I'm trying to write a Resource Validation Policy for a bunch of Artifactory repositories (https://www.pulumi.com/registry/packages/artifactory/api-docs/) Many repository types have a boolean property that I'd like to ensure is always

true

whenever I create one of these repositories (in particular, the

xray_index

property: https://www.pulumi.com/registry/packages/artifactory/api-docs/localgenericrepository/#xray_index_python). I know that I can explicitly check the type of the resource first and then see if the property is set:

if args.resource_type in ["artifactory:index/localGenericRepository:LocalGenericRepository", ...]:
  if not args.props.get("xrayIndex"):
    report_violation(...)

However, I was wondering if it would instead be possible to just see if the resource had an

xrayIndex

property (without listing out all the resource types explicitly). However, it only appears that I have access to whatever properties happen to have been set on the concrete resource. Since this particular boolean property defaults to

false

, this makes any resources that are in violation "invisible" to this kind of checking logic. Is there any way in a policy to see all the possible properties a resource could have, rather than just the ones that have been set on any given instance? After typing this out, I think I may end up sticking with the more explicit approach, but now I'm curious 😅