From 1892db31c1ccd762d5a47c5acc06f5275445129b Mon Sep 17 00:00:00 2001 From: Shawn Huckabay Date: Wed, 16 Oct 2024 07:03:34 -0500 Subject: [PATCH] POL-1378 Linting Updates: Cost Policies: Google (#2736) * update * fix * update * fix * update * fix * update * update * update * update * update * update * update * update * update --- cost/google/cheaper_regions/README.md | 2 +- .../cloud_run_anomaly_detection/CHANGELOG.md | 8 +++ .../cloud_run_anomaly_detection/README.md | 42 ++++++----- .../google_cloud_run_anomaly_detection.pt | 59 +++++++-------- .../README.md | 2 +- cost/google/cloudsql_rightsizing/CHANGELOG.md | 4 ++ cost/google/cloudsql_rightsizing/README.md | 6 +- .../google_cloudsql_rightsizing.pt | 3 +- cost/google/cud_expiration/README.md | 2 +- cost/google/cud_recommendations/CHANGELOG.md | 5 ++ cost/google/cud_recommendations/README.md | 29 ++++---- ..._committed_use_discount_recommendations.pt | 42 +++++++---- ...se_discount_recommendations_meta_parent.pt | 9 ++- cost/google/cud_report/README.md | 2 +- .../idle_compute_instances/CHANGELOG.md | 4 ++ cost/google/idle_compute_instances/README.md | 6 +- .../google_idle_compute_instances.pt | 3 +- .../CHANGELOG.md | 4 ++ .../idle_ip_address_recommendations/README.md | 53 +++++++------- .../google_idle_ip_address_recommendations.pt | 6 +- ..._ip_address_recommendations_meta_parent.pt | 2 +- .../CHANGELOG.md | 4 ++ .../README.md | 68 ++++++++---------- ...le_idle_persistent_disk_recommendations.pt | 8 +-- ...istent_disk_recommendations_meta_parent.pt | 2 +- .../idle_vm_recommendations/CHANGELOG.md | 4 ++ cost/google/idle_vm_recommendations/README.md | 4 +- .../google_vm_recommendations.pt | 3 +- .../CHANGELOG.md | 4 ++ .../README.md | 2 +- ...oogle_instances_stackdriver_utilization.pt | 3 +- .../object_storage_optimization/CHANGELOG.md | 4 ++ .../object_storage_optimization/README.md | 2 +- .../google_object_storage_optimization.pt | 4 +- ...object_storage_optimization_meta_parent.pt | 2 +- cost/google/old_snapshots/README.md | 2 +- cost/google/recommender/README.md | 2 +- .../README.md | 2 +- .../rightsize_vm_recommendations/README.md | 72 +++++++++---------- cost/google/schedule_instance/README.md | 6 +- cost/google/unattached_volumes/CHANGELOG.md | 4 ++ cost/google/unattached_volumes/README.md | 4 +- .../google_delete_unattached_volumes.pt | 5 +- .../unused_cloudsql_instances/README.md | 6 +- cost/google/unutilized_ip_addresses/README.md | 6 +- .../master_policy_permissions_list.json | 59 ++------------- .../master_policy_permissions_list.yaml | 43 ++--------- 47 files changed, 284 insertions(+), 334 deletions(-) diff --git a/cost/google/cheaper_regions/README.md b/cost/google/cheaper_regions/README.md index 7853f623a9..d9f7544772 100644 --- a/cost/google/cheaper_regions/README.md +++ b/cost/google/cheaper_regions/README.md @@ -40,4 +40,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/cloud_run_anomaly_detection/CHANGELOG.md b/cost/google/cloud_run_anomaly_detection/CHANGELOG.md index 897565ef5b..b23ef11248 100644 --- a/cost/google/cloud_run_anomaly_detection/CHANGELOG.md +++ b/cost/google/cloud_run_anomaly_detection/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## v0.1.3 + +- Minor code improvements to conform with current standards. Functionality unchanged. + +## v0.1.2 + +- fixed spelling errors in parameters + ## v0.1.1 - fixed link to README in policy description diff --git a/cost/google/cloud_run_anomaly_detection/README.md b/cost/google/cloud_run_anomaly_detection/README.md index 833d118733..50111c6796 100644 --- a/cost/google/cloud_run_anomaly_detection/README.md +++ b/cost/google/cloud_run_anomaly_detection/README.md @@ -1,6 +1,6 @@ # Google Cloud Run Anomaly Detection -## What it does +## What It Does This Policy uses Google Cloud Metrics data to identify anomalies for Cloud Run services using the [Standard Score (aka `Z-score`)](https://en.wikipedia.org/wiki/Standard_score) statistical method. @@ -8,21 +8,7 @@ This Policy uses Google Cloud Metrics data to identify anomalies for Cloud Run s This policy only uses Google Cloud Metric data and is designed to notify of anomalies <24 hours -- specifically before cost and usage data is available. -## Prerequisites - -This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). - -- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: - - - Permissions - - `resourcemanager.projects.get` - - `compute.regions.list` - - `run.services.list` - - `monitoring.timeSeries.list` - -The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. - -### Input Parameters +## Input Parameters This policy has the following input parameters required when launching the policy. @@ -34,9 +20,29 @@ This policy has the following input parameters required when launching the polic - *Lookback Aggregation Period* - The time period to aggregate the metric data - *Metric Name* - The name of the metric to monitor for anomalies - *Threshold For Z-score* - The threshold for Z-scale, which is the number of consequent anomaly events to trigger an incident (i.e. 1, 2, 3) -- *Threshold For Consequtive Anomalies* - Number of Consqutive Anomalies to trigger an incident +- *Threshold For Consecutive Anomalies* - Number of Consecutive Anomalies to trigger an incident - *Email addresses* - A list of email addresses to notify +## Policy Actions + +- Send an email report + +## Prerequisites + +This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). + +- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: + - `resourcemanager.projects.get` + - `compute.regions.list` + - `run.services.list` + - `monitoring.timeSeries.list` + +The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. + +## Supported Clouds + +- Google + ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/cloud_run_anomaly_detection/google_cloud_run_anomaly_detection.pt b/cost/google/cloud_run_anomaly_detection/google_cloud_run_anomaly_detection.pt index bfeaa73ace..ba5fded376 100644 --- a/cost/google/cloud_run_anomaly_detection/google_cloud_run_anomaly_detection.pt +++ b/cost/google/cloud_run_anomaly_detection/google_cloud_run_anomaly_detection.pt @@ -8,7 +8,7 @@ category "Cost" default_frequency "daily" info( publish: "false", - version: "0.1.1", + version: "0.1.3", provider: "Google", service: "Cloud Run", policy_set: "Anomaly Detection" @@ -19,15 +19,14 @@ info( ############################################################################### parameter "param_email" do - category "Policy Settings" type "list" + category "Policy Settings" label "Email addresses to notify" description "Email addresses of the recipients you wish to notify when new incidents are created" default [] end parameter "param_projects_allow_or_deny" do - category "Filters" type "string" category "Filters" label "Allow/Deny Projects" @@ -37,7 +36,6 @@ parameter "param_projects_allow_or_deny" do end parameter "param_projects_list" do - category "Filters" type "list" category "Filters" label "Allow/Deny Projects List" @@ -46,7 +44,6 @@ parameter "param_projects_list" do end parameter "param_regions_allow_or_deny" do - category "Filters" type "string" category "Filters" label "Allow/Deny Regions" @@ -56,7 +53,6 @@ parameter "param_regions_allow_or_deny" do end parameter "param_regions_list" do - category "Filters" type "list" category "Filters" label "Allow/Deny Regions List" @@ -65,48 +61,48 @@ parameter "param_regions_list" do end parameter "param_metric_lookback_time" do + type "string" category "Statistics" label "Lookback Time Period" - type "string" description "The time period to look back for anomalies. The longer the time period, the more accurate the anomaly detection will be." - default "Last 1 day" allowed_values ["Last 15 minutes", "Last 30 minutes", "Last 1 hour", "Last 3 hours", "Last 6 hours", "Last 12 hours", "Last 1 day", "Last 2 days", "Last 7 days", "Last 14 days"] + default "Last 1 day" end parameter "param_metric_aggregation" do + type "string" category "Statistics" label "Lookback Aggregation Period" - type "string" description "The time period to aggregate the metric data" - default "1 minute" allowed_values ["1 minute", "5 minutes", "10 minutes", "15 minutes", "30 minutes", "1 hour", "3 hours", "6 hours", "12 hours", "1 day"] + default "1 minute" end parameter "param_threshold_metric_name" do + type "string" category "Statistics" label "Metric Name" - type "string" description "The name of the metric to monitor for anomalies" - default "run.googleapis.com/container/billable_instance_time" allowed_values ["run.googleapis.com/container/billable_instance_time", "run.googleapis.com/container/instance_count", "run.googleapis.com/container/memory", "run.googleapis.com/container/cpu"] + default "run.googleapis.com/container/billable_instance_time" end parameter "param_threshold_zscore" do + type "number" category "Filters" label "Threshold For Z-Score" - type "number" description "The Z-score is the number of standard deviations by which the value of a raw score (i.e., an observed value or data point) is above or below the mean value of what is being observed or measured" - default 3 min_value 0 + default 3 end parameter "param_threshold_consequtive_anomalies" do - category "Filters" - label "Threshold For Consequtive Anomalies" type "number" - description "Number of Consequtive Anomalies to trigger an incident" - default 0 + category "Filters" + label "Threshold For Consecutive Anomalies" + description "Number of Consecutive Anomalies to trigger an incident" min_value 0 + default 0 end ############################################################################### @@ -151,9 +147,9 @@ script "js_param_values", type: "javascript" do // Using param_metric_lookback_time, calculate the start and end time for the interval var end_time = new Date() // Set the seconds and milliseconds to 0 to make the timestamp more human-readable - end_time.setSeconds(0,0) + end_time.setSeconds(0, 0) // Default start_time to Last 1 day - var start_time = new Date(end_time.getTime() - 24*60*60000) + var start_time = new Date(end_time.getTime() - 24 * 60 * 60000) // Override default if param value matches mapping in switch switch (param_metric_lookback_time) { case "Last 15 minutes": @@ -317,10 +313,9 @@ datasource "ds_google_cloud_run_services" do iterate $ds_google_regions_filtered request do auth $auth_google + pagination $pagination_google host "run.googleapis.com" # v2 can use Global endpoint https://cloud.google.com/run/docs/reference/rest#rest_endpoints - verb "GET" path join(["/v2/projects/", val(iter_item, "projectId"), "/locations/", val(iter_item, "region"), "/services"]) - pagination $pagination_google end result do encoding "json" @@ -341,14 +336,14 @@ datasource "ds_cloud_run_utilization" do request do auth $auth_google host "monitoring.googleapis.com" - path join(["/v3/projects/",val(iter_item,"projectId"),"/timeSeries"]) - query "aggregation.alignmentPeriod", join(['+',val($ds_param_values,"aggregation"),"s"],"") + path join(["/v3/projects/", val(iter_item, "projectId"), "/timeSeries"]) + query "aggregation.alignmentPeriod", join(['+', val($ds_param_values, "aggregation"), "s"], "") query "aggregation.crossSeriesReducer", "REDUCE_SUM" query "aggregation.groupByFields", 'resource.label."service_name"' query "aggregation.perSeriesAligner", "ALIGN_RATE" - query "filter", join(['metric.type="',$param_threshold_metric_name,'" resource.type="cloud_run_revision" resource.label."service_name"="',last(split(val(iter_item, "name"), "/services/")),'" AND resource.labels."location"="',val(iter_item, "region"),'" AND resource.labels."service_name"="',last(split(val(iter_item, "name"), "/services/")),'"'],"") + query "filter", join(['metric.type="', $param_threshold_metric_name, '" resource.type="cloud_run_revision" resource.label."service_name"="', last(split(val(iter_item, "name"), "/services/")), '" AND resource.labels."location"="', val(iter_item, "region"), '" AND resource.labels."service_name"="', last(split(val(iter_item, "name"), "/services/")), '"'], "") query "interval.startTime", val($ds_param_values, "start_time") - query "interval.endTime", val($ds_param_values, "end_time") + query "interval.endTime", val($ds_param_values, "end_time") end result do encoding "json" @@ -437,14 +432,9 @@ policy "pol_utilization" do validate_each $ds_cloud_run_utilization_anomalies do summary_template "Google Cloud Run Anomaly Detection: {{ len data }} Anomalies In {{ parameters.param_metric_lookback_time }} For {{ parameters.param_threshold_metric_name }} Metric" detail_template " " - check lt( val(val(item, "value"), "consequtiveAnomalyIndex") , $param_threshold_consequtive_anomalies) # Check that the consequtiveAnomalyIndex is less than the param_consequtiveAnomaly_threshold - escalate $email + check lt(val(val(item, "value"), "consequtiveAnomalyIndex"), $param_threshold_consequtive_anomalies) # Check that the consequtiveAnomalyIndex is less than the param_consequtiveAnomaly_threshold + escalate $esc_email export do - # resource_level true - # field "id" do - # label "Resource ID" - # path "service_name" - # end field "param_threshold_consequtive_anomalies" do label "Policy Parameter Threshold Consequtive Anomalies" path "parameters.param_threshold_consequtive_anomalies" @@ -497,12 +487,11 @@ policy "pol_utilization" do end end - ############################################################################### # Escalations ############################################################################### -escalation "email" do +escalation "esc_email" do automatic true label "Send Email" description "Send incident email" diff --git a/cost/google/cloud_sql_idle_instance_recommendations/README.md b/cost/google/cloud_sql_idle_instance_recommendations/README.md index 2d4b603041..c51a149970 100644 --- a/cost/google/cloud_sql_idle_instance_recommendations/README.md +++ b/cost/google/cloud_sql_idle_instance_recommendations/README.md @@ -92,7 +92,7 @@ The following policy actions are taken on any resources found to be out of compl ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. ## API Quotas diff --git a/cost/google/cloudsql_rightsizing/CHANGELOG.md b/cost/google/cloudsql_rightsizing/CHANGELOG.md index 2db89383a5..cc163cb7e8 100644 --- a/cost/google/cloudsql_rightsizing/CHANGELOG.md +++ b/cost/google/cloudsql_rightsizing/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v2.10.2 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v2.10.1 - Deprecated: This policy is no longer being updated. Please see policy README for more information. diff --git a/cost/google/cloudsql_rightsizing/README.md b/cost/google/cloudsql_rightsizing/README.md index 070a26095e..c247fb4908 100644 --- a/cost/google/cloudsql_rightsizing/README.md +++ b/cost/google/cloudsql_rightsizing/README.md @@ -4,11 +4,11 @@ This policy is no longer being updated. The [Google Rightsize Cloud SQL Recommender](https://github.com/flexera-public/policy_templates/tree/master/cost/google/rightsize_cloudsql_recommendations/) policy should be used instead. -## What it does +## What It Does This Policy Template checks Google Cloud SQL instances based on provided CPU threshold over a 30 day average and resizes them after approval. -## Functional Details +## How It Works - This policy identifies all Google CloudSQL instances reporting performance metrics to stackdriver whose CPU utilization is below the thresholds set in the **Average used CPU % - Downsize Threshold** and **Average used CPU % - Upsize Threshold** parameters. - If APIs & Services are not enabled for a project, the policy will skip that particular project. On the next run if APIs & Services are enabled, then the project will be considered for execution. @@ -56,4 +56,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/cloudsql_rightsizing/google_cloudsql_rightsizing.pt b/cost/google/cloudsql_rightsizing/google_cloudsql_rightsizing.pt index 3a7a689425..e79a6fdf6d 100644 --- a/cost/google/cloudsql_rightsizing/google_cloudsql_rightsizing.pt +++ b/cost/google/cloudsql_rightsizing/google_cloudsql_rightsizing.pt @@ -7,7 +7,7 @@ severity "medium" category "Cost" default_frequency "daily" info( - version: "2.10.1", + version: "2.10.2", provider: "GCE", service: "SQL", policy_set: "Rightsize Database Services", @@ -190,7 +190,6 @@ end datasource "ds_google_instance_size_map" do request do - verb "GET" host "raw.githubusercontent.com" path "/flexera/policy_templates/e412d4ca5dc191f15fcf6cc532dc2d31de44f3ee/data/google/instance_types.json" header "User-Agent", "RS Policies" diff --git a/cost/google/cud_expiration/README.md b/cost/google/cud_expiration/README.md index 5d399c7747..fac094b989 100644 --- a/cost/google/cud_expiration/README.md +++ b/cost/google/cud_expiration/README.md @@ -42,4 +42,4 @@ Additionally, this Policy Template requires that several APIs be enabled in your ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/cud_recommendations/CHANGELOG.md b/cost/google/cud_recommendations/CHANGELOG.md index 37c989c7d4..7841f00034 100644 --- a/cost/google/cud_recommendations/CHANGELOG.md +++ b/cost/google/cud_recommendations/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## v4.2.1 + +- Added `Service` field to incident table +- Minor code improvements to conform with current standards. + ## v4.2 - Updated policy to use new source for currency information. Policy functionality is unchanged. diff --git a/cost/google/cud_recommendations/README.md b/cost/google/cud_recommendations/README.md index fecdecff6d..a60fe0c33e 100644 --- a/cost/google/cud_recommendations/README.md +++ b/cost/google/cud_recommendations/README.md @@ -1,10 +1,10 @@ # Google Committed Use Discount Recommender -## What it does +## What It Does This Policy Template reports any Committed Use Discount Recommendations generated by Google. The user can adjust which recommendations are reported via policy parameters. -## Functional Details +## How It Works Recommendations are obtained via requests to the [Google Recommender API](https://cloud.google.com/docs/cuds-recommender). @@ -38,35 +38,34 @@ The following policy actions are taken for any recommendations: ## Prerequisites -This Policy Template requires that several APIs be enabled in your Google Cloud environment: - -- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) -- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) - This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). - [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: - - Permissions - - `resourcemanager.projects.get` - - `compute.regions.list` - - `recommender.usageCommitmentRecommendations.list` - - `billing.resourceCosts.get`* - - `billing.accounts.getSpendingInformation`* + - `resourcemanager.projects.get` + - `compute.regions.list` + - `recommender.usageCommitmentRecommendations.list` + - `billing.resourceCosts.get`* + - `billing.accounts.getSpendingInformation`* -\* Needed for recommendations to reflect custom contract pricing. Otherwise, recommendations will use list pricing. + \* Needed for recommendations to reflect custom contract pricing. Otherwise, recommendations will use list pricing. - [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: - `billing_center_viewer` The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. +Additionally, this policy template requires that several APIs be enabled in your Google Cloud environment: + +- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) +- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) + ## Supported Clouds - Google ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. ### API Quotas diff --git a/cost/google/cud_recommendations/google_committed_use_discount_recommendations.pt b/cost/google/cud_recommendations/google_committed_use_discount_recommendations.pt index 1319d02db9..0cef086ab2 100644 --- a/cost/google/cud_recommendations/google_committed_use_discount_recommendations.pt +++ b/cost/google/cud_recommendations/google_committed_use_discount_recommendations.pt @@ -7,7 +7,7 @@ category "Cost" severity "low" default_frequency "weekly" info( - version: "4.2", + version: "4.2.1", provider: "Google", service: "Compute", recommendation_type: "Rate Reduction", @@ -74,8 +74,8 @@ parameter "param_term" do category "Reservation Settings" label "Term" description "Length of Committed Use Discount term to provide recommendations for." - default "1 Year" allowed_values "1 Year", "3 Year" + default "1 Year" end parameter "param_algorithm" do @@ -83,8 +83,8 @@ parameter "param_algorithm" do category "Reservation Settings" label "Recommendation Algorithm" description "The algorithm to use for generating Committed Use Discount recommendations. See README for more information." - default "Optimal" allowed_values "Optimal", "Stable Usage" + default "Optimal" end ############################################################################### @@ -226,7 +226,7 @@ datasource "ds_google_regions" do pagination $pagination_google host "compute.googleapis.com" path join(["/compute/v1/projects/", val(iter_item, "id"), "/regions/"]) - ignore_status [403,404] + ignore_status [403, 404] end result do encoding "json" @@ -557,13 +557,26 @@ script "js_recommendations_incident", type:"javascript" do // Dummy item to ensure validation runs at least once result.push({ - accountID: "", accountName: "", projectNumber: "", - resourceID: "", region: "", recommendationDetails: "", - priority: "", scope: "", state: "", - algorithm: "", savings: "", savingsCurrency: "", - resourceName: "", resourceType: "", resourcesToPurchase: "", - term: "", service: "", policy_name: "", - total_savings: "", message: "" + accountID: "", + accountName: "", + projectNumber: "", + resourceID: "", + region: "", + recommendationDetails: "", + priority: "", + scope: "", + state: "", + algorithm: "", + savings: "", + savingsCurrency: "", + resourceName: "", + resourceType: "", + resourcesToPurchase: "", + term: "", + service: "", + policy_name: "", + total_savings: "", + message: "" }) result[0]['total_savings'] = savings_message @@ -575,7 +588,7 @@ end # Policy ############################################################################### -policy "policy_recommendations" do +policy "pol_recommendations" do validate_each $ds_recommendations_incident do summary_template "{{ with index data 0 }}{{ .policy_name }}{{ end }}: {{ len data }} Google Committed Use Discount Recommendations" detail_template <<-'EOS' @@ -636,6 +649,9 @@ policy "policy_recommendations" do field "state" do label "State" end + field "service" do + label "Service" + end field "id" do label "ID" path "resourceID" @@ -667,7 +683,7 @@ datasource "ds_get_policy" do auth $auth_flexera host rs_governance_host ignore_status [404] - path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id,""), meta_parent_policy_id, policy_id) ]) + path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id, ""), meta_parent_policy_id, policy_id)]) header "Api-Version", "1.0" end result do diff --git a/cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt b/cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt index bd3d1984ef..5814c1dcdc 100644 --- a/cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt +++ b/cost/google/cud_recommendations/google_committed_use_discount_recommendations_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "Google", - version: "4.2", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "4.2.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) @@ -99,8 +99,8 @@ parameter "param_term" do category "Reservation Settings" label "Term" description "Length of Committed Use Discount term to provide recommendations for." - default "1 Year" allowed_values "1 Year", "3 Year" + default "1 Year" end parameter "param_algorithm" do @@ -108,8 +108,8 @@ parameter "param_algorithm" do category "Reservation Settings" label "Recommendation Algorithm" description "The algorithm to use for generating Committed Use Discount recommendations. See README for more information." - default "Optimal" allowed_values "Optimal", "Stable Usage" + default "Optimal" end ############################################################################### @@ -936,6 +936,9 @@ policy "policy_scheduled_report" do field "state" do label "State" end + field "service" do + label "Service" + end field "id" do label "ID" end diff --git a/cost/google/cud_report/README.md b/cost/google/cud_report/README.md index 9b586d79ce..585545320d 100644 --- a/cost/google/cud_report/README.md +++ b/cost/google/cud_report/README.md @@ -42,4 +42,4 @@ Additionally, this Policy Template requires that several APIs be enabled in your ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/idle_compute_instances/CHANGELOG.md b/cost/google/idle_compute_instances/CHANGELOG.md index 17e939d500..2f6ef16656 100644 --- a/cost/google/idle_compute_instances/CHANGELOG.md +++ b/cost/google/idle_compute_instances/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v2.11.3 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v2.11.2 - Added `deprecated` field to policy metadata. Functionality is unchanged. diff --git a/cost/google/idle_compute_instances/README.md b/cost/google/idle_compute_instances/README.md index b67fb20955..fb75bfb609 100644 --- a/cost/google/idle_compute_instances/README.md +++ b/cost/google/idle_compute_instances/README.md @@ -4,11 +4,11 @@ This policy is no longer being updated. The [Google Rightsize VM Recommender](https://github.com/flexera-public/policy_templates/tree/master/cost/google/rightsize_vm_recommendations) policy now includes this functionality and is the recommended policy for getting idle VM recommendations. -## What it does +## What It Does This Policy Template checks for idle instance in Google Compute Engine and then terminates them upon approval. -## Functional Details +## How It Works - If APIs & Services are not enabled for a project, the policy will skip that particular project. On the next run if APIs & Services are enabled, then the project will be considered for execution. - This policy identifies all instances reporting performance metrics to Google StackDriver and delivers a report, for instances whose CPU or Memory utilization is below the thresholds set in the **Average used memory percentage** and **Average used CPU percentage** parameters. These thresholds are what you would consider to be and idle instance. @@ -60,4 +60,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/idle_compute_instances/google_idle_compute_instances.pt b/cost/google/idle_compute_instances/google_idle_compute_instances.pt index 4d2126ff80..23d74f7cf0 100644 --- a/cost/google/idle_compute_instances/google_idle_compute_instances.pt +++ b/cost/google/idle_compute_instances/google_idle_compute_instances.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "daily" info( - version: "2.11.2", + version: "2.11.3", provider: "GCE", service: "Compute", policy_set: "Idle Compute Instances", @@ -233,7 +233,6 @@ datasource "ds_instances" do request do auth $auth_google host "compute.googleapis.com" - verb "GET" path join(["/compute/v1/projects/", iter_item, "/aggregated/instances"]) ignore_status [403, 404] header "User-Agent", "RS Policies" diff --git a/cost/google/idle_ip_address_recommendations/CHANGELOG.md b/cost/google/idle_ip_address_recommendations/CHANGELOG.md index d2a621a266..fd80b65491 100644 --- a/cost/google/idle_ip_address_recommendations/CHANGELOG.md +++ b/cost/google/idle_ip_address_recommendations/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v4.2.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v4.2.0 - Modified internal names for incident fields for more accurate scraping into Optimization dashboard diff --git a/cost/google/idle_ip_address_recommendations/README.md b/cost/google/idle_ip_address_recommendations/README.md index fa5dbac4ed..d9e1df80f2 100644 --- a/cost/google/idle_ip_address_recommendations/README.md +++ b/cost/google/idle_ip_address_recommendations/README.md @@ -21,34 +21,6 @@ The policy includes the estimated monthly savings. The estimated monthly savings - The incident message detail includes the sum of each resource `Estimated Monthly Savings` as `Potential Monthly Savings`. - If the Flexera organization is configured to use a currency other than the one Google Recommender is reporting the savings estimates in, the savings values will be converted using the exchange rate at the time that the policy executes. -## Prerequisites - -This Policy Template requires that several APIs be enabled in your Google Cloud environment: - -- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) -- [Compute Engine API](https://console.cloud.google.com/flows/enableapi?apiid=compute.googleapis.com) -- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) - -This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). - -- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: - - Roles - - `Compute Recommender Viewer` - - `Compute Recommender Admin`* - - - Permissions - - `recommender.computeAddressIdleResourceRecommendations.list` - - `resourcemanager.projects.get` - - `compute.addresses.list` - - `compute.addresses.delete`* - -\* Only required for taking action; the policy will still function in a read-only capacity without these permissions. - -- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: - - `billing_center_viewer` - -The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. - ## Input Parameters This policy has the following input parameters required when launching the policy. @@ -78,13 +50,36 @@ The following policy actions are taken on any resources found to be out of compl - Send an email report - Delete idle IP addresses after approval +## Prerequisites + +This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). + +- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: + - `recommender.computeAddressIdleResourceRecommendations.list` + - `resourcemanager.projects.get` + - `compute.addresses.list` + - `compute.addresses.delete`* + + \* Only required for taking action; the policy will still function in a read-only capacity without these permissions. + +- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: + - `billing_center_viewer` + +The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. + +Additionally, this policy template requires that several APIs be enabled in your Google Cloud environment: + +- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) +- [Compute Engine API](https://console.cloud.google.com/flows/enableapi?apiid=compute.googleapis.com) +- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) + ## Supported Clouds - Google ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. ## API Quotas diff --git a/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations.pt b/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations.pt index a6177b3993..a379f86087 100644 --- a/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations.pt +++ b/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "weekly" info( - version: "4.2.0", + version: "4.2.1", provider: "Google", service: "Compute", policy_set: "Unused IP Addresses", @@ -792,7 +792,7 @@ define delete_ip_addresses($data) return $all_responses do end if inspect($$errors) != "null" - raise join($$errors,"\n") + raise join($$errors, "\n") end end @@ -840,7 +840,7 @@ datasource "ds_get_policy" do auth $auth_flexera host rs_governance_host ignore_status [404] - path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id,""), meta_parent_policy_id, policy_id) ]) + path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id, ""), meta_parent_policy_id, policy_id)]) header "Api-Version", "1.0" end result do diff --git a/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations_meta_parent.pt b/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations_meta_parent.pt index 9fc79bd943..54780b670f 100644 --- a/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations_meta_parent.pt +++ b/cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "Google", - version: "4.2.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "4.2.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/cost/google/idle_persistent_disk_recommendations/CHANGELOG.md b/cost/google/idle_persistent_disk_recommendations/CHANGELOG.md index cffddf0795..36f40f4120 100644 --- a/cost/google/idle_persistent_disk_recommendations/CHANGELOG.md +++ b/cost/google/idle_persistent_disk_recommendations/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v4.2.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v4.2.0 - Modified internal names for incident fields for more accurate scraping into Optimization dashboard diff --git a/cost/google/idle_persistent_disk_recommendations/README.md b/cost/google/idle_persistent_disk_recommendations/README.md index 9184eef7b9..257e68ade5 100644 --- a/cost/google/idle_persistent_disk_recommendations/README.md +++ b/cost/google/idle_persistent_disk_recommendations/README.md @@ -23,42 +23,6 @@ The policy includes the estimated monthly savings. The estimated monthly savings - The incident message detail includes the sum of each resource `Estimated Monthly Savings` as `Potential Monthly Savings`. - If the Flexera organization is configured to use a currency other than the one Google Recommender is reporting the savings estimates in, the savings values will be converted using the exchange rate at the time that the policy executes. -## Prerequisites - -This Policy Template requires that several APIs be enabled in your Google Cloud environment: - -- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) -- [Compute Engine API](https://console.cloud.google.com/flows/enableapi?apiid=compute.googleapis.com) -- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) - -This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). - -- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: - - Roles - - `Monitoring Viewer` - - `Compute Recommender Viewer` - - `Compute Recommender Admin`* - - - Permissions - - `recommender.computeDiskIdleResourceRecommendations.list` - - `resourcemanager.projects.get` - - `compute.disks.list` - - `logging.logEntries.list` - - `logging.privateLogEntries.list` - - `logging.views.access` - - `compute.disks.createSnapshot`* - - `compute.disks.delete`* - - `compute.globalOperations.get`* - - `compute.zoneOperations.get`* - - `compute.snapshots.create`* - -\* Only required for taking action; the policy will still function in a read-only capacity without these permissions. - -- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: - - `billing_center_viewer` - -The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. - ## Input Parameters This policy has the following input parameters required when launching the policy. @@ -90,13 +54,43 @@ The following policy actions are taken on any resources found to be out of compl - Send an email report - Delete idle persistent disks after approval +## Prerequisites + +This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). + +- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: + - `recommender.computeDiskIdleResourceRecommendations.list` + - `resourcemanager.projects.get` + - `compute.disks.list` + - `logging.logEntries.list` + - `logging.privateLogEntries.list` + - `logging.views.access` + - `compute.disks.createSnapshot`* + - `compute.disks.delete`* + - `compute.globalOperations.get`* + - `compute.zoneOperations.get`* + - `compute.snapshots.create`* + + \* Only required for taking action; the policy will still function in a read-only capacity without these permissions. + +- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: + - `billing_center_viewer` + +The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. + +Additionally, this policy template requires that several APIs be enabled in your Google Cloud environment: + +- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) +- [Compute Engine API](https://console.cloud.google.com/flows/enableapi?apiid=compute.googleapis.com) +- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) + ## Supported Clouds - Google ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. ## API Quotas diff --git a/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt b/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt index da41a65b4e..dc2327f085 100644 --- a/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt +++ b/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt @@ -7,8 +7,8 @@ severity "low" category "Cost" default_frequency "weekly" info( - version: "4.2.0", - provider:"Google", + version: "4.2.1", + provider: "Google", service: "Storage", policy_set: "Unused Volumes", recommendation_type: "Usage Reduction" @@ -1075,7 +1075,7 @@ define delete_disks($data, $param_take_snapshot) return $all_responses do end if inspect($$errors) != "null" - raise join($$errors,"\n") + raise join($$errors, "\n") end end @@ -1182,7 +1182,7 @@ datasource "ds_get_policy" do auth $auth_flexera host rs_governance_host ignore_status [404] - path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id,""), meta_parent_policy_id, policy_id) ]) + path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id, ""), meta_parent_policy_id, policy_id)]) header "Api-Version", "1.0" end result do diff --git a/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations_meta_parent.pt b/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations_meta_parent.pt index 462179e32e..2a36243918 100644 --- a/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations_meta_parent.pt +++ b/cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "Google", - version: "4.2.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "4.2.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/cost/google/idle_vm_recommendations/CHANGELOG.md b/cost/google/idle_vm_recommendations/CHANGELOG.md index ee2222dae9..7f1c1d4fb3 100644 --- a/cost/google/idle_vm_recommendations/CHANGELOG.md +++ b/cost/google/idle_vm_recommendations/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v2.13.2 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v2.13.1 - Added `deprecated` field to policy metadata. Functionality is unchanged. diff --git a/cost/google/idle_vm_recommendations/README.md b/cost/google/idle_vm_recommendations/README.md index 721062b0ac..e92f4b5de8 100644 --- a/cost/google/idle_vm_recommendations/README.md +++ b/cost/google/idle_vm_recommendations/README.md @@ -4,7 +4,7 @@ This policy is no longer being updated. The [Google Rightsize VM Recommender](https://github.com/flexera-public/policy_templates/tree/master/cost/google/rightsize_vm_recommendations) policy now includes this functionality and is the recommended policy for getting idle VM recommendations. -## What it does +## What It Does This Policy finds Idle Virtual Machine Recommendations and reports when it finds them. You can then delete the idle instances @@ -78,7 +78,7 @@ Required roles in the provider: ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. ### API Quotas diff --git a/cost/google/idle_vm_recommendations/google_vm_recommendations.pt b/cost/google/idle_vm_recommendations/google_vm_recommendations.pt index 56af45b6cd..748a8b19f5 100644 --- a/cost/google/idle_vm_recommendations/google_vm_recommendations.pt +++ b/cost/google/idle_vm_recommendations/google_vm_recommendations.pt @@ -6,7 +6,7 @@ category "Cost" severity "low" default_frequency "daily" info( - version: "2.13.1", + version: "2.13.2", provider:"Google", service: "Compute", policy_set: "Idle Compute Instances", @@ -264,7 +264,6 @@ datasource "ds_get_vms" do request do auth $auth_google host "compute.googleapis.com" - verb "GET" path join(["/compute/v1/projects/", iter_item, "/aggregated/instances"]) ignore_status [403, 404] header "User-Agent", "RS Policies" diff --git a/cost/google/instances_stackdriver_utilization/CHANGELOG.md b/cost/google/instances_stackdriver_utilization/CHANGELOG.md index 2abdc913c9..679f2e6d42 100644 --- a/cost/google/instances_stackdriver_utilization/CHANGELOG.md +++ b/cost/google/instances_stackdriver_utilization/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v2.12.3 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v2.12.2 - Added `deprecated` field to policy metadata. Functionality is unchanged. diff --git a/cost/google/instances_stackdriver_utilization/README.md b/cost/google/instances_stackdriver_utilization/README.md index a04adc0ee8..8f98853b36 100644 --- a/cost/google/instances_stackdriver_utilization/README.md +++ b/cost/google/instances_stackdriver_utilization/README.md @@ -60,4 +60,4 @@ Replace the `30` wherever you see `"start_date": new Date(new Date().setDate(new ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/instances_stackdriver_utilization/google_instances_stackdriver_utilization.pt b/cost/google/instances_stackdriver_utilization/google_instances_stackdriver_utilization.pt index df99d97151..b41234ac32 100644 --- a/cost/google/instances_stackdriver_utilization/google_instances_stackdriver_utilization.pt +++ b/cost/google/instances_stackdriver_utilization/google_instances_stackdriver_utilization.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "daily" info( - version: "2.12.2", + version: "2.12.3", provider: "GCE", service: "Compute", policy_set: "Inefficient Instance Usage", @@ -195,7 +195,6 @@ end # get google instance size map datasource "ds_google_instance_size_map" do request do - verb "GET" host "raw.githubusercontent.com" path "/flexera/policy_templates/master/data/google/instance_types.json" header "User-Agent", "RS Policies" diff --git a/cost/google/object_storage_optimization/CHANGELOG.md b/cost/google/object_storage_optimization/CHANGELOG.md index 652655c6e2..909fef6256 100644 --- a/cost/google/object_storage_optimization/CHANGELOG.md +++ b/cost/google/object_storage_optimization/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v3.0.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v3.0.0 - Several parameters altered to be more descriptive and human-readable diff --git a/cost/google/object_storage_optimization/README.md b/cost/google/object_storage_optimization/README.md index 513d5115ed..af911b74c9 100644 --- a/cost/google/object_storage_optimization/README.md +++ b/cost/google/object_storage_optimization/README.md @@ -60,4 +60,4 @@ Additionally, this Policy Template requires that several APIs be enabled in your ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/object_storage_optimization/google_object_storage_optimization.pt b/cost/google/object_storage_optimization/google_object_storage_optimization.pt index 188e5c54bd..9af935d9e5 100644 --- a/cost/google/object_storage_optimization/google_object_storage_optimization.pt +++ b/cost/google/object_storage_optimization/google_object_storage_optimization.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "weekly" info( - version: "3.0.0", + version: "3.0.1", provider: "Google", service: "Storage", policy_set: "Object Store Optimization" @@ -198,7 +198,6 @@ datasource "ds_google_buckets" do request do auth $auth_google pagination $pagination_google - verb "GET" host "storage.googleapis.com" path "/storage/v1/b" query "project", val(iter_item, "id") @@ -322,7 +321,6 @@ datasource "ds_google_objects" do request do auth $auth_google pagination $pagination_google - verb "GET" host "storage.googleapis.com" path join(["/storage/v1/b/", val(iter_item, "name"), "/o"]) ignore_status [403, 404] diff --git a/cost/google/object_storage_optimization/google_object_storage_optimization_meta_parent.pt b/cost/google/object_storage_optimization/google_object_storage_optimization_meta_parent.pt index c9ecd88d50..779acc8626 100644 --- a/cost/google/object_storage_optimization/google_object_storage_optimization_meta_parent.pt +++ b/cost/google/object_storage_optimization/google_object_storage_optimization_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "Google", - version: "3.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/cost/google/old_snapshots/README.md b/cost/google/old_snapshots/README.md index 5c3a05fb61..eabf3c405a 100644 --- a/cost/google/old_snapshots/README.md +++ b/cost/google/old_snapshots/README.md @@ -80,4 +80,4 @@ Additionally, this Policy Template requires that several APIs be enabled in your ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/recommender/README.md b/cost/google/recommender/README.md index 8a9acf09e0..3436f5dfe1 100644 --- a/cost/google/recommender/README.md +++ b/cost/google/recommender/README.md @@ -74,7 +74,7 @@ Additionally, this Policy Template requires that several APIs be enabled in your ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. ## API Quotas diff --git a/cost/google/rightsize_cloudsql_recommendations/README.md b/cost/google/rightsize_cloudsql_recommendations/README.md index 92418bf3ac..575ad2ba8f 100644 --- a/cost/google/rightsize_cloudsql_recommendations/README.md +++ b/cost/google/rightsize_cloudsql_recommendations/README.md @@ -84,7 +84,7 @@ Additionally, this Policy Template requires that several APIs be enabled in your ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. ## API Quotas diff --git a/cost/google/rightsize_vm_recommendations/README.md b/cost/google/rightsize_vm_recommendations/README.md index c28fe63ed4..60b71860f9 100644 --- a/cost/google/rightsize_vm_recommendations/README.md +++ b/cost/google/rightsize_vm_recommendations/README.md @@ -25,44 +25,6 @@ The policy includes the estimated monthly savings. The estimated monthly savings - The incident message detail includes the sum of each resource `Estimated Monthly Savings` as `Potential Monthly Savings`. - If the Flexera organization is configured to use a currency other than the one Google Recommender is reporting the savings estimates in, the savings values will be converted using the exchange rate at the time that the policy executes. -## Prerequisites - -This Policy Template requires that several APIs be enabled in your Google Cloud environment: - -- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) -- [Compute Engine API](https://console.cloud.google.com/flows/enableapi?apiid=compute.googleapis.com) -- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) - -This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). - -- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: - - Roles - - `Monitoring Viewer` - - `Compute Recommender Viewer` - - `Compute Recommender Admin`* - - - Permissions - - `recommender.computeInstanceMachineTypeRecommendations.list`† - - `recommender.computeInstanceIdleResourceRecommendations.list`† - - `resourcemanager.projects.get` - - `monitoring.metricDescriptors.list` - - `monitoring.timeSeries.list` - - `compute.instances.list` - - `compute.instances.get` - - `compute.instances.start`* - - `compute.instances.stop`* - - `compute.instances.setMachineType`* - - `compute.instances.delete`* - -† Only the permissions needed for the specific recommendations you're looking to produce are required. If using this policy only for idle recommendations, for example, `recommender.computeInstanceMachineTypeRecommendations.list` is not needed. - -\* Only required for taking action; the