From d1cbd8709284e9bc0fc8305c725a99a68ec1f2b9 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy Date: Wed, 15 Apr 2026 21:58:40 -0400 Subject: [PATCH 1/5] remove beta1 fro mapi --- .../core/lib/analytics-data-source/enums.ts | 4 + .../aws-cdk-lib/core/lib/validation/report.ts | 116 ++++++++++++++++++ .../core/lib/validation/validation.ts | 83 ++++++++++++- 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts index 33b2566c1a18f..b79cbff9c6fe6 100644 --- a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts +++ b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts @@ -3306,6 +3306,10 @@ export const AWS_CDK_ENUMS: { [key: string]: any } = { "ALLOW", "REQUIRE" ], + "PolicyValidationReportStatus": [ + "success", + "failure" + ], "PolicyValidationReportStatusBeta1": [ "success", "failure" diff --git a/packages/aws-cdk-lib/core/lib/validation/report.ts b/packages/aws-cdk-lib/core/lib/validation/report.ts index 6ea77f759c6f0..b2d8e4478c998 100644 --- a/packages/aws-cdk-lib/core/lib/validation/report.ts +++ b/packages/aws-cdk-lib/core/lib/validation/report.ts @@ -1,5 +1,7 @@ /** * Violation produced by the validation plugin. + * + * @deprecated Use `PolicyViolation` instead. */ export interface PolicyViolationBeta1 { /** @@ -45,6 +47,8 @@ export interface PolicyViolationBeta1 { /** * Resource violating a specific rule. + * + * @deprecated Use `PolicyViolatingResource` instead. */ export interface PolicyViolatingResourceBeta1 { /** @@ -65,6 +69,8 @@ export interface PolicyViolatingResourceBeta1 { /** * The final status of the validation report + * + * @deprecated Use `PolicyValidationReportStatus` instead. */ export enum PolicyValidationReportStatusBeta1 { /** @@ -80,6 +86,8 @@ export enum PolicyValidationReportStatusBeta1 { /** * The report emitted by the plugin after evaluation. + * + * @deprecated Use `PolicyValidationPluginReport` instead. */ export interface PolicyValidationPluginReportBeta1 { /** @@ -105,3 +113,111 @@ export interface PolicyValidationPluginReportBeta1 { */ readonly metadata?: { readonly [key: string]: string }; } + +/** + * Violation produced by the validation plugin. + */ +export interface PolicyViolation { + /** + * The name of the rule. + */ + readonly ruleName: string; + + /** + * The description of the violation. + */ + readonly description: string; + + /** + * The resources violating this rule. + */ + readonly violatingResources: PolicyViolatingResource[]; + + /** + * How to fix the violation. + * + * @default - no fix is provided + */ + readonly fix?: string; + + /** + * The severity of the violation, only used for reporting purposes. + * This is useful for helping the user discriminate between warnings, + * errors, information, etc. + * + * @default - no severity + */ + readonly severity?: string; + + /** + * Additional metadata to include with the rule results. + * This can be used to provide additional information that is + * plugin specific. The data provided here will be rendered as is. + * + * @default - no rule metadata + */ + readonly ruleMetadata?: { readonly [key: string]: string }; +} + +/** + * Resource violating a specific rule. + */ +export interface PolicyViolatingResource { + /** + * The logical ID of the resource in the CloudFormation template. + */ + readonly resourceLogicalId: string; + + /** + * The locations in the CloudFormation template that pose the violations. + */ + readonly locations: string[]; + + /** + * The path to the CloudFormation template that contains this resource + */ + readonly templatePath: string; +} + +/** + * The final status of the validation report + */ +export enum PolicyValidationReportStatus { + /** + * No violations were found + */ + SUCCESS = 'success', + + /** + * At least one violation was found + */ + FAILURE = 'failure', +} + +/** + * The report emitted by the plugin after evaluation. + */ +export interface PolicyValidationPluginReport { + /** + * List of violations in the report. + */ + readonly violations: PolicyViolation[]; + + /** + * Whether or not the report was successful. + */ + readonly success: boolean; + + /** + * The version of the plugin that created the report. + * @default - no version + */ + readonly pluginVersion?: string; + + /** + * Arbitrary information about the report. + * + * @default - no metadata + */ + readonly metadata?: { readonly [key: string]: string }; +} diff --git a/packages/aws-cdk-lib/core/lib/validation/validation.ts b/packages/aws-cdk-lib/core/lib/validation/validation.ts index