pulumi-cdk icon indicating copy to clipboard operation
pulumi-cdk copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Support for cdk-nag and similar tools

Open karakter98 opened this issue 2 years ago • 2 comments

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

CDK supports adding metadata such as warnings and errors at synth time, which can be deprecation warnings (from CDK itself) or compliance checks (from tools like cdk-nag). These errors don't throw a runtime exception, they are instead added to the cloud assembly as "metadata messages".

The CDK CLI uses the StackCollection(...).processMetadataMessages(...) method to print all messages in the console and then throw. This library could use the same mechanism. I got around this by subclassing pulumicdk.Stack, so I could open a PR with my changes if this sounds like a good feature to add.

Affected area/feature

This would allow usage of cdk-nag and its comprehensive set of infrastructure compliance checks with Pulumi.

karakter98 avatar Aug 28 '23 12:08 karakter98

I got around this by subclassing pulumicdk.Stack, so I open a PR with my changes if this sounds like a good feature to add.

Yeah - a PR would be very welcome

lukehoban avatar Aug 28 '23 13:08 lukehoban

@lukehoban I opened a PR for this: #89

karakter98 avatar Sep 05 '23 13:09 karakter98