Pulumi policy validation to advise usage of certain compute families.

compute-family-policy.ts

import { ResourceValidationPolicy, ResourceValidationArgs } from "@pulumi/policy";

const advisedComputeFamilies = [
  "Standard_DS?\d{1,2}_v2",
  "Standard_DS?\d{1,2}_v3"];

const escapeRegex = (expression: string): string => expression.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&');

const isAzureVirtualMachineResource = (args: ResourceValidationArgs): boolean => args.type.startsWith("azure:compute/virtualMachine");

const isInAdvisedComputeFamily = (args: ResourceValidationArgs): boolean => {
  advisedComputeFamilies.forEach(fam => {
    const expression = escapeRegex(fam);
    const matches = new RegExp(expression).test(args.props.vmSize);
    if (!matches) {
      return false;
    }
  })

  return true;
};

const computeFamilyPolicy: ResourceValidationPolicy = {
  name: "advisory-compute-families",
  description: "Virtual machine should be in advised families.",
  enforcementLevel: "advisory",
  validateResource: (args, reportViolation) => {
    if (isAzureVirtualMachineResource(args) && !isInAdvisedComputeFamily(args)
    ) {
      reportViolation(
        `Virtual machine is advised to be in the following families: '${advisedComputeFamilies.join(',')}'.`
      );
    }
  }
};

export default computeFamilyPolicy;