# Analysis ## Services (pulumirpc.Analyzer)= ### 馃攲 Analyzer Analyzer provides a pluggable interface for checking resource definitions against some number of resource policies. It is intentionally open-ended, allowing for implementations that check everything from raw resource definitions to entire projects/stacks/snapshots for arbitrary issues -- style, policy, correctness, security, and so on. (pulumirpc.Analyzer.Analyze)= #### 馃摓 Analyze 猡碉笍 [AnalyzeRequest](#pulumirpc.AnalyzeRequest) 猡达笍 [AnalyzeResponse](#pulumirpc.AnalyzeResponse) Analyze analyzes a single resource object, and returns any errors that it finds. Called with the "inputs" to the resource, before it is updated. (pulumirpc.Analyzer.AnalyzeStack)= #### 馃摓 AnalyzeStack 猡碉笍 [AnalyzeStackRequest](#pulumirpc.AnalyzeStackRequest) 猡达笍 [AnalyzeResponse](#pulumirpc.AnalyzeResponse) AnalyzeStack analyzes all resources within a stack, at the end of a successful preview or update. The provided resources are the "outputs", after any mutations have taken place. (pulumirpc.Analyzer.Remediate)= #### 馃摓 Remediate 猡碉笍 [AnalyzeRequest](#pulumirpc.AnalyzeRequest) 猡达笍 [RemediateResponse](#pulumirpc.RemediateResponse) Remediate optionally transforms a single resource object. This effectively rewrites a single resource object's properties instead of using what was generated by the program. (pulumirpc.Analyzer.GetAnalyzerInfo)= #### 馃摓 GetAnalyzerInfo 猡碉笍 [.google.protobuf.Empty](#google.protobuf.Empty) 猡达笍 [AnalyzerInfo](#pulumirpc.AnalyzerInfo) GetAnalyzerInfo returns metadata about the analyzer (e.g., list of policies contained). (pulumirpc.Analyzer.GetPluginInfo)= #### 馃摓 GetPluginInfo 猡碉笍 [.google.protobuf.Empty](#google.protobuf.Empty) 猡达笍 [PluginInfo](#pulumirpc.PluginInfo) GetPluginInfo returns generic information about this plugin, like its version. (pulumirpc.Analyzer.Configure)= #### 馃摓 Configure 猡碉笍 [ConfigureAnalyzerRequest](#pulumirpc.ConfigureAnalyzerRequest) 猡达笍 [.google.protobuf.Empty](#google.protobuf.Empty) Configure configures the analyzer, passing configuration properties for each policy. (pulumirpc.Analyzer.Handshake)= #### 馃摓 Handshake 猡碉笍 [AnalyzerHandshakeRequest](#pulumirpc.AnalyzerHandshakeRequest) 猡达笍 [AnalyzerHandshakeResponse](#pulumirpc.AnalyzerHandshakeResponse) `Handshake` is the first call made by the engine to an analyzer. It is used to pass the engine's address to the analyzer so that it may establish its own connections back, and to establish protocol configuration that will be used to communicate between the two parties. (pulumirpc.Analyzer.ConfigureStack)= #### 馃摓 ConfigureStack 猡碉笍 [AnalyzerStackConfigureRequest](#pulumirpc.AnalyzerStackConfigureRequest) 猡达笍 [AnalyzerStackConfigureResponse](#pulumirpc.AnalyzerStackConfigureResponse) `ConfigureStack` is always called if the engine is using the analyzer to analyze resources in a specific stack. This method is not always called, for example if the engine is just booting the analyzer up to call GetAnalyzerInfo. (pulumirpc.Analyzer.Cancel)= #### 馃摓 Cancel 猡碉笍 [.google.protobuf.Empty](#google.protobuf.Empty) 猡达笍 [.google.protobuf.Empty](#google.protobuf.Empty) Cancel signals the analyzer to gracefully shut down and abort any ongoing analysis operations. Operations aborted in this way will return an error. Since Cancel is advisory and non-blocking, it is up to the host to decide how long to wait after Cancel is called before (e.g.) hard-closing any gRPC connection. ## Messages (pulumirpc.AnalyzeDiagnostic)= ### 馃摠 AnalyzeDiagnostic `policyName` [string](#string) : Name of the violated policy. `policyPackName` [string](#string) : Name of the policy pack the policy is in. `policyPackVersion` [string](#string) : Version of the policy pack. `description` [string](#string) : Description of policy rule. e.g., "encryption enabled." `message` [string](#string) : Message to display on policy violation, e.g., remediation steps. `enforcementLevel` [EnforcementLevel](#pulumirpc.EnforcementLevel) : Enforcement level of the policy violation. `urn` [string](#string) : URN of the resource that violates the policy. `severity` [PolicySeverity](#pulumirpc.PolicySeverity) : Severity of the policy violation. (pulumirpc.AnalyzeRequest)= ### 馃摠 AnalyzeRequest `type` [string](#string) : the type token of the resource. `properties` [google.protobuf.Struct](#google.protobuf.Struct) : the full properties to use for validation. `urn` [string](#string) : the URN of the resource. `name` [string](#string) : the name for the resource's URN. `options` [AnalyzerResourceOptions](#pulumirpc.AnalyzerResourceOptions) : the resource options. `provider` [AnalyzerProviderResource](#pulumirpc.AnalyzerProviderResource) : the resource's provider. (pulumirpc.AnalyzeResponse)= ### 馃摠 AnalyzeResponse `diagnostics` [AnalyzeDiagnostic](#pulumirpc.AnalyzeDiagnostic) : information about policy violations. `not_applicable` [PolicyNotApplicable](#pulumirpc.PolicyNotApplicable) : information about policies that were not applicable. (pulumirpc.AnalyzeStackRequest)= ### 馃摠 AnalyzeStackRequest `resources` [AnalyzerResource](#pulumirpc.AnalyzerResource) : <No description> (pulumirpc.AnalyzerHandshakeRequest)= ### 馃摠 AnalyzerHandshakeRequest `AnalyzerHandshakeRequest` is the type of requests sent as part of a [](pulumirpc.Analyzer.Handshake) call. `engine_address` [string](#string) : The gRPC address of the engine handshaking with the analyzer. At a minimum, this address will expose an instance of the [](pulumirpc.Engine) service. `root_directory` [string](#string) : A *root directory* where the analyzer's binary, `PulumiPolicy.yaml`, or other identifying source code is located. In the event that the analyzer is *not* being booted by the engine (e.g. in the case that the engine has been asked to attach to an existing running analyzer instance via a host/port number), this field will be empty. `program_directory` [string](#string) : A *program directory* in which the analyzer should execute. This is generally a subdirectory of the root directory, though this is not required. In the event that the analyzer is *not* being booted by the engine (e.g. in the case that the engine has been asked to attach to an existing running analyzer instance via a host/port number), this field will be empty. (pulumirpc.AnalyzerHandshakeResponse)= ### 馃摠 AnalyzerHandshakeResponse `AnalyzerHandshakeResponse` is the type of responses sent by a [](pulumirpc.Analyzer.Handshake) call. (pulumirpc.AnalyzerInfo)= ### 馃摠 AnalyzerInfo AnalyzerInfo provides metadata about a PolicyPack inside an analyzer. `name` [string](#string) : Name of the PolicyPack. `displayName` [string](#string) : Pretty name for the PolicyPack. `policies` [PolicyInfo](#pulumirpc.PolicyInfo) : Metadata about policies contained in PolicyPack. `version` [string](#string) : Version of the Policy Pack. `supportsConfig` [bool](#bool) : Whether the Policy Pack supports config. `initialConfig` [AnalyzerInfo.InitialConfigEntry](#pulumirpc.AnalyzerInfo.InitialConfigEntry) : Map of policy name to config. `description` [string](#string) : Description of the policy pack. `readme` [string](#string) : README text for the policy pack. `provider` [string](#string) : Cloud provider/platform associated with the policy pack. `tags` [string](#string) : Tags for this policy pack. `repository` [string](#string) : A URL to the repository where the policy pack is defined. (pulumirpc.AnalyzerInfo.InitialConfigEntry)= ### 馃摠 InitialConfigEntry `key` [string](#string) : <No description> `value` [PolicyConfig](#pulumirpc.PolicyConfig) : <No description> (pulumirpc.AnalyzerPropertyDependencies)= ### 馃摠 AnalyzerPropertyDependencies AnalyzerPropertyDependencies describes the resources that a particular property depends on. `urns` [string](#string) : A list of URNs this property depends on. (pulumirpc.AnalyzerProviderResource)= ### 馃摠 AnalyzerProviderResource AnalyzerProviderResource provides information about a resource's provider. `type` [string](#string) : the type token of the resource. `properties` [google.protobuf.Struct](#google.protobuf.Struct) : the full properties to use for validation. `urn` [string](#string) : the