-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(core): template validation after synthesis (#23951)
Integrate policy as code tools into CDK synthesis via a plugin mechanism. Immediately after synthesis, the framework invokes all the registered plugins, collect the results and, if there are any violations, show a report to the user. Application developers register plugins to a `Stage`: ```ts const app = new App({ validationPlugins: [ new SomePolicyAgentPlugin(), new AnotherPolicyAgentPugin(), ] }); ``` Plugin authors must implement the `IPolicyValidationPlugin` interface. Hypothetical example of a CloudFormation Guard plugin: ```ts export class CfnGuardValidator implements IPolicyValidationPlugin { public readonly name = 'cfn-guard-validator'; constructor() {} validate(context: IPolicyValidationContext): PolicyValidationPluginReport { // execute the cfn-guard cli and get the JSON response from the tool const cliResultJson = executeCfnGuardCli(); // parse the results and return the violations format // that the framework expects const violations = parseGuardResults(cliResultJson); // construct the report and return it to the framework // this is a vastly over simplified example that is only // meant to show the structure of the report that is returned return { success: false, violations: [{ ruleName: violations.ruleName, recommendation: violations.recommendation, fix: violations.fix, violatingResources: [{ resourceName: violations.resourceName, locations: violations.locations, templatePath: violations.templatePath, }], }], }; } } ``` Co-authored-by: corymhall <43035978+corymhall@users.noreply.github.com>
- Loading branch information
1 parent
c13a0f1
commit d94a48b
Showing
23 changed files
with
2,672 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.