policy will still function in a read-only capacity without these permissions. - -- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: - - `billing_center_viewer` - -The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. - ## Input Parameters This policy has the following input parameters required when launching the policy. @@ -95,13 +57,45 @@ The following policy actions are taken on any resources found to be out of compl - Stop idle VM instances after approval - Delete idle VM instances after approval +## Prerequisites + +This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). + +- [**Google Cloud Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm#automationadmin_4083446696_1121577) (*provider=gce*) which has the following: + - `recommender.computeInstanceMachineTypeRecommendations.list`† + - `recommender.computeInstanceIdleResourceRecommendations.list`† + - `resourcemanager.projects.get` + - `monitoring.metricDescriptors.list` + - `monitoring.timeSeries.list` + - `compute.instances.list` + - `compute.instances.get` + - `compute.instances.start`* + - `compute.instances.stop`* + - `compute.instances.setMachineType`* + - `compute.instances.delete`* + + \* Only required for taking action; the policy will still function in a read-only capacity without these permissions. + + † Only the permissions needed for the specific recommendations you're looking to produce are required. If using this policy only for idle recommendations, for example, `recommender.computeInstanceMachineTypeRecommendations.list` is not needed. + +- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: + - `billing_center_viewer` + +The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers. + +Additionally, this Policy Template requires that several APIs be enabled in your Google Cloud environment: + +- [Cloud Resource Manager API](https://console.cloud.google.com/flows/enableapi?apiid=cloudresourcemanager.googleapis.com) +- [Compute Engine API](https://console.cloud.google.com/flows/enableapi?apiid=compute.googleapis.com) +- [Recommender API](https://console.cloud.google.com/flows/enableapi?apiid=recommender.googleapis.com) + ## Supported Clouds - Google ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. ## API Quotas diff --git a/cost/google/schedule_instance/README.md b/cost/google/schedule_instance/README.md index ab647c259c..f14b7f9321 100644 --- a/cost/google/schedule_instance/README.md +++ b/cost/google/schedule_instance/README.md @@ -23,7 +23,7 @@ The Schedule Label value is a string consisting of 2 or 3 underscore-separated ( - *Hours* - Start and stop hours are in 4-digit 24-hour format without any colons or other separator (`HHMM-HHMM`). For example, a value of `0815-1730` will start instances at 8:15am and stop them at 17:30 (5:30 pm). If the minute field is left blank, the minute value of `00` will be assumed. - *Days of the Week* - Hyphen-separated (`-`) list of days indicated by their two-letter abbreviation value from the following list: `su`,`mo`,`tu`,`we`,`th`,`fr`,`sa`. For example, a value of `mo-tu-we-th-fr` will start and stop the instances on weekdays (Monday-Friday) but not on weekends (Saturday or Sunday). -- Optional: *Timezone* - Timezone in [tz database format](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Due to limitations for Google Labels the `/` character is replaced with a hyphen (`-`), spaces (` `) replaced with underscores (`_`), and all characters converted to lowercase. For example, a schedule label value of `america-new_york` would translate to `America/New York`. Defaults to UTC if no Timezone value is defined in schedule. +- Optional: *Timezone* - Timezone in [tz database format](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Due to limitations for Google Labels, the `/` character is replaced with `-` and spaces are replaced with `_`. Additionally, all characters converted to lowercase. For example, a schedule label value of `america-new_york` would translate to `America/New York`. Defaults to UTC if no Timezone value is defined in schedule. ## Input Parameters @@ -79,9 +79,9 @@ This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Auto - `compute.instances.delete`† - `compute.instances.setLabels`* -† Only required for `Terminate Instance` Action; the policy will still start/stop instance without this permission. + \* Only required for `Update Schedule` Action; the policy will still start/stop instance without this permission. -\* Only required for `Update Schedule` Action; the policy will still start/stop instance without this permission. + † Only required for `Terminate Instance` Action; the policy will still start/stop instance without this permission. - [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles: - `billing_center_viewer` diff --git a/cost/google/unattached_volumes/CHANGELOG.md b/cost/google/unattached_volumes/CHANGELOG.md index dd4984eaa4..e84e7c3047 100644 --- a/cost/google/unattached_volumes/CHANGELOG.md +++ b/cost/google/unattached_volumes/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v2.10.3 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v2.10.2 - Added `deprecated` field to policy metadata. Functionality is unchanged. diff --git a/cost/google/unattached_volumes/README.md b/cost/google/unattached_volumes/README.md index 2b299ca289..32c8c92251 100644 --- a/cost/google/unattached_volumes/README.md +++ b/cost/google/unattached_volumes/README.md @@ -4,7 +4,7 @@ This policy is no longer being updated. The [Google Idle Persistent Disk Recommender](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_persistent_disk_recommendations/) policy should be used instead. -## What it does +## What It Does This Policy Template scans all volumes in the given account and identifies any unattached volumes that have been unattached for at least the number of user-specified days. If any are found, an incident report will show the volumes, and related information and an email will be sent to the user-specified email address. @@ -65,4 +65,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/unattached_volumes/google_delete_unattached_volumes.pt b/cost/google/unattached_volumes/google_delete_unattached_volumes.pt index f7d3af8675..ef2605ad12 100644 --- a/cost/google/unattached_volumes/google_delete_unattached_volumes.pt +++ b/cost/google/unattached_volumes/google_delete_unattached_volumes.pt @@ -6,7 +6,7 @@ category "Cost" severity "low" default_frequency "daily" info( - version: "2.10.2", + version: "2.10.3", provider:"Google", service: "Storage", policy_set: "Unused Volumes", @@ -94,7 +94,6 @@ datasource "ds_projects" do request do auth $auth_google host "cloudresourcemanager.googleapis.com" - verb "GET" path "/v1/projects" query "filter", "lifecycleState=ACTIVE" pagination $google_pagination @@ -112,7 +111,6 @@ datasource "ds_zones" do request do auth $auth_google host "compute.googleapis.com" - verb "GET" path join(["/compute/v1/projects/", val(iter_item, "projectId"), "/zones"]) query "project", val(iter_item, "projectId") pagination $google_pagination @@ -133,7 +131,6 @@ datasource "ds_volumes" do request do auth $auth_google host "compute.googleapis.com" - verb "GET" path join(["/compute/v1/projects/", val(iter_item, "projectId"), "/zones/", val(iter_item, "zone"), "/disks"]) query "project", val(iter_item, "project_name") pagination $google_pagination diff --git a/cost/google/unused_cloudsql_instances/README.md b/cost/google/unused_cloudsql_instances/README.md index 73f0754233..6c0fe0762b 100644 --- a/cost/google/unused_cloudsql_instances/README.md +++ b/cost/google/unused_cloudsql_instances/README.md @@ -4,11 +4,11 @@ This policy is no longer being updated. The [Google Idle Cloud SQL Instance Recommender](https://github.com/flexera-public/policy_templates/tree/master/cost/google/cloud_sql_idle_instance_recommendations/) policy should be used instead. -## What it does +## What It Does This Policy Template checks for unused CloudSQL instance in Google Compute Engine and then terminates them upon approval. -## Functional Details +## How It Works - If APIs & Services are not enabled for a project, the policy will skip that particular project. On the next run if APIs & Services are enabled, then the project will be considered for execution. - This policy uses the GCP API to identify unused CloudSQL instances using performance metrics from Google StackDriver and delivers a report for instances whose connections are below the thresholds set in the **DB Connections Threshold** parameter. These thresholds are what you would consider to be an used instance. @@ -54,4 +54,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/cost/google/unutilized_ip_addresses/README.md b/cost/google/unutilized_ip_addresses/README.md index c233f36780..b143b3c76f 100644 --- a/cost/google/unutilized_ip_addresses/README.md +++ b/cost/google/unutilized_ip_addresses/README.md @@ -4,11 +4,11 @@ This policy is no longer being updated. The [Google Idle IP Address Recommender](https://github.com/flexera-public/policy_templates/tree/master/cost/google/idle_ip_address_recommendations/) policy should be used instead. -## What it does +## What It Does Checks Google for Unutilized IP Addresses and deletes them after approval. -## Functional Details +## How It Works - If APIs & Services are not enabled for a project, the policy will skip that particular project. On the next run if APIs & Services are enabled, then the project will be considered for execution. - This policy uses Google Cloud to get a list of external IP addresses that are not in use. @@ -53,4 +53,4 @@ Required permissions in the provider: ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/data/policy_permissions_list/master_policy_permissions_list.json b/data/policy_permissions_list/master_policy_permissions_list.json index 674da91b9b..c5362ee0e9 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.json +++ b/data/policy_permissions_list/master_policy_permissions_list.json @@ -4996,7 +4996,7 @@ { "id": "./cost/google/cloud_run_anomaly_detection/google_cloud_run_anomaly_detection.pt", "name": "Google Cloud Run Anomaly Detection", - "version": "0.1.1", + "version": "0.1.3", "providers": [ { "name": "gce", @@ -5122,7 +5122,7 @@ { "id": "./cost/google/cud_recommendations/google_committed_use_discount_recommendations.pt", "name": "Google Committed Use Discount Recommender", - "version": "4.2", + "version": "4.2.1", "providers": [ { "name": "gce", @@ -5203,7 +5203,7 @@ { "id": "./cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations.pt", "name": "Google Idle IP Address Recommender", - "version": "4.2.0", + "version": "4.2.1", "providers": [ { "name": "gce", @@ -5229,19 +5229,6 @@ "required": false, "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions." } - ], - "roles": [ - { - "name": "Compute Recommender Viewer", - "read_only": true, - "required": true - }, - { - "name": "Compute Recommender Admin", - "read_only": false, - "required": false, - "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions." - } ] }, { @@ -5259,7 +5246,7 @@ { "id": "./cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt", "name": "Google Idle Persistent Disk Recommender", - "version": "4.2.0", + "version": "4.2.1", "providers": [ { "name": "gce", @@ -5324,24 +5311,6 @@ "required": false, "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions." } - ], - "roles": [ - { - "name": "Monitoring Viewer", - "read_only": true, - "required": true - }, - { - "name": "Compute Recommender Viewer", - "read_only": true, - "required": true - }, - { - "name": "Compute Recommender Admin", - "read_only": false, - "required": false, - "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions." - } ] }, { @@ -5359,7 +5328,7 @@ { "id": "./cost/google/object_storage_optimization/google_object_storage_optimization.pt", "name": "Google Object Storage Optimization", - "version": "3.0.0", + "version": "3.0.1", "providers": [ { "name": "gce", @@ -5720,24 +5689,6 @@ "required": false, "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions." } - ], - "roles": [ - { - "name": "Monitoring Viewer", - "read_only": true, - "required": true - }, - { - "name": "Compute Recommender Viewer", - "read_only": true, - "required": true - }, - { - "name": "Compute Recommender Admin", - "read_only": false, - "required": false, - "description": "Only required for taking action; the policy will still function in a read-only capacity without these permissions." - } ] }, { diff --git a/data/policy_permissions_list/master_policy_permissions_list.yaml b/data/policy_permissions_list/master_policy_permissions_list.yaml index 79c4a0d1dc..8b3c305cff 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.yaml +++ b/data/policy_permissions_list/master_policy_permissions_list.yaml @@ -2879,7 +2879,7 @@ required: true - id: "./cost/google/cloud_run_anomaly_detection/google_cloud_run_anomaly_detection.pt" name: Google Cloud Run Anomaly Detection - version: 0.1.1 + version: 0.1.3 :providers: - :name: gce :permissions: @@ -2953,7 +2953,7 @@ required: true - id: "./cost/google/cud_recommendations/google_committed_use_discount_recommendations.pt" name: Google Committed Use Discount Recommender - version: '4.2' + version: 4.2.1 :providers: - :name: gce :permissions: @@ -3000,7 +3000,7 @@ required: true - id: "./cost/google/idle_ip_address_recommendations/google_idle_ip_address_recommendations.pt" name: Google Idle IP Address Recommender - version: 4.2.0 + version: 4.2.1 :providers: - :name: gce :permissions: @@ -3018,15 +3018,6 @@ required: false description: Only required for taking action; the policy will still function in a read-only capacity without these permissions. - :roles: - - name: Compute Recommender Viewer - read_only: true - required: true - - name: Compute Recommender Admin - read_only: false - required: false - description: Only required for taking action; the policy will still function - in a read-only capacity without these permissions. - :name: flexera :permissions: - name: billing_center_viewer @@ -3034,7 +3025,7 @@ required: true - id: "./cost/google/idle_persistent_disk_recommendations/google_idle_persistent_disk_recommendations.pt" name: Google Idle Persistent Disk Recommender - version: 4.2.0 + version: 4.2.1 :providers: - :name: gce :permissions: @@ -3081,18 +3072,6 @@ required: false description: Only required for taking action; the policy will still function in a read-only capacity without these permissions. - :roles: - - name: Monitoring Viewer - read_only: true - required: true - - name: Compute Recommender Viewer - read_only: true - required: true - - name: Compute Recommender Admin - read_only: false - required: false - description: Only required for taking action; the policy will still function - in a read-only capacity without these permissions. - :name: flexera :permissions: - name: billing_center_viewer @@ -3100,7 +3079,7 @@ required: true - id: "./cost/google/object_storage_optimization/google_object_storage_optimization.pt" name: Google Object Storage Optimization - version: 3.0.0 + version: 3.0.1 :providers: - :name: gce :permissions: @@ -3335,18 +3314,6 @@ required: false description: Only required for taking action; the policy will still function in a read-only capacity without these permissions. - :roles: - - name: Monitoring Viewer - read_only: true - required: true - - name: Compute Recommender Viewer - read_only: true - required: true - - name: Compute Recommender Admin - read_only: false - required: false - description: Only required for taking action; the policy will still function - in a read-only capacity without these permissions. - :name: flexera :permissions: - name: billing_center_viewer