Hey, has anyone used the pulumi policy packs to en...
# typescriptv
victorious-church-57397
05/23/2022, 8:49 AMHey, has anyone used the pulumi policy packs to enforce aws tagging policies? have a problem running the one from the docs, getting the error:
Copy code
error: configuring policy pack "aws-mandatory-tags" at "./policy": invalid enforcement level ""victorious-church-57397
05/23/2022, 8:49 AM Copy code
import { PolicyPack } from '@pulumi/policy';
import { isTaggable } from './utils';
new PolicyPack('aws-mandatory-tags', {
policies: [
{
name: 'aws-mandatory-tags',
description:
'AWS tagging policy',
enforcementLevel: 'mandatory',
configSchema: {
properties: {
requiredTags: {
type: 'array',
items: { type: 'string' },
},
},
},
validateResource: (args, reportViolation) => {
const config = args.getConfig<AwsTagsPolicyConfig>();
const requiredTags = config.requiredTags;
if (requiredTags && isTaggable(args.type)) {
const ts = args.props['tags'];
for (const rt of requiredTags) {
if (!ts || !ts[rt]) {
reportViolation(`Taggable resource '${args.urn}' is missing required tag '${rt}'`);
}
}
}
},
},
],
});
type AwsTagsPolicyConfig = {
requiredTags?: string[];
};victorious-church-57397
05/23/2022, 8:50 AMas per documentation here: https://www.pulumi.com/blog/automatically-enforcing-aws-resource-tagging-policies/
victorious-church-57397
05/23/2022, 8:50 AM Copy code
{
"all": "mandatory",
"check-required-tags": {
"requiredTags": [
"stack-name",
"service",
"environment",
"owner",
"data-classification",
"repository_url"
]
}
}victorious-church-57397
05/23/2022, 8:54 AMhave tried removing the enforcement level argument from the index.ts and from the policy-config.json, inspected the code and looks like enforcement level is one of ‘disabled’, ‘mandatory’ or advisory
victorious-church-57397
05/23/2022, 6:05 PMsorted this, was a config mismatch 🙂