UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

104 lines (103 loc) 3.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import type { IConstruct } from 'constructs'; import type { IPolicyValidationPlugin } from './validation'; /** * An acknowledgment of a validation rule, used to suppress it from output. */ export interface Acknowledgment { /** * The rule ID to acknowledge. */ readonly id: string; /** * The reason for acknowledging this rule. */ readonly reason: string; } /** * Manages validations for CDK constructs. * * @example * /// fixture=validation-plugin * declare const myApp: App; * declare const plugin: IPolicyValidationPlugin; * Validations.of(myApp).addPlugins(plugin); */ export declare class Validations { private readonly scope; /** * Metadata key used to store acknowledged rules on construct nodes. * * Plugin authors can read this metadata to build audit trails from * acknowledgments recorded via `acknowledge()`. */ static readonly ACKNOWLEDGED_RULES_METADATA_KEY = "aws:cdk:acknowledged-rules"; /** * Returns the Validations for the given construct scope. * * @param scope any construct */ static of(scope: IConstruct): Validations; /** * Well-known prefix for annotation-based validation rules. * * Every validation source identifies itself via a prefix so that * `acknowledge()` can route suppressions to the correct handler. * The `::` delimiter is reserved for separating the prefix from the * rule name (e.g. `annotation::MyWarning`). */ private static readonly ANNOTATION_PREFIX; private constructor(); /** * Register one or more validation plugins that will be executed during synthesis. * * Plugins can only be registered within a Stage or App scope. * If any plugin reports a violation, synthesis will be interrupted and the * report displayed to the user. * * @param plugins the validation plugins to add */ addPlugins(...plugins: IPolicyValidationPlugin[]): void; /** * Adds a warning metadata entry to this construct that can be acknowledged. * * The CLI will display the warning when an app is synthesized, or fail if run * in `--strict` mode. * * The ID will be stored with the `annotation` prefix (e.g. `annotation::MyWarning`). * Use this prefixed ID when calling `acknowledge()` to suppress the warning. * * @param id unique identifier for the warning, used for acknowledgement * @param message the warning message */ addWarning(id: string, message: string): void; /** * Adds an error metadata entry to this construct. * * Synthesis will be interrupted when errors are reported. * * Note: Annotation errors are not currently acknowledgeable. The ID is * recorded for identification purposes but `acknowledge()` will not * suppress errors added via this method. * * @param id unique identifier for the error * @param message the error message */ addError(id: string, message: string): void; /** * Acknowledge one or more rules, suppressing them from validation output. * * Acknowledgments are recorded to construct metadata so that downstream * plugins (e.g. CDK Nag) can read them for audit trails. * * Currently only annotation warnings can be suppressed. Annotation errors * are not yet acknowledgeable. * * If an ID has no well-known prefix, it is assumed to be an annotation rule * for backwards compatibility. * * @param rules the rules to acknowledge */ acknowledge(...rules: Acknowledgment[]): void; private recordAcknowledgment; private qualifyId; }