress  (gcp:cloudrun/service:Service: default)
          Check that CloudRun services do not have public ingress set to 'all'.
          CloudRun services should not have public ingress set to 'all'. Use a load balancer instead.

Override enforcementLevel to mandatory to fail the preview if the policy is not met. First, create a json file for specific ploicies:

{
  "cloudrun-disallow-public-ingress": "mandatory"
}

or, for all policies:

{
  "all": "mandatory"
}

Then, run the following command:

pulumi preview --policy-pack ./node_modules/gcp-pac --policy-pack-config policy.json

which will fail the preview if any policy is not met:

Loading policy packs...

     Type                     Name                  Plan       Info
     pulumi:pulumi:Stack      my-stack             1 error
 ~   └─ gcp:cloudrun:Service  default               update     [diff: ~metadata,template]

Policies:
    ❌ gcp-pac@v1.0.0 (local: node_modules/gcp-pac)
        - [mandatory]  cloudrun-disallow-public-ingress  (gcp:cloudrun/service:Service: default)
          Check that CloudRun services do not have public ingress set to 'all'.
          CloudRun services should not have public ingress set to 'all'. Use a load balancer instead.

Diagnostics:
  pulumi:pulumi:Stack (my-stack):
    error: preview failed

For more information, see Enforcement Leve from Pulumi documentation.

Issues, Features, Feedback

Your input matters. Feel free to open issues for bugs, feature requests, or any feedback you may have. Check if a similar issue exists before creating a new one, and please use clear titles and explanations to help understand your point better. Your thoughts help me improve this project!

How to Contribute

🌟 Thank you for considering contributing to my project! Your efforts are incredibly valuable. To get started:

Fork the repository.
Create your feature branch: git checkout -b feature/YourFeature
Commit your changes: git commit -am 'Add: YourFeature'
Push to the branch: git push origin feature/YourFeature
Submit a pull request! 🚀

Name		Name	Last commit message	Last commit date
Latest commit History 233 Commits
.github		.github
.husky		.husky
__tests__		__tests__
scripts		scripts
src		src
.editorconfig		.editorconfig
.eslintignore		.eslintignore
.gitignore		.gitignore
.npmignore		.npmignore
.prettierignore		.prettierignore
.prettierrc.json		.prettierrc.json
CHANGELOG.md		CHANGELOG.md
CODEOWNERS		CODEOWNERS
LICENSE		LICENSE
PulumiPolicy.yaml		PulumiPolicy.yaml
README.md		README.md
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json
version.txt		version.txt

License

losisin/gcp-pac

Folders and files

Latest commit

History

Repository files navigation

gcp-pac

Installation

Usage

Issues, Features, Feedback

How to Contribute

About

Topics

Resources

License

Stars

Watchers

Forks

Languages