c9a8edeb8b2e8..f6e15a16ec163 100644 --- a/packages/aws-cdk-lib/core/lib/validation/validation.ts +++ b/packages/aws-cdk-lib/core/lib/validation/validation.ts @@ -1,4 +1,4 @@ -import type { PolicyValidationPluginReportBeta1 } from './report'; +import type { PolicyValidationPluginReport, PolicyValidationPluginReportBeta1 } from './report'; /** * Represents a validation plugin that will be executed during synthesis @@ -33,6 +33,8 @@ export interface IPolicyValidationPluginBeta1 { /** * The name of the plugin that will be displayed in the validation * report + * + * @deprecated Use `IPolicyValidationPlugin` instead. */ readonly name: string; @@ -43,6 +45,8 @@ export interface IPolicyValidationPluginBeta1 { * this property should be kept in sync with the actual version of the * software package. If the version is not provided or is not a valid semantic * version, it will be reported as `0.0.0`. + * + * @deprecated Use `IPolicyValidationPlugin` instead. */ readonly version?: string; @@ -51,6 +55,7 @@ export interface IPolicyValidationPluginBeta1 { * purposes. * * @default - No rule is reported + * @deprecated Use `IPolicyValidationPlugin` instead. */ readonly ruleIds?: string[]; @@ -58,12 +63,16 @@ export interface IPolicyValidationPluginBeta1 { * The method that will be called by the CDK framework to perform * validations. This is where the plugin will evaluate the CloudFormation * templates for compliance and report and violations + * + * @deprecated Use `IPolicyValidationPlugin` instead. */ validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1; } /** * Context available to the validation plugin + * + * @deprecated Use `IPolicyValidationContext` instead. */ export interface IPolicyValidationContextBeta1 { /** @@ -71,3 +80,75 @@ export interface IPolicyValidationContextBeta1 { */ readonly templatePaths: string[]; } + +/** + * Represents a validation plugin that will be executed during synthesis + * + * @example + * /// fixture=validation-plugin + * class MyPlugin implements IPolicyValidationPluginBeta1 { + * public readonly name = 'MyPlugin'; + * + * public validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1 { + * // First read the templates using context.templatePaths... + * + * // ...then perform the validation, and then compose and return the report. + * // Using hard-coded values here for better clarity: + * return { + * success: false, + * violations: [{ + * ruleName: 'CKV_AWS_117', + * description: 'Ensure that AWS Lambda function is configured inside a VPC', + * fix: 'https://docs.bridgecrew.io/docs/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1', + * violatingResources: [{ + * resourceLogicalId: 'MyFunction3BAA72D1', + * templatePath: '/home/johndoe/myapp/cdk.out/MyService.template.json', + * locations: ['Properties/VpcConfig'], + * }], + * }], + * }; + * } + * } + */ +export interface IPolicyValidationPlugin { + /** + * The name of the plugin that will be displayed in the validation + * report + */ + readonly name: string; + + /** + * The version of the plugin, following the Semantic Versioning specification (see + * https://semver.org/). This version is used for analytics purposes, to + * measure the usage of different plugins and different versions. The value of + * this property should be kept in sync with the actual version of the + * software package. If the version is not provided or is not a valid semantic + * version, it will be reported as `0.0.0`. + */ + readonly version?: string; + + /** + * The list of rule IDs that the plugin will evaluate. Used for analytics + * purposes. + * + * @default - No rule is reported + */ + readonly ruleIds?: string[]; + + /** + * The method that will be called by the CDK framework to perform + * validations. This is where the plugin will evaluate the CloudFormation + * templates for compliance and report and violations + */ + validate(context: IPolicyValidationContext): PolicyValidationPluginReport; +} + +/** + * Context available to the validation plugin + */ +export interface IPolicyValidationContext { + /** + * The absolute path of all templates to be processed + */ + readonly templatePaths: string[]; +} From 01282a5433ba77fc44c5a5880df18ef30fac2c1d Mon Sep 17 00:00:00 2001 From: Kaizen Conroy Date: Thu, 16 Apr 2026 00:21:01 -0400 Subject: [PATCH 2/5] udpate deps --- packages/aws-cdk-lib/core/lib/validation/validation.ts | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/packages/aws-cdk-lib/core/lib/validation/validation.ts b/packages/aws-cdk-lib/core/lib/validation/validation.ts index f6e15a16ec163..e5e119d4805c1 100644 --- a/packages/aws-cdk-lib/core/lib/validation/validation.ts +++ b/packages/aws-cdk-lib/core/lib/validation/validation.ts @@ -3,6 +3,8 @@ import type { PolicyValidationPluginReport, PolicyValidationPluginReportBeta1 } /** * Represents a validation plugin that will be executed during synthesis * + * @deprecated Use `IPolicyValidationPlugin` instead. + * * @example * /// fixture=validation-plugin * class MyPlugin implements IPolicyValidationPluginBeta1 { @@ -33,8 +35,6 @@ export interface IPolicyValidationPluginBeta1 { /** * The name of the plugin that will be displayed in the validation * report - * - * @deprecated Use `IPolicyValidationPlugin` instead. */ readonly name: string; @@ -45,8 +45,6 @@ export interface IPolicyValidationPluginBeta1 { * this property should be kept in sync with the actual version of the * software package. If the version is not provided or is not a valid semantic * version, it will be reported as `0.0.0`. - * - * @deprecated Use `IPolicyValidationPlugin` instead. */ readonly version?: string; @@ -55,7 +53,6 @@ export interface IPolicyValidationPluginBeta1 { * purposes. * * @default - No rule is reported - * @deprecated Use `IPolicyValidationPlugin` instead. */ readonly ruleIds?: string[]; @@ -63,8 +60,6 @@ export interface IPolicyValidationPluginBeta1 { * The method that will be called by the CDK framework to perform * validations. This is where the plugin will evaluate the CloudFormation * templates for compliance and report and violations - * - * @deprecated Use `IPolicyValidationPlugin` instead. */ validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1; } From 783646f56338074694f22beffbd1c61c2ae41406 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy Date: Thu, 16 Apr 2026 13:05:22 -0400 Subject: [PATCH 3/5] beta interfaces implement graduated interfaces --- .../aws-cdk-lib/core/lib/validation/report.ts | 114 +++--------------- .../core/lib/validation/validation.ts | 80 ++---------- .../core/test/validation/validation.test.ts | 6 + 3 files changed, 33 insertions(+), 167 deletions(-) diff --git a/packages/aws-cdk-lib/core/lib/validation/report.ts b/packages/aws-cdk-lib/core/lib/validation/report.ts index b2d8e4478c998..898f3146a62e9 100644 --- a/packages/aws-cdk-lib/core/lib/validation/report.ts +++ b/packages/aws-cdk-lib/core/lib/validation/report.ts @@ -1,9 +1,7 @@ /** * Violation produced by the validation plugin. - * - * @deprecated Use `PolicyViolation` instead. */ -export interface PolicyViolationBeta1 { +export interface PolicyViolation { /** * The name of the rule. */ @@ -17,7 +15,7 @@ export interface PolicyViolationBeta1 { /** * The resources violating this rule. */ - readonly violatingResources: PolicyViolatingResourceBeta1[]; + readonly violatingResources: PolicyViolatingResource[]; /** * How to fix the violation. @@ -47,10 +45,8 @@ export interface PolicyViolationBeta1 { /** * Resource violating a specific rule. - * - * @deprecated Use `PolicyViolatingResource` instead. */ -export interface PolicyViolatingResourceBeta1 { +export interface PolicyViolatingResource { /** * The logical ID of the resource in the CloudFormation template. */ @@ -69,10 +65,8 @@ export interface PolicyViolatingResourceBeta1 { /** * The final status of the validation report - * - * @deprecated Use `PolicyValidationReportStatus` instead. */ -export enum PolicyValidationReportStatusBeta1 { +export enum PolicyValidationReportStatus { /** * No violations were found */ @@ -86,14 +80,12 @@ export enum PolicyValidationReportStatusBeta1 { /** * The report emitted by the plugin after evaluation. - * - * @deprecated Use `PolicyValidationPluginReport` instead. */ -export interface PolicyValidationPluginReportBeta1 { +export interface PolicyValidationPluginReport { /** * List of violations in the report. */ - readonly violations: PolicyViolationBeta1[]; + readonly violations: PolicyViolation[]; /** * Whether or not the report was successful. @@ -116,73 +108,24 @@ export interface PolicyValidationPluginReportBeta1 { /** * Violation produced by the validation plugin. + * + * @deprecated Use `PolicyViolation` instead. */ -export interface PolicyViolation { - /** - * The name of the rule. - */ - readonly ruleName: string; - - /** - * The description of the violation. - */ - readonly description: string; - - /** - * The resources violating this rule. - */ - readonly violatingResources: PolicyViolatingResource[]; - - /** - * How to fix the violation. - * - * @default - no fix is provided - */ - readonly fix?: string; - - /** - * The severity of the violation, only used for reporting purposes. - * This is useful for helping the user discriminate between warnings, - * errors, information, etc. - * - * @default - no severity - */ - readonly severity?: string; - - /** - * Additional metadata to include with the rule results. - * This can be used to provide additional information that is - * plugin specific. The data provided here will be rendered as is. - * - * @default - no rule metadata - */ - readonly ruleMetadata?: { readonly [key: string]: string }; -} +export interface PolicyViolationBeta1 extends PolicyViolation {} /** * Resource violating a specific rule. + * + * @deprecated Use `PolicyViolatingResource` instead. */ -export interface PolicyViolatingResource { - /** - * The logical ID of the resource in the CloudFormation template. - */ - readonly resourceLogicalId: string; - - /** - * The locations in the CloudFormation template that pose the violations. - */ - readonly locations: string[]; - - /** - * The path to the CloudFormation template that contains this resource - */ - readonly templatePath: string; -} +export interface PolicyViolatingResourceBeta1 extends PolicyViolatingResource {} /** * The final status of the validation report + * + * @deprecated Use `PolicyValidationReportStatus` instead. */ -export enum PolicyValidationReportStatus { +export enum PolicyValidationReportStatusBeta1 { /** * No violations were found */ @@ -196,28 +139,7 @@ export enum PolicyValidationReportStatus { /** * The report emitted by the plugin after evaluation. + * + * @deprecated Use `PolicyValidationPluginReport` instead. */ -export interface PolicyValidationPluginReport { - /** - * List of violations in the report. - */ - readonly violations: PolicyViolation[]; - - /** - * Whether or not the report was successful. - */ - readonly success: boolean; - - /** - * The version of the plugin that created the report. - * @default - no version - */ - readonly pluginVersion?: string; - - /** - * Arbitrary information about the report. - * - * @default - no metadata - */ - readonly metadata?: { readonly [key: string]: string }; -} +export interface PolicyValidationPluginReportBeta1 extends PolicyValidationPluginReport {} diff --git a/packages/aws-cdk-lib/core/lib/validation/validation.ts b/packages/aws-cdk-lib/core/lib/validation/validation.ts index e5e119d4805c1..a5732aa3774a3 100644 --- a/packages/aws-cdk-lib/core/lib/validation/validation.ts +++ b/packages/aws-cdk-lib/core/lib/validation/validation.ts @@ -1,10 +1,8 @@ -import type { PolicyValidationPluginReport, PolicyValidationPluginReportBeta1 } from './report'; +import type { PolicyValidationPluginReport } from './report'; /** * Represents a validation plugin that will be executed during synthesis * - * @deprecated Use `IPolicyValidationPlugin` instead. - * * @example * /// fixture=validation-plugin * class MyPlugin implements IPolicyValidationPluginBeta1 { @@ -31,7 +29,7 @@ import type { PolicyValidationPluginReport, PolicyValidationPluginReportBeta1 } * } * } */ -export interface IPolicyValidationPluginBeta1 { +export interface IPolicyValidationPlugin { /** * The name of the plugin that will be displayed in the validation * report @@ -61,15 +59,13 @@ export interface IPolicyValidationPluginBeta1 { * validations. This is where the plugin will evaluate the CloudFormation * templates for compliance and report and violations */ - validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1; + validate(context: IPolicyValidationContext): PolicyValidationPluginReport; } /** * Context available to the validation plugin - * - * @deprecated Use `IPolicyValidationContext` instead. */ -export interface IPolicyValidationContextBeta1 { +export interface IPolicyValidationContext { /** * The absolute path of all templates to be processed */ @@ -79,71 +75,13 @@ export interface IPolicyValidationContextBeta1 { /** * Represents a validation plugin that will be executed during synthesis * - * @example - * /// fixture=validation-plugin - * class MyPlugin implements IPolicyValidationPluginBeta1 { - * public readonly name = 'MyPlugin'; - * - * public validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1 { - * // First read the templates using context.templatePaths... - * - * // ...then perform the validation, and then compose and return the report. - * // Using hard-coded values here for better clarity: - * return { - * success: false, - * violations: [{ - * ruleName: 'CKV_AWS_117', - * description: 'Ensure that AWS Lambda function is configured inside a VPC', - * fix: 'https://docs.bridgecrew.io/docs/ensure-that-aws-lambda-function-is-configured-inside-a-vpc-1', - * violatingResources: [{ - * resourceLogicalId: 'MyFunction3BAA72D1', - * templatePath: '/home/johndoe/myapp/cdk.out/MyService.template.json', - * locations: ['Properties/VpcConfig'], - * }], - * }], - * }; - * } - * } + * @deprecated Use `IPolicyValidationPlugin` instead. */ -export interface IPolicyValidationPlugin { - /** - * The name of the plugin that will be displayed in the validation - * report - */ - readonly name: string; - - /** - * The version of the plugin, following the Semantic Versioning specification (see - * https://semver.org/). This version is used for analytics purposes, to - * measure the usage of different plugins and different versions. The value of - * this property should be kept in sync with the actual version of the - * software package. If the version is not provided or is not a valid semantic - * version, it will be reported as `0.0.0`. - */ - readonly version?: string; - - /** - * The list of rule IDs that the plugin will evaluate. Used for analytics - * purposes. - * - * @default - No rule is reported - */ - readonly ruleIds?: string[]; - - /** - * The method that will be called by the CDK framework to perform - * validations. This is where the plugin will evaluate the CloudFormation - * templates for compliance and report and violations - */ - validate(context: IPolicyValidationContext): PolicyValidationPluginReport; -} +export interface IPolicyValidationPluginBeta1 extends IPolicyValidationPlugin {} /** * Context available to the validation plugin + * + * @deprecated Use `IPolicyValidationContext` instead. */ -export interface IPolicyValidationContext { - /** - * The absolute path of all templates to be processed - */ - readonly templatePaths: string[]; -} +export interface IPolicyValidationContextBeta1 extends IPolicyValidationContext {} diff --git a/packages/aws-cdk-lib/core/test/validation/validation.test.ts b/packages/aws-cdk-lib/core/test/validation/validation.test.ts index c2312c2994596..690aee815f166 100644 --- a/packages/aws-cdk-lib/core/test/validation/validation.test.ts +++ b/packages/aws-cdk-lib/core/test/validation/validation.test.ts @@ -812,6 +812,12 @@ Policy Validation Report Summary const consoleReport = consoleErrorMock.mock.calls[1][0]; expect(consoleReport).toContain('Validation Report'); }); + + test('a plugin implementing Beta1 is assignable to IPolicyValidationPlugin', () => { + const beta1Plugin: core.IPolicyValidationPluginBeta1 = new FakePlugin('beta1-plugin', []); + const plugin: core.IPolicyValidationPlugin = beta1Plugin; + expect(plugin.name).toEqual('beta1-plugin'); + }); }); class FakePlugin implements core.IPolicyValidationPluginBeta1 { From 25cb484876ae619e8666f0012004144b8b6fbfb7 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy Date: Thu, 16 Apr 2026 13:25:43 -0400 Subject: [PATCH 4/5] revert enum change --- packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts index b79cbff9c6fe6..33b2566c1a18f 100644 --- a/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts +++ b/packages/aws-cdk-lib/core/lib/analytics-data-source/enums.ts @@ -3306,10 +3306,6 @@ export const AWS_CDK_ENUMS: { [key: string]: any } = { "ALLOW", "REQUIRE" ], - "PolicyValidationReportStatus": [ - "success", - "failure" - ], "PolicyValidationReportStatusBeta1": [ "success", "failure" From 486e3074af1ff6a350405c3f139ade0151dd21c9 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy Date: Mon, 20 Apr 2026 13:07:30 -0400 Subject: [PATCH 5/5] duplicate interfaces rather than extend --- .../aws-cdk-lib/core/lib/validation/report.ts | 84 ++++++++++++++++++- .../core/lib/validation/validation.ts | 42 +++++++++- 2 files changed, 120 insertions(+), 6 deletions(-) diff --git a/packages/aws-cdk-lib/core/lib/validation/report.ts b/packages/aws-cdk-lib/core/lib/validation/report.ts index 898f3146a62e9..20cfcfb41cbb5 100644 --- a/packages/aws-cdk-lib/core/lib/validation/report.ts +++ b/packages/aws-cdk-lib/core/lib/validation/report.ts @@ -111,14 +111,69 @@ export interface PolicyValidationPluginReport { * * @deprecated Use `PolicyViolation` instead. */ -export interface PolicyViolationBeta1 extends PolicyViolation {} +export interface PolicyViolationBeta1 { + /** + * The