URN of the resource. `name` [string](#string) : the name for the resource's URN. (pulumirpc.AnalyzerResource)= ### 馃摠 AnalyzerResource AnalyzerResource defines the view of a Pulumi-managed resource as sent to Analyzers. The properties of the resource are specific to the type of analysis being performed. See the Analyzer service definition for more information. `type` [string](#string) : the type token of the resource. `properties` [google.protobuf.Struct](#google.protobuf.Struct) : the full properties to use for validation. `urn` [string](#string) : the URN of the resource. `name` [string](#string) : the name for the resource's URN. `options` [AnalyzerResourceOptions](#pulumirpc.AnalyzerResourceOptions) : the resource options. `provider` [AnalyzerProviderResource](#pulumirpc.AnalyzerProviderResource) : the resource's provider. `parent` [string](#string) : an optional parent URN that this child resource belongs to. `dependencies` [string](#string) : a list of URNs that this resource depends on. `propertyDependencies` [AnalyzerResource.PropertyDependenciesEntry](#pulumirpc.AnalyzerResource.PropertyDependenciesEntry) : a map from property keys to the dependencies of the property. (pulumirpc.AnalyzerResource.PropertyDependenciesEntry)= ### 馃摠 PropertyDependenciesEntry `key` [string](#string) : <No description> `value` [AnalyzerPropertyDependencies](#pulumirpc.AnalyzerPropertyDependencies) : <No description> (pulumirpc.AnalyzerResourceOptions)= ### 馃摠 AnalyzerResourceOptions AnalyzerResourceOptions defines the options associated with a resource. `protect` [bool](#bool) : true if the resource should be marked protected. `ignoreChanges` [string](#string) : a list of property names to ignore during changes. `deleteBeforeReplace` [bool](#bool) : true if this resource should be deleted before replacement. `deleteBeforeReplaceDefined` [bool](#bool) : true if the deleteBeforeReplace property should be treated as defined even if it is false. `additionalSecretOutputs` [string](#string) : a list of output properties that should also be treated as secret, in addition to ones we detect. `aliases` [string](#string) : a list of additional URNs that shoud be considered the same. `customTimeouts` [AnalyzerResourceOptions.CustomTimeouts](#pulumirpc.AnalyzerResourceOptions.CustomTimeouts) : a config block that will be used to configure timeouts for CRUD operations. `parent` [string](#string) : an optional parent URN that this child resource belongs to. (pulumirpc.AnalyzerResourceOptions.CustomTimeouts)= ### 馃摠 CustomTimeouts CustomTimeouts allows a user to be able to create a set of custom timeout parameters. `create` [double](#double) : The create resource timeout in seconds. `update` [double](#double) : The update resource timeout in seconds. `delete` [double](#double) : The delete resource timeout in seconds. (pulumirpc.AnalyzerStackConfigureRequest)= ### 馃摠 AnalyzerStackConfigureRequest `AnalyzerStackConfigureRequest` is the message for the stack configuration of the stack being analyzed. `stack` [string](#string) : The stack name being analyzed. `project` [string](#string) : The project name of the stack being analyzed. `organization` [string](#string) : The organization name of the stack being analyzed. `dry_run` [bool](#bool) : True if this is a preview/dry run. `config_secret_keys` [string](#string) : A list of configuration keys whose values should be treated as secrets. `config` [AnalyzerStackConfigureRequest.ConfigEntry](#pulumirpc.AnalyzerStackConfigureRequest.ConfigEntry) : The configuration of the stack being analyzed. `tags` [AnalyzerStackConfigureRequest.TagsEntry](#pulumirpc.AnalyzerStackConfigureRequest.TagsEntry) : Tags for the current stack. (pulumirpc.AnalyzerStackConfigureRequest.ConfigEntry)= ### 馃摠 ConfigEntry `key` [string](#string) : <No description> `value` [string](#string) : <No description> (pulumirpc.AnalyzerStackConfigureRequest.TagsEntry)= ### 馃摠 TagsEntry `key` [string](#string) : <No description> `value` [string](#string) : <No description> (pulumirpc.AnalyzerStackConfigureResponse)= ### 馃摠 AnalyzerStackConfigureResponse `AnalyzerStackConfigureResponse` is the type of responses sent by a [](pulumirpc.Analyzer.ConfigureStack) call. (pulumirpc.ConfigureAnalyzerRequest)= ### 馃摠 ConfigureAnalyzerRequest ConfigureAnalyzerRequest provides configuration information to the analyzer. `policyConfig` [ConfigureAnalyzerRequest.PolicyConfigEntry](#pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry) : Map of policy name to config. (pulumirpc.ConfigureAnalyzerRequest.PolicyConfigEntry)= ### 馃摠 PolicyConfigEntry `key` [string](#string) : <No description> `value` [PolicyConfig](#pulumirpc.PolicyConfig) : <No description> (pulumirpc.PolicyComplianceFramework)= ### 馃摠 PolicyComplianceFramework PolicyComplianceFramework provides information about the compliance framework that a policy belongs to. `name` [string](#string) : The compliance framework name. `version` [string](#string) : The compliance framework version. `reference` [string](#string) : The compliance framework reference. `specification` [string](#string) : The compliance framework specification. (pulumirpc.PolicyConfig)= ### 馃摠 PolicyConfig PolicyConfig provides configuration for a policy. `enforcementLevel` [EnforcementLevel](#pulumirpc.EnforcementLevel) : Enforcement level of the policy. `properties` [google.protobuf.Struct](#google.protobuf.Struct) : Configuration properties of the policy. (pulumirpc.PolicyConfigSchema)= ### 馃摠 PolicyConfigSchema PolicyConfigSchema provides the schema for a policy's configuration. `properties` [google.protobuf.Struct](#google.protobuf.Struct) : JSON schema for each property. `required` [string](#string) : Required properties. (pulumirpc.PolicyInfo)= ### 馃摠 PolicyInfo PolicyInfo provides metadata about a policy within a Policy Pack. `name` [string](#string) : Name of the policy. `displayName` [string](#string) : Pretty name for the policy. `description` [string](#string) : Description of policy rule. e.g., "encryption enabled." `message` [string](#string) : Message to display on policy violation, e.g., remediation steps. `enforcementLevel` [EnforcementLevel](#pulumirpc.EnforcementLevel) : Severity of the policy violation. `configSchema` [PolicyConfigSchema](#pulumirpc.PolicyConfigSchema) : Config schema for the policy. `policy_type` [PolicyType](#pulumirpc.PolicyType) : Type of the policy. `severity` [PolicySeverity](#pulumirpc.PolicySeverity) : Severity of the policy. `framework` [PolicyComplianceFramework](#pulumirpc.PolicyComplianceFramework) : Compliance framework that this policy belongs to. `tags` [string](#string) : Tags associated with the policy. `remediation_steps` [string](#string) : A description of the steps to take to remediate a policy violation. `url` [string](#string) : A URL to more information about the policy. (pulumirpc.PolicyNotApplicable)= ### 馃摠 PolicyNotApplicable PolicyNotApplicable describes a policy that was not applicable, including an optional reason why. `policy_name` [string](#string) : The name of the policy that was not applicable. `reason` [string](#string) : An optional reason why the policy was not applicable. (pulumirpc.RemediateResponse)= ### 馃摠 RemediateResponse RemediateResponse contains a sequence of remediations applied, in order. `remediations` [Remediation](#pulumirpc.Remediation) : the list of remediations that were applied. `not_applicable` [PolicyNotApplicable](#pulumirpc.PolicyNotApplicable) : information about policies that were not applicable. (pulumirpc.Remediation)= ### 馃摠 Remediation Remediation is a single resource remediation result. `policyName` [string](#string) : Name of the policy that performed the remediation. `policyPackName` [string](#string) : Name of the policy pack the transform is in. `policyPackVersion` [string](#string) : Version of the policy pack. `description` [string](#string) : Description of transform rule. e.g., "auto-tag resources." `properties` [google.protobuf.Struct](#google.protobuf.Struct) : the transformed properties to use. `diagnostic` [string](#string) : an optional warning diagnostic to emit, if a transform failed.