def program(): config = Config() config.get("plainstr1") config.require("plainstr2") config.get_secret("plainstr3") config.require_secret("plainstr4") config.get_bool("plainbool1") config.require_bool("plainbool2") config.get_secret_bool("plainbool3") config.require_secret_bool("plainbool4") config.get_int("plainint1") config.require_int("plainint2") config.get_secret_int("plainint3") config.require_secret_int("plainint4") config.get_float("plainfloat1") config.require_float("plainfloat2") config.get_secret_float("plainfloat3") config.require_secret_float("plainfloat4") config.get_object("plainobj1") config.require_object("plainobj2") config.get_secret_object("plainobj3") config.require_secret_object("plainobj4") config.get("str1") config.require("str2") config.get_secret("str3") config.require_secret("str4") config.get_bool("bool1") config.require_bool("bool2") config.get_secret_bool("bool3") config.require_secret_bool("bool4") config.get_int("int1") config.require_int("int2") config.get_secret_int("int3") config.require_secret_int("int4") config.get_float("float1") config.require_float("float2") config.get_secret_float("float3") config.require_secret_float("float4") config.get_object("obj1") config.require_object("obj2") config.get_secret_object("obj3") config.require_secret_object("obj4")
def validate(r): config = Config() test_scenario = config.require_int("scenario") # We only validate during the first test scenario. The subsequent test scenario is only # used to unprotect protected resources in preparation for destroying the stack. if test_scenario != 1: return t = r.resource_type if (t == "pulumi:pulumi:Stack" or t == "pulumi:providers:pulumi-nodejs" or t == "pulumi:providers:random"): assert options_equal( PolicyResourceOptions( protect=False, ignore_changes=[], delete_before_replace=None, aliases=[], additional_secret_outputs=[], custom_timeouts=PolicyCustomTimeouts(0, 0, 0), ), r.opts) elif t == "pulumi-nodejs:dynamic:Resource": validate_dynamic_resource(r) elif t == "random:index/randomUuid:RandomUuid": assert options_equal( PolicyResourceOptions( protect=False, ignore_changes=[], delete_before_replace=None, aliases=[], additional_secret_outputs=[], custom_timeouts=PolicyCustomTimeouts(0, 0, 0), ), r.opts) else: raise AssertionError(f"Unexpected resource of type: '{t}'.")
policy: Optional[EnforcementLevel] # Build a set of scenarios to test enforcement_levels = [ EnforcementLevel.ADVISORY, EnforcementLevel.DISABLED, EnforcementLevel.MANDATORY, None ] scenarios: List[Scenario] = [{}] for pack in enforcement_levels: for policy in enforcement_levels: scenarios.append(Scenario(pack, policy)) # Get the current scenario config = Config() test_scenario = config.require_int("scenario") if test_scenario >= len(scenarios): raise AssertionError(f"Unexpected test_scenario {test_scenario}.") scenario = scenarios[test_scenario] # Generate a Policy Pack name for the scenario. pack: str = scenario.pack.value if scenario.pack is not None else "none" policy: str = f"-{scenario.policy.value}" if scenario.policy is not None else "" policy_pack_name = f"enforcementlevel-{pack}{policy}-test-policy" # Whether the validate function should raise an exception (to validate that it doesn't run). validate_function_raises = ( (scenario.pack == EnforcementLevel.DISABLED and (scenario.policy == EnforcementLevel.DISABLED or scenario.policy is None)) or scenario.policy == EnforcementLevel.DISABLED)
ec2, cloudwatch as cw, iam ) import boto3 import ipaddress conf = Config() ha = conf.require_bool('highAvailability') _env = get_stack() APP = f"{get_project()}-{_env}" TIERS = ['public', 'app', 'data'] region = boto3.session.Session().region_name cidr = conf.require(f"cidr.{region}") aws_dns = conf.require_bool('useAwsDns') max_azs = conf.require_int('maxAzs') client = boto3.client('ec2', region_name=region) vpc = ec2.Vpc( resource_name=f'{APP}-vpc', cidr_block=cidr, enable_dns_hostnames=aws_dns, enable_dns_support=aws_dns, instance_tenancy='default', tags={ 'Name': APP, 'Environment': _env } )