Skip to content

Instantly share code, notes, and snippets.

@KerberosMorphy
Created August 28, 2020 16:14
Show Gist options
  • Save KerberosMorphy/d0620271c22723e48cca6966e7b6c64c to your computer and use it in GitHub Desktop.
Save KerberosMorphy/d0620271c22723e48cca6966e7b6c64c to your computer and use it in GitHub Desktop.
Serverless Safeguards Custom Policy
'use strict';
module.exports = function allowedPluginsPolicy(policy, service, allowedPlugins) {
let failed = false;
const pluginNames = service.compiled['serverless-state.json'].service.plugins || [];
for (const [i, plugin] of pluginNames.entries()) {
if (allowedPlugins.indexOf(plugin) == -1) {
policy.fail(
`Plugin name "${plugin}" not in list of permitted plugins: ${JSON.stringify(allowedPlugins)}`
);
failed = true;
}
}
if (!failed) {
policy.approve();
}
};
module.exports.docs = 'http://www.perdu.com/';
safeguards:
- title: Allowed plugins
safeguard: allowed-plugins
enforcementLevel: error
description: This policy allows use of limited list of plugins.
path: ./configs/policies
config:
- '@serverless/safeguards-plugin'
- 'serverless-aws-documentation'
- 'serverless-pseudo-parameters'
- 'serverless-python-requirements'
- 'serverless-iam-roles-per-function'
- 'serverless-plugin-extrinsic-functions'
custom:
safeguards: ${file(configs/safeguards.yml):safeguards}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment