def program():
config = Config()
config.get("plainstr1")
config.require("plainstr2")
config.get_secret("plainstr3")
config.require_secret("plainstr4")
config.get_bool("plainbool1")
config.require_bool("plainbool2")
config.get_secret_bool("plainbool3")
config.require_secret_bool("plainbool4")
config.get_int("plainint1")
config.require_int("plainint2")
config.get_secret_int("plainint3")
config.require_secret_int("plainint4")
config.get_float("plainfloat1")
config.require_float("plainfloat2")
config.get_secret_float("plainfloat3")
config.require_secret_float("plainfloat4")
config.get_object("plainobj1")
config.require_object("plainobj2")
config.get_secret_object("plainobj3")
config.require_secret_object("plainobj4")
config.get("str1")
config.require("str2")
config.get_secret("str3")
config.require_secret("str4")
config.get_bool("bool1")
config.require_bool("bool2")
config.get_secret_bool("bool3")
config.require_secret_bool("bool4")
config.get_int("int1")
config.require_int("int2")
config.get_secret_int("int3")
config.require_secret_int("int4")
config.get_float("float1")
config.require_float("float2")
config.get_secret_float("float3")
config.require_secret_float("float4")
config.get_object("obj1")
config.require_object("obj2")
config.get_secret_object("obj3")
config.require_secret_object("obj4")
def validate(r):
config = Config()
test_scenario = config.require_int("scenario")
# We only validate during the first test scenario. The subsequent test scenario is only
# used to unprotect protected resources in preparation for destroying the stack.
if test_scenario != 1:
return
t = r.resource_type
if (t == "pulumi:pulumi:Stack" or t == "pulumi:providers:pulumi-nodejs"
or t == "pulumi:providers:random"):
assert options_equal(
PolicyResourceOptions(
protect=False,
ignore_changes=[],
delete_before_replace=None,
aliases=[],
additional_secret_outputs=[],
custom_timeouts=PolicyCustomTimeouts(0, 0, 0),
), r.opts)
elif t == "pulumi-nodejs:dynamic:Resource":
validate_dynamic_resource(r)
elif t == "random:index/randomUuid:RandomUuid":
assert options_equal(
PolicyResourceOptions(
protect=False,
ignore_changes=[],
delete_before_replace=None,
aliases=[],
additional_secret_outputs=[],
custom_timeouts=PolicyCustomTimeouts(0, 0, 0),
), r.opts)
else:
raise AssertionError(f"Unexpected resource of type: '{t}'.")
policy: Optional[EnforcementLevel]
# Build a set of scenarios to test
enforcement_levels = [
EnforcementLevel.ADVISORY, EnforcementLevel.DISABLED,
EnforcementLevel.MANDATORY, None
]
scenarios: List[Scenario] = [{}]
for pack in enforcement_levels:
for policy in enforcement_levels:
scenarios.append(Scenario(pack, policy))
# Get the current scenario
config = Config()
test_scenario = config.require_int("scenario")
if test_scenario >= len(scenarios):
raise AssertionError(f"Unexpected test_scenario {test_scenario}.")
scenario = scenarios[test_scenario]
# Generate a Policy Pack name for the scenario.
pack: str = scenario.pack.value if scenario.pack is not None else "none"
policy: str = f"-{scenario.policy.value}" if scenario.policy is not None else ""
policy_pack_name = f"enforcementlevel-{pack}{policy}-test-policy"
# Whether the validate function should raise an exception (to validate that it doesn't run).
validate_function_raises = (
(scenario.pack == EnforcementLevel.DISABLED and
(scenario.policy == EnforcementLevel.DISABLED or scenario.policy is None))
or scenario.policy == EnforcementLevel.DISABLED)
ec2,
cloudwatch as cw,
iam
)
import boto3
import ipaddress
conf = Config()
ha = conf.require_bool('highAvailability')
_env = get_stack()
APP = f"{get_project()}-{_env}"
TIERS = ['public', 'app', 'data']
region = boto3.session.Session().region_name
cidr = conf.require(f"cidr.{region}")
aws_dns = conf.require_bool('useAwsDns')
max_azs = conf.require_int('maxAzs')
client = boto3.client('ec2', region_name=region)
vpc = ec2.Vpc(
resource_name=f'{APP}-vpc',
cidr_block=cidr,
enable_dns_hostnames=aws_dns,
enable_dns_support=aws_dns,
instance_tenancy='default',
tags={
'Name': APP,
'Environment': _env
}
)
