diff --git a/.prettierignore b/.prettierignore index ab1a1dd1a..2c47c48e1 100644 --- a/.prettierignore +++ b/.prettierignore @@ -11,6 +11,6 @@ yarn-error.log .hugo_build.lock *.md -themes/default/layouts/partials/assets.html themes/default/theme themes/default/assets +themes/default/layouts diff --git a/.prettierrc.json b/.prettierrc.json index f6a6bd92c..78f4d3788 100644 --- a/.prettierrc.json +++ b/.prettierrc.json @@ -10,12 +10,6 @@ "trailingComma": "all", "useTabs": false, "overrides": [ - { - "files": ["*.html"], - "options": { - "parser": "go-template" - } - }, { "files": ["*.yml", "*.yaml"], "options": { diff --git a/package.json b/package.json index 777c3da51..c99174f6e 100644 --- a/package.json +++ b/package.json @@ -14,8 +14,7 @@ "devDependencies": { "husky": "^8.0.1", "lint-staged": "^13.0.3", - "prettier": "^2.6.2", - "prettier-plugin-go-template": "^0.0.13" + "prettier": "^2.6.2" }, "scripts": { "prepare": "husky install" diff --git a/themes/default/layouts/crosswalk/kubernetes.html b/themes/default/layouts/crosswalk/kubernetes.html index e916a2293..bf7850fbf 100644 --- a/themes/default/layouts/crosswalk/kubernetes.html +++ b/themes/default/layouts/crosswalk/kubernetes.html @@ -67,27 +67,52 @@

- {{ $code := `import * as gcp from "@pulumi/gcp"; - import * as k8s from "@pulumi/kubernetes"; +{{ $code := `import * as gcp from "@pulumi/gcp"; +import * as k8s from "@pulumi/kubernetes"; - // Create a GKE cluster. - const cluster = new gcp.container.Cluster("gke-cluster"); +// Create a GKE cluster. +const cluster = new gcp.container.Cluster("gke-cluster"); - // Create a performant node pool in the cluster. - const performantNodes = new gcp.container.NodePool("performant-nodes", { - cluster: cluster.name, - nodeConfig: { machineType: "n1-standard-16"} - }); +// Create a performant node pool in the cluster. +const performantNodes = new gcp.container.NodePool("performant-nodes", { + cluster: cluster.name, + nodeConfig: { + machineType: "n1-standard-16" + } +}); - // Create an Apps namespace. - const appsNamespace = new k8s.core.v1.Namespace("apps"); +// Create an Apps namespace. +const appsNamespace = new k8s.core.v1.Namespace("apps"); - // Create a quota. - const quotaAppNamespace = new k8s.core.v1.ResourceQuota("apps", { - spec: {hard: {cpu: "200", memory: "1Gi", pods: "10" - }}, - }) // Create a restrictive PodSecurityPolicy. const restrictivePSP = new k8s.policy.v1beta1.PodSecurityPolicy("restrictive", { spec: { privileged: false, - runAsUser: { rule: "RunAsAny" }, fsGroup: { rule: "RunAsAny" }, seLinux: { rule: "RunAsAny" }, supplementalGroups: { rule: "RunAsAny" }, } });` }} +// Create a quota. +const quotaAppNamespace = new k8s.core.v1.ResourceQuota("apps", { + spec: { + hard: { + cpu: "200", + memory: "1Gi", + pods: "10" + } + }, +}) + +// Create a restrictive PodSecurityPolicy. +const restrictivePSP = new k8s.policy.v1beta1.PodSecurityPolicy("restrictive", { + spec: { + privileged: false, + runAsUser: { + rule: "RunAsAny" + }, + fsGroup: { + rule: "RunAsAny" + }, + seLinux: { + rule: "RunAsAny" + }, + supplementalGroups: { + rule: "RunAsAny" + }, + } +});` }} {{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }}
@@ -112,23 +137,25 @@

- {{ $code := `import * as kx from "@pulumi/kubernetesx"; +{{ $code := `import * as kx from "@pulumi/kubernetesx"; - // Define a Pod. - const pb = new kx.PodBuilder({ - containers: [{ image: "nginx" }] - }); +// Define a Pod. +const pb = new kx.PodBuilder({ + containers: [{ + image: "nginx" + }] +}); - // Create a Kubernetes Deployment using the previous Pod definition. - const deployment = new kx.Deployment("nginx", { - spec: pb.asDeploymentSpec() - }); +// Create a Kubernetes Deployment using the previous Pod definition. +const deployment = new kx.Deployment("nginx", { + spec: pb.asDeploymentSpec() +}); - // Expose the Deployment using a load balanced Kubernetes Service. - const service = deployment.createService({ - type: kx.types.ServiceType.LoadBalancer, - });` - }} +// Expose the Deployment using a load balanced Kubernetes Service. +const service = deployment.createService({ + type: kx.types.ServiceType.LoadBalancer, +});` +}} {{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }}
diff --git a/themes/default/layouts/page/crossguard.html b/themes/default/layouts/page/crossguard.html index f3b39498c..b9e2986bb 100644 --- a/themes/default/layouts/page/crossguard.html +++ b/themes/default/layouts/page/crossguard.html @@ -5,7 +5,7 @@ {{ define "main" }}
-

Pulumi Crossguard

+

Pulumi CrossGuard

Continuously enforce your organization's cloud governance — security, compliance, cost controls, and more.

Try CrossGuard @@ -95,51 +95,53 @@

Security

Maintain security across all cloud infrastructure assets.

