feat(hcp): wire enforced provisioners vNext on the Packer CLI#13656
Draft
galapas1 wants to merge 1 commit into
Draft
feat(hcp): wire enforced provisioners vNext on the Packer CLI#13656galapas1 wants to merge 1 commit into
galapas1 wants to merge 1 commit into
Conversation
Resolve and apply a bucket's enforced provisioner set at build start via the HCP Packer resolver, honoring the mandatory/advisory failure matrix with on-disk cache revalidation (If-None-Match) and fail-closed behavior on mandatory buckets. Add build-time --skip-enforcement with a closed reason-code enum, client-side hard-limit guardrails (<=128 KiB block_content, <=25 provisioners per bucket; mandatory fails closed, advisory warns and drops), and record the resolution context into build metadata for audit/integrity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolve and apply a bucket's enforced provisioner set at build start via the HCP Packer resolver, honoring the mandatory/advisory failure matrix with on-disk cache revalidation (If-None-Match) and fail-closed behavior on mandatory buckets.
Add build-time --skip-enforcement with a closed reason-code enum, client-side hard-limit guardrails (<=128 KiB block_content, <=25 provisioners per bucket; mandatory fails closed, advisory warns and drops), and record the resolution context into build metadata for audit/integrity
DELETE THIS PART BEFORE SUBMITTING
In order to have a good experience with our community, we recommend that you
read the contributing guidelines for making a PR, and understand the lifecycle
of a Packer Plugin PR:
Please include tests. Check out these examples:
Description
What code changed, and why?
Resolved Issues
If your PR resolves any open issue(s), please indicate them like this so they
will be closed when your PR is merged:
Closes #xxx
Closes #xxx
Rollback Plan
If a change needs to be reverted, we will roll out an update to the code within
7 days.
Changes to Security Controls
Are there any changes to security controls (access controls, encryption, logging)
in this pull request? If so, explain.