Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support publishing and consuming policy packs using any runtime #5102

Merged
merged 3 commits into from
Aug 6, 2020
Merged

Support publishing and consuming policy packs using any runtime #5102

merged 3 commits into from
Aug 6, 2020

Conversation

lukehoban
Copy link
Member

Fixes #5089.

@lukehoban lukehoban requested a review from justinvp August 5, 2020 01:00
@lukehoban
Copy link
Member Author

Tested this out using the OPA runtime.

Publishing:

$ /opt/pulumi/bin/pulumi policy publish    
Obtaining policy metadata from policy plugin
Compressing policy pack
Uploading policy pack to Pulumi service
Publishing "kubernetes" to "lukehoban"
Published as version 1

Permalink: https://app.pulumi.com/lukehoban/policypacks/kubernetes/1

Consuming:

$ /opt/pulumi/bin/pulumi up
Previewing update (dev2):
     Type                           Name                    Plan       Info
 +   pulumi:pulumi:Stack            simple-kubernetes-dev2  create     1 error
 +   ├─ kubernetes:core:Pod         myapp                   create     
 +   └─ kubernetes:apps:Deployment  nginx                   create     
 
Diagnostics:
  pulumi:pulumi:Stack (simple-kubernetes-dev2):
    error: preview failed
 
Policy Violations:
    [advisory]  kubernetes v0.0.1  warn (nginx: kubernetes:apps/v1:Deployment)
    nginx-5kjh7i6n must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels 
    
    [mandatory]  kubernetes v0.0.1  deny (myapp: kubernetes:core/v1:Pod)
    image 'nginx' comes from untrusted registry
    
    [mandatory]  kubernetes v0.0.1  deny (myapp: kubernetes:core/v1:Pod)
    image 'mysql' comes from untrusted registry

justinvp
justinvp approved these changes Aug 5, 2020
View reviewed changes
Copy link
Member

@justinvp justinvp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@lukehoban lukehoban merged commit 4e0b5df into master Aug 6, 2020
@pulumi-bot pulumi-bot deleted the lukehoban/5089 branch August 6, 2020 23:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinvp justinvp justinvp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support publishing policy packs in any language
2 participants
@lukehoban @justinvp