Use of policy's seems to cause a hang

[RyanS-J]

What happened?

Whenever a policy is used this causes an endless hang and Pulumi never progresses past a preview. Removing the policy then allows Pulumi to progress and succeed.

Example

main.py

..
import policys
..

First attempt at policys.py

from pulumi_policy import(
    PolicyPack,
    EnforcementLevel,
    ReportViolation,
    ResourceValidationPolicy,
    ResourceValidationArgs
)


# Check Functions
def has_required_tags(args: ResourceValidationArgs, report_violation: ReportViolation):
    if args.resource_type == 'azure-native:' in args.props:
        tags = args.props.get("tags", {})
        if not tags:
            report_violation("No tags defined")

# Policy's
pol = ResourceValidationPolicy(
    name="require-tags",
    description="Ensure resources from specific providers have required tags.",
    validate=has_required_tags,
)

# Enforce
PolicyPack(
    name="tag-enforcement-pack",
    enforcement_level=EnforcementLevel.MANDATORY,
    policies=[pol],
)

Second attempt at policys.py

..
# Check Functions
def has_required_tags(args, report_violation):
    print('found azure recourse')
..

Output of pulumi about

Windows:

CLI
Version      3.137.0
Go Version   go1.23.2
Go Compiler  gc

Plugins
KIND      NAME          VERSION
resource  azure         6.4.0
resource  azure-native  2.62.0
resource  azuread       5.53.5
resource  cloudflare    5.40.1
resource  keycloak      5.3.4
resource  mailgun       3.5.5
resource  pagerduty     4.14.8
language  python        unknown
resource  random        4.16.6

Host
OS       Microsoft Windows 11 Enterprise
Version  10.0.26100 Build 26100
Arch     x86_64

This project is written in python: executable='..Redacted..\pypoetry\Cache\virtualenvs\non-package-mode-tntXEujR-py3.12\Scripts\python.exe' version='3.12.7'

Current Stack: ..Redacted..

TYPE                                                                       URN
..Redacted..


Found no pending operations associated with juriba/win11atest

Backend
Name           pulumi.com
URL            ..Redacted..
User           ..Redacted..
Organizations  ..Redacted..
Token type     personal

Dependencies:
NAME               VERSION
..Redacted..       0.0.0
cloudflare_module  0.2.0
keycloak_module    0.1.2
log_module         0.1.0
mailgun_module     0.1.0
monitoring_module  0.1.8
pip                24.2
pulumi_azure       6.4.0
pulumi_policy      1.13.0

wsl:

CLI
Version      3.137.0
Go Version   go1.23.2
Go Compiler  gc

Plugins
KIND      NAME          VERSION
resource  azure         6.4.0
resource  azure-native  2.62.0
resource  azuread       5.53.5
resource  cloudflare    5.40.1
resource  keycloak      5.3.4
resource  mailgun       3.5.5
resource  pagerduty     4.14.8
language  python        unknown
resource  random        4.16.6

Host
OS       ubuntu
Version  24.04
Arch     x86_64

This project is written in python: executable='/home/ ..Redacted../.cache/pypoetry/virtualenvs/non-package-mode-IW4GN32_-py3.12/bin/python' version='3.12.3'

Backend
Name           pulumi.com
URL             ..Redacted..
User            ..Redacted..
Organizations   ..Redacted..
Token type     personal

Dependencies:
NAME               VERSION
 ..Redacted..        0.0.0
cloudflare_module  0.2.0
keycloak_module    0.1.2
log_module         0.1.0
mailgun_module     0.1.0
monitoring_module  0.1.8
pip                24.2
pulumi_azure       6.4.0
pulumi_policy      1.13.0

Pulumi locates its logs in /tmp by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[RyanS-J]

This was a misunderstanding about the folder structure, policy's and the way they have to be called.