1. Docs
  2. Pulumi IaC
  3. Using Pulumi
  4. Policy as code
  5. Policy Manager

Policy Manager

    Classes

    PolicyManager

    Class to manage policies.

    Kind: global class

    policyManager.getSelectionStats() ⇒

    The function getSelectionStats() returns statistics about the number of registered policies as well as the names and count of already selected policies and the number of policies that haven’t been selected yet.

    Kind: instance method of PolicyManager Returns: Returns a populated PolicyManagerStats.

    policyManager.displaySelectionStats() ⇒

    This function displaySelectionStats() displays general statistics about policies that have been returned by selectPolicies() and how many remain in the pool. Additional information about registered policy modules are displayed too.

    Kind: instance method of PolicyManager Returns: No value is returned.

    policyManager.resetPolicySelector()

    When executing the policy selector, it’s crucial for the function to return each policy exactly once. This ensures that the Pulumi service doesn’t return an error related to duplicated policies when a Policy Pack is published. The purpose of this function is to reset the policy filter, enabling a fresh start. Consequently, when you invoke selectPolicies(), it will take into account all the registered policies including the ones previously selected. This may add previously selected policies to your Policy Pack. This function for unit tests purpose and most users/developers shouldn’t use it.

    Kind: instance method of PolicyManager

    policyManager.getPolicyByName(name) ⇒

    This function returns a resource policy information by providing the policy name. This function for unit tests purpose and most users/developers shouldn’t use it. Note: The returned policy is not removed from the pool of available policies. If you want to select an individual policy, then you should be using selectPolicyByName() instead.

    Kind: instance method of PolicyManager Returns: The PolicyInfo if found, otherwise undefined.

    ParamDescription
    nameThe policy name to search for and return.

    policyManager.selectPolicyByName(name, enforcementLevel) ⇒

    This function searches for a policy based on the provided name. If the policy is found, then it is removed from the pool of available policies and the policy is returned. If not found, the undefined is returned.

    Kind: instance method of PolicyManager Returns: A ResourceValidationPolicy policy that matched the supplied name or undefined if the policy wasn’t found in the pool of remainingPolicies.

    ParamDescription
    nameThe policy name to search for and return.
    enforcementLevelThe desired policy enforcement Level. Valid values are advisory, mandatory and disabled.

    policyManager.selectPoliciesByName(names, enforcementLevel) ⇒

    Takes an array of policy names and set the desired enforcement level on each policy. If a provided policy name has alread been selected, then the matching policy is not returned as part of the result.

    Kind: instance method of PolicyManager Returns: An array of policies.

    ParamDescription
    namesAn array of policy names.
    enforcementLevelThe desired enforcement level for those policies.

    policyManager.selectPolicies(args, enforcementLevel) ⇒

    Select policies based on criterias provided as arguments. The selectiopn filter only returns policies that match selection criterias. Effectively, this function performs an or operation within each selection criteria, and an and operation between selection criterias. You may also provide an array of cherry-picked polcies. The function takes care of removing duplicates as well as ignoring already selected policies from previous calls. Note: Criterias are all case-insensitive. Note: Call resetPolicyfilter() to reset the selection filter and consider all policies again.

    Kind: instance method of PolicyManager Returns: An array of ResourceValidationPolicy policies that matched with the selection criterias.

    ParamDescription
    argsA bag of options containing the selection criterias, or an array of cherry-picked policies.
    enforcementLevelThe desired policy enforcement Level. Valid values are advisory, mandatory and disabled.

    policyManager.registerPolicy(args) ⇒

    Register a new policy into the pool of policies. The policy name must be unique to the pool of policies already registered or an exception is thrown. This function is used if you are authoring your own Compliance Ready Policies.

    Kind: instance method of PolicyManager Returns: a ResourceValidationPolicy object.

    ParamDescription
    argsAn object containing the policy to register as well as its additional attributes.

    policyManager.registerPolicyModule(name, version) ⇒

    This function is used by policy module to register information about themselves. This can be later used to display statistics about included packages as part of a policy-pack. This function is to be used if you are authoring your own Compliance Ready Policies.

    Kind: instance method of PolicyManager Returns: returns the package version as a string

    ParamDescription
    nameName of the policy module as stored in package.json
    versionThe module version as stored in package.json

    valToBoolean ⇒

    The function valToBoolean() is a helper because some boolean properties require a string type instead of a boolean type. The idea for this function is to allow compatibility across multiple versions of the same provider in case a property type changes from string to boolean.

    Kind: global variable Returns: The boolean value, or undefined is the conversion isn’t possible. Link: https://github.com/pulumi/pulumi-aws/issues/2257

    ParamDescription
    valA value to convert into a boolean.

    policyManager

    An instance of the PolicyManager class. Use this instance to manipulate (register, select…) policies.

    Kind: global constant

    loadPlugins(globPatterns) ⇒

    loadPlugins() loads NPM policy packages that are present in the package.json which names are matching the globPatterns. this function is typically used when you’ve authored a policy package and you want to load and register the policies it contains. A common pattern example is ["@pulumi/*-compliance-policies"] for Pulumi Compliance Ready Policies.

    Kind: global function Returns: No value is returned. Exceptions are thrown on error with a descriptive message.

    ParamDescription
    globPatternsAn array of patterns as used by micromatch.
      PulumiUP 2024. Watch On Demand.