Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Pulumi program context to ResourceValidationArgs and StackValidationArgs #333

Open
jkodroff opened this issue Feb 13, 2024 · 2 comments
Labels
kind/enhancement Improvements or new features

Comments

@jkodroff
Copy link
Member

jkodroff commented Feb 13, 2024

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I'm trying to run the Snyk CLI in a resource validation policy to validate a docker.Image resource:

const image = new docker.Image("my-image", {
  imageName: "docker.io/joshkodroff/pulumi-policy-test",
  buildOnPreview: false,
  build: {
    dockerfile: "./Dockerfile",
    platform: "linux/amd64"
  }
});

I can get it working for basic scanning, but Snyk has an option to pass a --file /path/to/Dockerfile argument to provide additional suggestions for remediation. I can't seem to find a way get the directory of the Pulumi program. (process.cwd() gives me the path to the policy instead of the path to the Pulumi program.)

It would be useful if ResourceValidationArgs included something like a stackContext or similar object with things like the stack name, program name, full path to the Pulumi program, etc. Could also be helpful to know whether we're in preview or up.

UPDATE: StackValidation would likewise benefit from the same.

Affected area/feature

@jkodroff jkodroff added kind/enhancement Improvements or new features needs-triage Needs attention from the triage team labels Feb 13, 2024
@justinvp justinvp removed the needs-triage Needs attention from the triage team label Feb 14, 2024
@justinvp
Copy link
Member

Note that some of this information you can already get via:

pulumi.runtime.isDryRun()
pulumi.getProject()
pulumi.getStack()

Which will work inside a policy.

I don't think we have a way to get the path of the program.

Having something like a stackContext that has all this information would be useful, if nothing else for discoverability of the information.

@jkodroff jkodroff changed the title Add stack context to ResourceValidationArgs Add Pulumi program context to ResourceValidationArgs and StackValidationArgs Mar 15, 2024
@jkodroff
Copy link
Member Author

@justinvp And... I am kicking myself for missing this comment. I had no idea these would work, and it's damn useful that they do! I'm gonna give this a try.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement Improvements or new features
Projects
None yet
Development

No branches or pull requests

2 participants