pulumi/sdk/go/common/resource/plugin/analyzer.go

160 lines
6.3 KiB
Go
Raw Permalink Normal View History

2018-05-22 19:43:36 +00:00
// Copyright 2016-2018, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package plugin
import (
"io"
"github.com/pulumi/pulumi/sdk/v3/go/common/apitype"
"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
"github.com/pulumi/pulumi/sdk/v3/go/common/tokens"
"github.com/pulumi/pulumi/sdk/v3/go/common/workspace"
)
// Analyzer provides a pluggable interface for performing arbitrary analysis of entire projects/stacks/snapshots, and/or
// individual resources, for arbitrary issues. These might be style, policy, correctness, security, or performance
// related. This interface hides the messiness of the underlying machinery, since providers are behind an RPC boundary.
type Analyzer interface {
// Closer closes any underlying OS resources associated with this provider (like processes, RPC channels, etc).
io.Closer
// Name fetches an analyzer's qualified name.
Name() tokens.QName
// Analyze analyzes a single resource object, and returns any errors that it finds.
// Is called before the resource is modified.
Analyze(r AnalyzerResource) ([]AnalyzeDiagnostic, error)
// AnalyzeStack analyzes all resources after a successful preview or update.
// Is called after all resources have been processed, and all changes applied.
AnalyzeStack(resources []AnalyzerStackResource) ([]AnalyzeDiagnostic, error)
// Remediate is given the opportunity to optionally transform a single resource's properties.
Remediate(r AnalyzerResource) ([]Remediation, error)
// GetAnalyzerInfo returns metadata about the analyzer (e.g., list of policies contained).
GetAnalyzerInfo() (AnalyzerInfo, error)
// GetPluginInfo returns this plugin's information.
GetPluginInfo() (workspace.PluginInfo, error)
// Configure configures the analyzer, passing configuration properties for each policy.
Configure(policyConfig map[string]AnalyzerPolicyConfig) error
}
// AnalyzerResource mirrors a resource that is passed to `Analyze`.
type AnalyzerResource struct {
URN resource.URN
Type tokens.Type
Allow anything in resource names (#14107) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> Fixes https://github.com/pulumi/pulumi/issues/13968. Fixes https://github.com/pulumi/pulumi/issues/8949. This requires changing the parsing of URN's slightly, it is _very_ likely that providers will need to update to handle URNs like this correctly. This changes resource names to be `string` not `QName`. We never validated this before and it turns out that users have put all manner of text for resource names so we just updating the system to correctly reflect that. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-11-20 08:59:00 +00:00
Name string
Properties resource.PropertyMap
Options AnalyzerResourceOptions
Provider *AnalyzerProviderResource
}
// AnalyzerStackResource mirrors a resource that is passed to `AnalyzeStack`.
type AnalyzerStackResource struct {
AnalyzerResource
Parent resource.URN // an optional parent URN for this resource.
Dependencies []resource.URN // dependencies of this resource object.
PropertyDependencies map[resource.PropertyKey][]resource.URN // the set of dependencies that affect each property.
}
// AnalyzerResourceOptions mirrors resource options sent to the analyzer.
type AnalyzerResourceOptions struct {
Protect bool // true to protect this resource from deletion.
IgnoreChanges []string // a list of property names to ignore during changes.
DeleteBeforeReplace *bool // true if this resource should be deleted prior to replacement.
AdditionalSecretOutputs []resource.PropertyKey // outputs that should always be treated as secrets.
AliasURNs []resource.URN // additional URNs that should be aliased to this resource.
Aliases []resource.Alias // additional URNs that should be aliased to this resource.
CustomTimeouts resource.CustomTimeouts // an optional config object for resource options
}
// AnalyzerProviderResource mirrors a resource's provider sent to the analyzer.
type AnalyzerProviderResource struct {
URN resource.URN
Type tokens.Type
Allow anything in resource names (#14107) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> Fixes https://github.com/pulumi/pulumi/issues/13968. Fixes https://github.com/pulumi/pulumi/issues/8949. This requires changing the parsing of URN's slightly, it is _very_ likely that providers will need to update to handle URNs like this correctly. This changes resource names to be `string` not `QName`. We never validated this before and it turns out that users have put all manner of text for resource names so we just updating the system to correctly reflect that. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-11-20 08:59:00 +00:00
Name string
Properties resource.PropertyMap
}
2019-06-10 22:20:44 +00:00
// AnalyzeDiagnostic indicates that resource analysis failed; it contains the property and reason
// for the failure.
type AnalyzeDiagnostic struct {
2019-06-13 23:14:48 +00:00
PolicyName string
PolicyPackName string
PolicyPackVersion string
Description string
Message string
Tags []string
EnforcementLevel apitype.EnforcementLevel
URN resource.URN
}
// Remediation indicates that a resource remediation took place, and contains the resulting
// transformed properties and associated metadata.
type Remediation struct {
PolicyName string
Description string
PolicyPackName string
PolicyPackVersion string
URN resource.URN
Properties resource.PropertyMap
Diagnostic string
}
// AnalyzerInfo provides metadata about a PolicyPack inside an analyzer.
type AnalyzerInfo struct {
Name string
DisplayName string
Version string
SupportsConfig bool
Policies []AnalyzerPolicyInfo
InitialConfig map[string]AnalyzerPolicyConfig
}
// AnalyzerPolicyInfo defines the metadata for an individual Policy within a Policy Pack.
type AnalyzerPolicyInfo struct {
// Unique URL-safe name for the policy. This is unique to a specific version
// of a Policy Pack.
Name string
DisplayName string
// Description is used to provide more context about the purpose of the policy.
Description string
EnforcementLevel apitype.EnforcementLevel
// Message is the message that will be displayed to end users when they violate
// this policy.
Message string
// ConfigSchema is optional config schema for the policy.
ConfigSchema *AnalyzerPolicyConfigSchema
}
// JSONSchema represents a JSON schema.
type JSONSchema map[string]interface{}
// AnalyzerPolicyConfigSchema provides metadata about a policy's configuration.
type AnalyzerPolicyConfigSchema struct {
// Map of config property names to JSON schema.
Properties map[string]JSONSchema
// Required config properties
Required []string
}
// AnalyzerPolicyConfig is the configuration for a policy.
type AnalyzerPolicyConfig struct {
// Configured enforcement level for the policy.
EnforcementLevel apitype.EnforcementLevel
// Configured properties of the policy.
Properties map[string]interface{}
}