name of the rule. + */ + readonly ruleName: string; + + /** + * The description of the violation. + */ + readonly description: string; + + /** + * The resources violating this rule. + */ + readonly violatingResources: PolicyViolatingResourceBeta1[]; + + /** + * How to fix the violation. + * + * @default - no fix is provided + */ + readonly fix?: string; + + /** + * The severity of the violation, only used for reporting purposes. + * This is useful for helping the user discriminate between warnings, + * errors, information, etc. + * + * @default - no severity + */ + readonly severity?: string; + + /** + * Additional metadata to include with the rule results. + * This can be used to provide additional information that is + * plugin specific. The data provided here will be rendered as is. + * + * @default - no rule metadata + */ + readonly ruleMetadata?: { readonly [key: string]: string }; +} /** * Resource violating a specific rule. * * @deprecated Use `PolicyViolatingResource` instead. */ -export interface PolicyViolatingResourceBeta1 extends PolicyViolatingResource {} +export interface PolicyViolatingResourceBeta1 { + /** + * The logical ID of the resource in the CloudFormation template. + */ + readonly resourceLogicalId: string; + + /** + * The locations in the CloudFormation template that pose the violations. + */ + readonly locations: string[]; + + /** + * The path to the CloudFormation template that contains this resource + */ + readonly templatePath: string; +} /** * The final status of the validation report @@ -142,4 +197,27 @@ export enum PolicyValidationReportStatusBeta1 { * * @deprecated Use `PolicyValidationPluginReport` instead. */ -export interface PolicyValidationPluginReportBeta1 extends PolicyValidationPluginReport {} +export interface PolicyValidationPluginReportBeta1 { + /** + * List of violations in the report. + */ + readonly violations: PolicyViolationBeta1[]; + + /** + * Whether or not the report was successful. + */ + readonly success: boolean; + + /** + * The version of the plugin that created the report. + * @default - no version + */ + readonly pluginVersion?: string; + + /** + * Arbitrary information about the report. + * + * @default - no metadata + */ + readonly metadata?: { readonly [key: string]: string }; +} diff --git a/packages/aws-cdk-lib/core/lib/validation/validation.ts b/packages/aws-cdk-lib/core/lib/validation/validation.ts index a5732aa3774a3..64b01e1dd070d 100644 --- a/packages/aws-cdk-lib/core/lib/validation/validation.ts +++ b/packages/aws-cdk-lib/core/lib/validation/validation.ts @@ -1,4 +1,4 @@ -import type { PolicyValidationPluginReport } from './report'; +import type { PolicyValidationPluginReport, PolicyValidationPluginReportBeta1 } from './report'; /** * Represents a validation plugin that will be executed during synthesis @@ -77,11 +77,47 @@ export interface IPolicyValidationContext { * * @deprecated Use `IPolicyValidationPlugin` instead. */ -export interface IPolicyValidationPluginBeta1 extends IPolicyValidationPlugin {} +export interface IPolicyValidationPluginBeta1 { + /** + * The name of the plugin that will be displayed in the validation + * report + */ + readonly name: string; + + /** + * The version of the plugin, following the Semantic Versioning specification (see + * https://semver.org/). This version is used for analytics purposes, to + * measure the usage of different plugins and different versions. The value of + * this property should be kept in sync with the actual version of the + * software package. If the version is not provided or is not a valid semantic + * version, it will be reported as `0.0.0`. + */ + readonly version?: string; + + /** + * The list of rule IDs that the plugin will evaluate. Used for analytics + * purposes. + * + * @default - No rule is reported + */ + readonly ruleIds?: string[]; + + /** + * The method that will be called by the CDK framework to perform + * validations. This is where the plugin will evaluate the CloudFormation + * templates for compliance and report and violations + */ + validate(context: IPolicyValidationContextBeta1): PolicyValidationPluginReportBeta1; +} /** * Context available to the validation plugin * * @deprecated Use `IPolicyValidationContext` instead. */ -export interface IPolicyValidationContextBeta1 extends IPolicyValidationContext {} +export interface IPolicyValidationContextBeta1 { + /** + * The absolute path of all templates to be processed + */ + readonly templatePaths: string[]; +}