- {{ $code := `new PolicyPack("acmecorp-security", { - policies: [{ - name: "prohibited-public-internet", - description: "Reject public internet access.", - enforcementLevel: "mandatory", - validateResource: validateResourceOfType( - aws.ec2.SecurityGroup, (sg, args, reportViolation) => { - const hasInternetAccess = sg.ingress.find( - rule => rule.cidrBlocks.includes("0.0.0.0/0")); - if (hasInternetAccess) { - reportViolation("Illegal internet access"); - } - } - ), - }], - );` - }} +{{ $code := `new PolicyPack("acmecorp-security", { + policies: [{ + name: "prohibited-public-internet", + description: "Reject public internet access.", + enforcementLevel: "mandatory", + validateResource: validateResourceOfType( + aws.ec2.SecurityGroup, + (sg, args, reportViolation) => { + const hasInternetAccess = sg.ingress.find( + rule => rule.cidrBlocks.includes("0.0.0.0/0") + ); + if (hasInternetAccess) { + reportViolation("Illegal internet access"); + } + }, + ), + }], +);` +}} - {{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }} + {{ partial "code" (dict "code" $code "lang" "js") }}
-

Prohibiting network access from the Internet.

+

Prohibiting network access from the Internet.

Compliance

Meet, and stay meeting, compliance standards.

- {{ $code := `new PolicyPack("acmecorp-compliance", { - policies: [{ - name: "required-storage-region", - description: "Data must be stored in the US.", - enforcementLevel: "mandatory", - validateResource: validateResourceOfType( - aws.s3.Bucket, (bucket, args, reportViolation) => { - if (!bucket.region.startsWith("us-")) { - reportViolation("Non-US bucket detected"); - } - } - ), - }], - );` - }} +{{ $code := `new PolicyPack("acmecorp-compliance", { + policies: [{ + name: "required-storage-region", + description: "Data must be stored in the US.", + enforcementLevel: "mandatory", + validateResource: validateResourceOfType( + aws.s3.Bucket, (bucket, args, reportViolation) => { + if (!bucket.region.startsWith("us-")) { + reportViolation("Non-US bucket detected"); + } + }, + ), + }], +);` +}} - {{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }} + {{ partial "code" (dict "code" $code "lang" "js") }}
-

Disallowing storage outside of specific regions.

+

Disallowing storage outside of specific regions.

@@ -147,30 +149,30 @@

Cost Controls

Ensure cost conscious deployments.

- {{ $code := `new PolicyPack("acmecorp-cost", { - policies: [{ - name: "required-cost-tags", - description: "Cost tags are required.", - enforcementLevel: "mandatory", - validateResource: (args, reportViolation) => { - if (isTaggable(args.type) && - !args.resource["tags"]["Cost Center"]) { - reportViolation("Resource missing tags"); - } - ), - }], - );` - }} +{{ $code := `new PolicyPack("acmecorp-cost", { + policies: [{ + name: "required-cost-tags", + description: "Cost tags are required.", + enforcementLevel: "mandatory", + validateResource: (args, reportViolation) => { + if (isTaggable(args.type) && + !args.resource["tags"]["Cost Center"]) { + reportViolation("Resource missing tags"); + } + ), + }], +);` +}} - {{ partial "code" (dict "code" $code "lang" "js" "mode" "dark") }} + {{ partial "code" (dict "code" $code "lang" "js") }}
-

Requiring a specific cost allocation tags.

+

Requiring specific cost allocation tags.

Continuous Delivery

Catch policy violations before they escape using CI/CD.

- Policy as Code in CI/CD -

A live dashboard of organizational violations in Pulumi Enterprise.

+ Policy as Code in CI/CD +

A live dashboard of organizational violations in Pulumi Cloud.

diff --git a/yarn.lock b/yarn.lock index ded1aeda6..9a5228b18 100644 --- a/yarn.lock +++ b/yarn.lock @@ -649,13 +649,6 @@ pidtree@^0.6.0: resolved "https://registry.yarnpkg.com/pidtree/-/pidtree-0.6.0.tgz#90ad7b6d42d5841e69e0a2419ef38f8883aa057c" integrity sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g== -prettier-plugin-go-template@^0.0.13: - version "0.0.13" - resolved "https://registry.yarnpkg.com/prettier-plugin-go-template/-/prettier-plugin-go-template-0.0.13.tgz#b4047bce76430bc89a8ee8f27fad1b1c14d942be" - integrity sha512-gG/xT5kd+kCzoMaTchXvdfBdsunyRCV6G8cgdPGPd2V5JGGKXUG7SjzBKU7jaGh2RTeblcAdBb/E+S/duOAMsA== - dependencies: - ulid "^2.3.0" - prettier@^2.6.2: version "2.6.2" resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.6.2.tgz#e26d71a18a74c3d0f0597f55f01fb6c06c206032" @@ -914,11 +907,6 @@ uc.micro@^1.0.1, uc.micro@^1.0.5: resolved "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz" integrity sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA== -ulid@^2.3.0: - version "2.3.0" - resolved "https://registry.yarnpkg.com/ulid/-/ulid-2.3.0.tgz#93063522771a9774121a84d126ecd3eb9804071f" - integrity sha512-keqHubrlpvT6G2wH0OEfSW4mquYRcbe/J8NMmveoQOjUqmo+hXtO+ORCpWhdbZ7k72UtY61BL7haGxW6enBnjw== - validate-npm-package-license@^3.0.1: version "3.0.4" resolved "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz"