Justin Van Patten

We recently made a change to the CLI that broke stack validations. Mikhail happened to be doing some work that uncovered the regression. Otherwise, we may not have noticed the...

[From Joe](https://github.com/pulumi/pulumi-policy/issues/98#issuecomment-557814921): > I am only now realizing policy plugins don't work the way I had thought. > > Instead of having a plugin per policy pack, we have a...

Config: Have a way of indicating a config property value is "sensitive"

2

This would ensure any sensitive config values are filtered from logs/output. Are these encrypted at rest, or just for filtering from logs/output?

Provide a "nolint" capability

1

Question from a customer: > Can you “acknowledge” a CrossGuard-policy, `enforcementLevel: "advisory"`, directly at the resource? To get this check out of the list of policy violations. Similar like `nolint`...

Question from a customer: > How can you check if a value is a secret value, i.e. encrypted in the stack? Just read that [secrets are unencrypted in policy-pack checks](https://www.pulumi.com/docs/guides/crossguard/faq/#how-are-secrets-handled-in-policies)....

We have some integration tests for publishing Node.js policy packs in `pulumi/pulumi` but they are currently disabled (https://github.com/pulumi/pulumi/issues/4149 tracks fixing/re-enabling). As part of re-enabling those, we need to add a...

We should consider making the `name` and `description` args optional for `ResourceValidationPolicy` and `StackValidationPolicy`. If no `name` is specified and a `validate` function is specified, use the function's `__name__`. Similarly,...